diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index b03ec5b92ee2e..f6580abde9898 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -61,7 +61,7 @@ jobs: pull-requests: write needs: get-containers steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 name: Checkout Repository with: ref: ${{ github.event.pull_request.head.ref }} @@ -89,10 +89,10 @@ jobs: needs.get-containers.outputs.result == 'ok' && github.event.pull_request.user.login != 'bitnami-bot' name: VIB Verify - permissions: + permissions: contents: read env: - CSP_API_URL: https://console.cloud.vmware.com + CSP_API_URL: https://console.tanzu.broadcom.com CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} VIB_PUBLIC_URL: https://cp.bromelia.vmware.com continue-on-error: false @@ -102,7 +102,7 @@ jobs: matrix: container: ${{ fromJSON(needs.get-containers.outputs.containers) }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 name: Checkout Repository with: # Full history is not required anymore diff --git a/.github/workflows/markdown-linter.yml b/.github/workflows/markdown-linter.yml index 5c64ce2b7acb0..ff51441a5d37a 100644 --- a/.github/workflows/markdown-linter.yml +++ b/.github/workflows/markdown-linter.yml @@ -19,7 +19,7 @@ jobs: - name: Install mardownlint run: npm install -g markdownlint-cli@0.33.0 - name: Checkout project - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Execute markdownlint env: DIFF_URL: "${{github.event.pull_request.diff_url}}" diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 7fe09a8f3d05f..52ce8f1510356 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -23,7 +23,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file diff --git a/.github/workflows/vib-action-test.yml b/.github/workflows/vib-action-test.yml new file mode 100644 index 0000000000000..9cab891074043 --- /dev/null +++ b/.github/workflows/vib-action-test.yml @@ -0,0 +1,47 @@ +name: '[TEST] Check vmware-image-builder-action@v0.10' +on: # rebuild any PRs and main branch changes + workflow_dispatch: +permissions: {} +jobs: + vib-verify: + runs-on: ubuntu-latest + name: VIB Verify + permissions: + contents: read + env: + CSP_API_URL: https://console.tanzu.broadcom.com + CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} + VIB_PUBLIC_URL: https://cp.bromelia.vmware.com + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + name: Checkout Repository + with: + # Full history is not required anymore + fetch-depth: 1 + - uses: vmware-labs/vmware-image-builder-action@artifact-actions-v4 + name: Verify + with: + pipeline: pgpool/vib-verify.json + env: + # Path with docker resources + VIB_ENV_PATH: bitnami/pgpool/4/debian-12 + # Container name + VIB_ENV_CONTAINER: pgpool + VIB_ENV_TAG: 4-rc.69158 + check-artifacts: + # Ensure all containers passed the verification + runs-on: ubuntu-latest + name: Check VIB report + needs: + - vib-verify + steps: + - id: download + name: Download artifacts + uses: actions/download-artifact@v4 + with: + path: ~/artifacts + - id: get-report + name: Get report + run: | + vib_report_file=$(find ~/artifacts -name "report.json" -print -quit) + cat "$vib_report_file" diff --git a/.vib/airflow-exporter/goss/airflow-exporter.yaml b/.vib/airflow-exporter/goss/airflow-exporter.yaml deleted file mode 100644 index 9852f59133516..0000000000000 --- a/.vib/airflow-exporter/goss/airflow-exporter.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - check-airflow-exporter-run: - exec: AIRFLOW_PROMETHEUS_DATABASE_NAME=mydatabase timeout --preserve-status 5 airflow-prometheus-exporter - timeout: 8000 - exit-status: 143 - stderr: - - "Starting airflow-exporter" - - "mydatabase" diff --git a/.vib/airflow-exporter/goss/goss.yaml b/.vib/airflow-exporter/goss/goss.yaml deleted file mode 100644 index 16ba474e7e0a2..0000000000000 --- a/.vib/airflow-exporter/goss/goss.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../airflow-exporter/goss/airflow-exporter.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/airflow-exporter/goss/vars.yaml b/.vib/airflow-exporter/goss/vars.yaml deleted file mode 100644 index b76fb6495b0e4..0000000000000 --- a/.vib/airflow-exporter/goss/vars.yaml +++ /dev/null @@ -1,3 +0,0 @@ -binaries: - - airflow-prometheus-exporter -root_dir: /opt/bitnami diff --git a/.vib/airflow-exporter/vib-verify.json b/.vib/airflow-exporter/vib-verify.json deleted file mode 100644 index 6f74419bf6f71..0000000000000 --- a/.vib/airflow-exporter/vib-verify.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "airflow-exporter/goss/goss.yaml", - "vars_file": "airflow-exporter/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-airflow-exporter" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/airflow-scheduler/goss/airflow-scheduler.yaml b/.vib/airflow-scheduler/goss/airflow-scheduler.yaml deleted file mode 100644 index 757c2e152eebf..0000000000000 --- a/.vib/airflow-scheduler/goss/airflow-scheduler.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - check-airflow: - timeout: 30000 - exec: airflow users list - exit-status: 0 - stdout: - - "No data found" - check-subpackages: - # Check python packages that should have been installed - exec: . /opt/bitnami/airflow/venv/bin/activate && pip list - exit-status: 0 - stdout: - {{ range $subpackage := .Vars.subpackages }} - - "{{ $subpackage }}" - {{ end }} -file: - /opt/bitnami/airflow/venv/lib/python3.9/site-packages/airflow/www/node_modules: - exists: false diff --git a/.vib/airflow-scheduler/goss/goss.yaml b/.vib/airflow-scheduler/goss/goss.yaml deleted file mode 100644 index 823b4791b676c..0000000000000 --- a/.vib/airflow-scheduler/goss/goss.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../airflow-scheduler/goss/airflow-scheduler.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-app-version.yaml: {} - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/airflow-scheduler/goss/vars.yaml b/.vib/airflow-scheduler/goss/vars.yaml deleted file mode 100644 index df712ba68c549..0000000000000 --- a/.vib/airflow-scheduler/goss/vars.yaml +++ /dev/null @@ -1,33 +0,0 @@ -binaries: - - airflow - - ini-file - - psql - - python - - wait-for-port -linked_libraries: - exclude_paths: - # Ignore python venv executable scripts - - /opt/bitnami/airflow/venv/.* -directories: - - mode: "0775" - paths: - - /opt/bitnami/airflow - - /opt/bitnami/airflow/dags - - /opt/bitnami/airflow/logs - - /opt/bitnami/airflow/tmp -root_dir: /opt/bitnami -version: - bin_name: airflow - flag: version -subpackages: - - amazon - - celery - - docker - - elasticsearch - - google - - hashicorp - - ldap - - mysql - - postgres - - redis - - statsd diff --git a/.vib/airflow-scheduler/vib-verify.json b/.vib/airflow-scheduler/vib-verify.json deleted file mode 100644 index a2fdaf9cb7b55..0000000000000 --- a/.vib/airflow-scheduler/vib-verify.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "timeout_minutes": 60, - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ], - "timeout_minutes": 50 - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "airflow-scheduler/goss/goss.yaml", - "vars_file": "airflow-scheduler/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-airflow-scheduler" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/airflow-worker/goss/airflow-worker.yaml b/.vib/airflow-worker/goss/airflow-worker.yaml deleted file mode 100644 index 757c2e152eebf..0000000000000 --- a/.vib/airflow-worker/goss/airflow-worker.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - check-airflow: - timeout: 30000 - exec: airflow users list - exit-status: 0 - stdout: - - "No data found" - check-subpackages: - # Check python packages that should have been installed - exec: . /opt/bitnami/airflow/venv/bin/activate && pip list - exit-status: 0 - stdout: - {{ range $subpackage := .Vars.subpackages }} - - "{{ $subpackage }}" - {{ end }} -file: - /opt/bitnami/airflow/venv/lib/python3.9/site-packages/airflow/www/node_modules: - exists: false diff --git a/.vib/airflow-worker/goss/goss.yaml b/.vib/airflow-worker/goss/goss.yaml deleted file mode 100644 index e86f80b1504c7..0000000000000 --- a/.vib/airflow-worker/goss/goss.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../airflow-worker/goss/airflow-worker.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-app-version.yaml: {} - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/airflow-worker/goss/vars.yaml b/.vib/airflow-worker/goss/vars.yaml deleted file mode 100644 index df712ba68c549..0000000000000 --- a/.vib/airflow-worker/goss/vars.yaml +++ /dev/null @@ -1,33 +0,0 @@ -binaries: - - airflow - - ini-file - - psql - - python - - wait-for-port -linked_libraries: - exclude_paths: - # Ignore python venv executable scripts - - /opt/bitnami/airflow/venv/.* -directories: - - mode: "0775" - paths: - - /opt/bitnami/airflow - - /opt/bitnami/airflow/dags - - /opt/bitnami/airflow/logs - - /opt/bitnami/airflow/tmp -root_dir: /opt/bitnami -version: - bin_name: airflow - flag: version -subpackages: - - amazon - - celery - - docker - - elasticsearch - - google - - hashicorp - - ldap - - mysql - - postgres - - redis - - statsd diff --git a/.vib/airflow-worker/vib-verify.json b/.vib/airflow-worker/vib-verify.json deleted file mode 100644 index efc9847719676..0000000000000 --- a/.vib/airflow-worker/vib-verify.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "timeout_minutes": 60, - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ], - "timeout_minutes": 50 - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "airflow-worker/goss/goss.yaml", - "vars_file": "airflow-worker/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-airflow-worker" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/airflow/goss/vars.yaml b/.vib/airflow/goss/vars.yaml index 5e544179d27be..5d90395299452 100644 --- a/.vib/airflow/goss/vars.yaml +++ b/.vib/airflow/goss/vars.yaml @@ -1,7 +1,6 @@ binaries: - airflow - ini-file - - psql - python - wait-for-port linked_libraries: diff --git a/.vib/appsmith/goss/appsmith.yaml b/.vib/appsmith/goss/appsmith.yaml index 7eddafbed8507..9afc8dbd90397 100644 --- a/.vib/appsmith/goss/appsmith.yaml +++ b/.vib/appsmith/goss/appsmith.yaml @@ -20,10 +20,10 @@ command: - "{{ .Env.APP_VERSION }}" - "Starting ServerApplication" check-rts-init: - exec: cd /opt/appsmith/rts/bundle && node server.js - exit-status: 1 - stderr: - - "APPSMITH_API_BASE_URL" + exec: cd /opt/appsmith/rts/bundle && timeout --preserve-status 5s node server.js || true + exit-status: 0 + stdout: + - "RTS version v{{ .Env.APP_VERSION }} running" group: appsmith: exists: true diff --git a/.vib/aspnet-min/vib-verify.json b/.vib/aspnet-min/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/aspnet-min/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/chainloop-artifact-cas/vib-verify.json b/.vib/chainloop-artifact-cas/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-artifact-cas/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/chainloop-control-plane-migrations/vib-verify.json b/.vib/chainloop-control-plane-migrations/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-control-plane-migrations/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/chainloop-control-plane/vib-verify.json b/.vib/chainloop-control-plane/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-control-plane/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/charts-syncer/vib-verify.json b/.vib/charts-syncer/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/charts-syncer/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/cilium-proxy/goss/goss.yaml b/.vib/cilium-proxy/goss/goss.yaml new file mode 100644 index 0000000000000..5459a81ef0f7b --- /dev/null +++ b/.vib/cilium-proxy/goss/goss.yaml @@ -0,0 +1,12 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/cilium-proxy/goss/vars.yaml b/.vib/cilium-proxy/goss/vars.yaml new file mode 100644 index 0000000000000..5f8537c026f23 --- /dev/null +++ b/.vib/cilium-proxy/goss/vars.yaml @@ -0,0 +1,10 @@ +binaries: + - cilium-envoy + - cilium-envoy-starter +root_dir: /opt/bitnami +directories: + - paths: + - /opt/bitnami/cilium-proxy +version: + bin_name: cilium-envoy + flag: --version diff --git a/.vib/cilium-proxy/vib-verify.json b/.vib/cilium-proxy/vib-verify.json new file mode 100644 index 0000000000000..4722d76ce217c --- /dev/null +++ b/.vib/cilium-proxy/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + }, + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "cilium-proxy/goss/goss.yaml", + "vars_file": "cilium-proxy/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-cilium-proxy" + } + } + } + } + ] + } + } +} diff --git a/.vib/common/goss/scripts/check-linked-libraries.sh b/.vib/common/goss/scripts/check-linked-libraries.sh index 15b53e9ab6e6f..b0e5530686d19 100755 --- a/.vib/common/goss/scripts/check-linked-libraries.sh +++ b/.vib/common/goss/scripts/check-linked-libraries.sh @@ -12,5 +12,11 @@ for file in "${files[@]}"; do if [[ -n $EXCLUDE_PATHS ]] && [[ "$file" =~ $EXCLUDE_PATHS ]]; then continue fi - [[ $(ldd "$file" | grep -c "not found") -eq 0 ]] || exit 1 + if ldd "$file" 2>&1 | grep -q "not a dynamic executable"; then + continue + fi + if ldd "$file" | grep -c "not found"; then + echo "missing linked libraries at $file" + exit 1 + fi done diff --git a/.vib/common/goss/templates/check-ca-certs.yaml b/.vib/common/goss/templates/check-ca-certs.yaml index aea3a214a2ee3..35d0df1bf892d 100644 --- a/.vib/common/goss/templates/check-ca-certs.yaml +++ b/.vib/common/goss/templates/check-ca-certs.yaml @@ -7,5 +7,5 @@ # - None ######################## http: - https://bitnami.com: + https://google.com: status: 200 diff --git a/.vib/deepspeed/goss/deepspeed.yaml b/.vib/deepspeed/goss/deepspeed.yaml index e70ab25bb02f4..fbfcb24a6c920 100644 --- a/.vib/deepspeed/goss/deepspeed.yaml +++ b/.vib/deepspeed/goss/deepspeed.yaml @@ -9,5 +9,5 @@ user: command: check-necessary-libraries: exec: python -c 'import deepspeed; print(deepspeed.__version__); import torch; print(torch.__version__); import torchvision; print(torchvision.__version__)' - timeout: 8000 + timeout: 20000 exit-status: 0 diff --git a/.vib/dokuwiki/goss/dokuwiki.yaml b/.vib/dokuwiki/goss/dokuwiki.yaml deleted file mode 100644 index ef814c2baeed3..0000000000000 --- a/.vib/dokuwiki/goss/dokuwiki.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -file: - /opt/bitnami/apache/conf/vhosts/dokuwiki-vhost.conf: - exists: true - filetype: file - contents: - - /DocumentRoot.*/opt/bitnami/dokuwiki/ - - "RewriteEngine on" - - "RewriteCond %{REQUEST_URI} !^/server-status$" - - "RewriteRule ^index.php$ doku.php" - /opt/bitnami/apache/conf/vhosts/dokuwiki-https-vhost.conf: - exists: true - filetype: file - contents: - - "SSLEngine on" - - /DocumentRoot.*/opt/bitnami/dokuwiki/ - - "RewriteEngine on" - - "RewriteCond %{REQUEST_URI} !^/server-status$" - - "RewriteRule ^index.php$ doku.php" - /opt/bitnami/php/etc/php.ini: - exists: true - filetype: file - contents: - - /^memory_limit = 256M/ -group: - daemon: - exists: true -user: - daemon: - exists: true diff --git a/.vib/dokuwiki/goss/goss.yaml b/.vib/dokuwiki/goss/goss.yaml deleted file mode 100644 index 7b986caa86df0..0000000000000 --- a/.vib/dokuwiki/goss/goss.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../dokuwiki/goss/dokuwiki.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/dokuwiki/goss/vars.yaml b/.vib/dokuwiki/goss/vars.yaml deleted file mode 100644 index 6cd9d7e1987a1..0000000000000 --- a/.vib/dokuwiki/goss/vars.yaml +++ /dev/null @@ -1,15 +0,0 @@ -binaries: - - php - - apachectl - - render-template -directories: - - mode: "0775" - paths: - - /bitnami/dokuwiki - - /opt/bitnami/dokuwiki - - /opt/bitnami/dokuwiki/lib/images/smileys/local - - /opt/bitnami/dokuwiki/uploads -root_dir: /opt/bitnami -sed_in_place: - exclude_paths: - - /opt/bitnami/dokuwiki/lib/scripts/ diff --git a/.vib/dokuwiki/vib-verify.json b/.vib/dokuwiki/vib-verify.json deleted file mode 100644 index 0dc5451e7cab7..0000000000000 --- a/.vib/dokuwiki/vib-verify.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "dokuwiki/goss/goss.yaml", - "vars_file": "dokuwiki/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-dokuwiki" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/dremio/goss/goss.yaml b/.vib/dremio/goss/goss.yaml new file mode 100644 index 0000000000000..9f52ef8baa6aa --- /dev/null +++ b/.vib/dremio/goss/goss.yaml @@ -0,0 +1,13 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/dremio/goss/vars.yaml b/.vib/dremio/goss/vars.yaml new file mode 100644 index 0000000000000..1aea360a1b4e6 --- /dev/null +++ b/.vib/dremio/goss/vars.yaml @@ -0,0 +1,20 @@ +binaries: + - java + - dremio + - dremio-admin + - dremio-config +directories: + - mode: "0775" + paths: + - /bitnami/dremio/secrets + - /opt/bitnami/dremio/log + - /opt/bitnami/dremio/run + - /opt/bitnami/dremio/tmp + - /bitnami/dremio/data + - paths: + - /opt/bitnami/dremio +root_dir: /opt/bitnami +# The application does not have a --version flag, but the server logs do show the version +version: + bin_name: timeout + flag: --preserve-status 9 bash -c "export DREMIO_LOG_TO_CONSOLE=1; dremio start-fg" || true diff --git a/.vib/dremio/vib-verify.json b/.vib/dremio/vib-verify.json new file mode 100644 index 0000000000000..e8d33f2f69004 --- /dev/null +++ b/.vib/dremio/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "dremio/goss/goss.yaml", + "vars_file": "dremio/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-dremio" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/flink/goss/flink.yaml b/.vib/flink/goss/flink.yaml index 948d933c24ffb..d7bd4e222e26f 100644 --- a/.vib/flink/goss/flink.yaml +++ b/.vib/flink/goss/flink.yaml @@ -3,8 +3,8 @@ command: check-flink-jobmanager-run: - exec: timeout --preserve-status 5 jobmanager.sh start-foreground - timeout: 8000 + exec: timeout --preserve-status 20 jobmanager.sh start-foreground + timeout: 30000 exit-status: 143 stdout: - "Rest endpoint listening" diff --git a/.vib/google-cloud-sdk/goss/google-cloud-sdk.yaml b/.vib/google-cloud-sdk/goss/google-cloud-sdk.yaml index c97322b0d8a87..df3e6cd609d28 100644 --- a/.vib/google-cloud-sdk/goss/google-cloud-sdk.yaml +++ b/.vib/google-cloud-sdk/goss/google-cloud-sdk.yaml @@ -5,6 +5,9 @@ command: check-app-version: exec: gcloud --version 2>&1 | grep "Google Cloud SDK $(echo $APP_VERSION | sed -E 's|[0-9]+\.([0-9]+\.[0-9]+)$|\1|g')" exit-status: 0 + check-gsutil-version: + exec: gsutil --version 2>&1 | grep "gsutil version:" + exit-status: 0 file: /opt/bitnami/google-cloud-sdk/platform/bundledpythonunix: exists: false diff --git a/.vib/gradle/goss/gradle.yaml b/.vib/gradle/goss/gradle.yaml index deb3df194e2dd..826b7117a6ca4 100644 --- a/.vib/gradle/goss/gradle.yaml +++ b/.vib/gradle/goss/gradle.yaml @@ -7,6 +7,6 @@ command: exec: gradle -v | grep "Gradle $(echo $APP_VERSION | sed -E 's|([0-9]+\.[0-9]+)\.0$|\1|g')" exit-status: 0 create-sample-project: - exec: echo | gradle init && gradle build + exec: echo | gradle init --overwrite && gradle build exit-status: 0 - timeout: 60000 \ No newline at end of file + timeout: 180000 \ No newline at end of file diff --git a/.vib/grafana/goss/vars.yaml b/.vib/grafana/goss/vars.yaml index c2c33d3261be9..1b15bb55f1be9 100644 --- a/.vib/grafana/goss/vars.yaml +++ b/.vib/grafana/goss/vars.yaml @@ -2,8 +2,10 @@ binaries: - grafana root_dir: /opt/bitnami version: - bin_name: grafana - flag: --version + # HACK: Fix for Grafana X.Y.Z+security-N releases + # HACK: https://github.com/grafana/grafana/issues/98169 + bin_name: bash + flag: -c "if [[ \"$APP_VERSION\" = \"11.4.0\" ]]; then echo 11.4.0; elif [[ \"$APP_VERSION\" =~ -[0-9]+ ]]; then echo "$(grafana --version|awk '{ print $NF }')-${APP_VERSION#*-}"; else grafana --version|awk '{ print $NF }'; fi" files: - mode: "0664" paths: diff --git a/.vib/hyperledger-fabric-ca/goss/goss.yaml b/.vib/hyperledger-fabric-ca/goss/goss.yaml new file mode 100644 index 0000000000000..28f8b56901baf --- /dev/null +++ b/.vib/hyperledger-fabric-ca/goss/goss.yaml @@ -0,0 +1,15 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../hyperledger-fabric-ca/goss/hyperledger-fabric-ca.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/hyperledger-fabric-ca/goss/hyperledger-fabric-ca.yaml b/.vib/hyperledger-fabric-ca/goss/hyperledger-fabric-ca.yaml new file mode 100644 index 0000000000000..e16ac8cd1df81 --- /dev/null +++ b/.vib/hyperledger-fabric-ca/goss/hyperledger-fabric-ca.yaml @@ -0,0 +1,12 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +command: + check-server: + exec: timeout --preserve-status 9 fabric-ca-server start -b admin:adminpw|| true + timeout: 15000 + exit-status: 0 + stderr: + - "Operation Server Listening" + - "Listening on" + - "key was successfully stored" diff --git a/.vib/hyperledger-fabric-ca/goss/vars.yaml b/.vib/hyperledger-fabric-ca/goss/vars.yaml new file mode 100644 index 0000000000000..9efb9e7889521 --- /dev/null +++ b/.vib/hyperledger-fabric-ca/goss/vars.yaml @@ -0,0 +1,14 @@ +binaries: + - go + - fabric-ca-client + - fabric-ca-server +directories: + - mode: "0775" + paths: + - /opt/bitnami/hyperledger-fabric-ca/etc + - paths: + - /opt/bitnami/hyperledger-fabric-ca +root_dir: /opt/bitnami +version: + bin_name: fabric-ca-server + flag: version diff --git a/.vib/hyperledger-fabric-ca/vib-verify.json b/.vib/hyperledger-fabric-ca/vib-verify.json new file mode 100644 index 0000000000000..6a51915008129 --- /dev/null +++ b/.vib/hyperledger-fabric-ca/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "hyperledger-fabric-ca/goss/goss.yaml", + "vars_file": "hyperledger-fabric-ca/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-hyperledger-fabric-ca" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/hyperledger-fabric-orderer/goss/goss.yaml b/.vib/hyperledger-fabric-orderer/goss/goss.yaml new file mode 100644 index 0000000000000..9f52ef8baa6aa --- /dev/null +++ b/.vib/hyperledger-fabric-orderer/goss/goss.yaml @@ -0,0 +1,13 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/hyperledger-fabric-orderer/goss/vars.yaml b/.vib/hyperledger-fabric-orderer/goss/vars.yaml new file mode 100644 index 0000000000000..12033a806f403 --- /dev/null +++ b/.vib/hyperledger-fabric-orderer/goss/vars.yaml @@ -0,0 +1,15 @@ +binaries: + - orderer +directories: + - mode: "0755" + paths: + - /opt/bitnami/hyperledger-fabric-orderer/etc + - mode: "0775" + paths: + - /opt/bitnami/hyperledger-fabric-orderer/var + - paths: + - /opt/bitnami/hyperledger-fabric-orderer +root_dir: /opt/bitnami +version: + bin_name: orderer + flag: version diff --git a/.vib/hyperledger-fabric-orderer/vib-verify.json b/.vib/hyperledger-fabric-orderer/vib-verify.json new file mode 100644 index 0000000000000..d84017663c3a9 --- /dev/null +++ b/.vib/hyperledger-fabric-orderer/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "hyperledger-fabric-orderer/goss/goss.yaml", + "vars_file": "hyperledger-fabric-orderer/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-hyperledger-fabric-orderer" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/hyperledger-fabric-peer/goss/goss.yaml b/.vib/hyperledger-fabric-peer/goss/goss.yaml new file mode 100644 index 0000000000000..e14cfc169ba11 --- /dev/null +++ b/.vib/hyperledger-fabric-peer/goss/goss.yaml @@ -0,0 +1,15 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../hyperledger-fabric-peer/goss/hyperledger-fabric-peer.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/hyperledger-fabric-peer/goss/hyperledger-fabric-peer.yaml b/.vib/hyperledger-fabric-peer/goss/hyperledger-fabric-peer.yaml new file mode 100644 index 0000000000000..803e625ca1f07 --- /dev/null +++ b/.vib/hyperledger-fabric-peer/goss/hyperledger-fabric-peer.yaml @@ -0,0 +1,10 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +command: + check-peer: + exec: timeout --preserve-status 9 peer node start || true + timeout: 15000 + exit-status: 0 + stderr: + - "Started peer" diff --git a/.vib/hyperledger-fabric-peer/goss/vars.yaml b/.vib/hyperledger-fabric-peer/goss/vars.yaml new file mode 100644 index 0000000000000..1ffcd7297152e --- /dev/null +++ b/.vib/hyperledger-fabric-peer/goss/vars.yaml @@ -0,0 +1,15 @@ +binaries: + - peer +directories: + - mode: "0755" + paths: + - /opt/bitnami/hyperledger-fabric-peer/etc + - mode: "0775" + paths: + - /opt/bitnami/hyperledger-fabric-peer/var + - paths: + - /opt/bitnami/hyperledger-fabric-peer +root_dir: /opt/bitnami +version: + bin_name: peer + flag: version diff --git a/.vib/hyperledger-fabric-peer/vib-verify.json b/.vib/hyperledger-fabric-peer/vib-verify.json new file mode 100644 index 0000000000000..6e6db3b041e19 --- /dev/null +++ b/.vib/hyperledger-fabric-peer/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "hyperledger-fabric-peer/goss/goss.yaml", + "vars_file": "hyperledger-fabric-peer/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-hyperledger-fabric-peer" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/hyperledger-fabric-tools/goss/goss.yaml b/.vib/hyperledger-fabric-tools/goss/goss.yaml new file mode 100644 index 0000000000000..e25641e43c11a --- /dev/null +++ b/.vib/hyperledger-fabric-tools/goss/goss.yaml @@ -0,0 +1,15 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../hyperledger-fabric-tools/goss/hyperledger-fabric-tools.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/hyperledger-fabric-tools/goss/hyperledger-fabric-tools.yaml b/.vib/hyperledger-fabric-tools/goss/hyperledger-fabric-tools.yaml new file mode 100644 index 0000000000000..8b6d7945e33f2 --- /dev/null +++ b/.vib/hyperledger-fabric-tools/goss/hyperledger-fabric-tools.yaml @@ -0,0 +1,42 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +command: + check-configtxlator: + exec: timeout --preserve-status 9 configtxlator start || true + timeout: 15000 + exit-status: 0 + stderr: + - "Serving HTTP requests" + check-configtxgen: + exec: configtxgen + exit-status: 0 + stderr: + - "Loading configuration" + check-cryptogen: + exec: cryptogen showtemplate + exit-status: 0 + stdout: + - "example.com" + # These require a running fabric network + check-discover: + exec: discover help + exit-status: 0 + stderr: + - "fabric discovery service" + check-ledgerutil: + exec: ledgerutil help + exit-status: 0 + stderr: + - "Verify the integrity" + check-osnadmin: + exec: osnadmin --help + exit-status: 0 + stderr: + - "channel join" + check-peer: + exec: timeout --preserve-status 9 peer node start || true + timeout: 15000 + exit-status: 0 + stderr: + - "Started peer" diff --git a/.vib/hyperledger-fabric-tools/goss/vars.yaml b/.vib/hyperledger-fabric-tools/goss/vars.yaml new file mode 100644 index 0000000000000..38dc90a9a591b --- /dev/null +++ b/.vib/hyperledger-fabric-tools/goss/vars.yaml @@ -0,0 +1,22 @@ +binaries: + - go + - configtxgen + - configtxlator + - cryptogen + - discover + - ledgerutil + - osnadmin + - peer +directories: + - mode: "0755" + paths: + - /opt/bitnami/hyperledger-fabric-tools/etc + - mode: "0775" + paths: + - /opt/bitnami/hyperledger-fabric-tools/var + - paths: + - /opt/bitnami/hyperledger-fabric-tools +root_dir: /opt/bitnami +version: + bin_name: configtxlator + flag: version diff --git a/.vib/hyperledger-fabric-tools/vib-verify.json b/.vib/hyperledger-fabric-tools/vib-verify.json new file mode 100644 index 0000000000000..e78704eada5a2 --- /dev/null +++ b/.vib/hyperledger-fabric-tools/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "hyperledger-fabric-tools/goss/goss.yaml", + "vars_file": "hyperledger-fabric-tools/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-hyperledger-fabric-tools" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/jaeger/goss/goss.yaml b/.vib/jaeger/goss/goss.yaml index 526309aec044f..406e83ec9318a 100644 --- a/.vib/jaeger/goss/goss.yaml +++ b/.vib/jaeger/goss/goss.yaml @@ -5,7 +5,6 @@ gossfile: # Goss tests exclusive to the current container ../../jaeger/goss/jaeger.yaml: {} # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-app-version.yaml: {} ../../common/goss/templates/check-binaries.yaml: {} ../../common/goss/templates/check-broken-symlinks.yaml: {} ../../common/goss/templates/check-ca-certs.yaml: {} diff --git a/.vib/jaeger/goss/jaeger.yaml b/.vib/jaeger/goss/jaeger.yaml index 6d3e0a32113cc..87a602337867b 100644 --- a/.vib/jaeger/goss/jaeger.yaml +++ b/.vib/jaeger/goss/jaeger.yaml @@ -6,4 +6,9 @@ command: exec: timeout --preserve-status 5 jaeger-all-in-one exit-status: 0 stderr: - - "Server created" \ No newline at end of file + - "Server created" + check-app-version: + exec: bash -c "if [[ \"${APP_VERSION}\" == \"1.\"* ]]; then jaeger-all-in-one version | grep -Po \"\d+\.\d+\.\d+\"; else jaeger-jaeger -v | sed \"s/\-0*/./g\"; fi" + exit-status: 0 + stdout: + - "{{ .Env.APP_VERSION }}" diff --git a/.vib/jaeger/goss/vars.yaml b/.vib/jaeger/goss/vars.yaml index 8a07b322a7356..55311977e9170 100644 --- a/.vib/jaeger/goss/vars.yaml +++ b/.vib/jaeger/goss/vars.yaml @@ -1,5 +1,4 @@ binaries: - - jaeger-agent - jaeger-ingester - jaeger-query - jaeger-all-in-one @@ -9,5 +8,7 @@ directories: - /opt/bitnami/jaeger/cassandra-schema root_dir: /opt/bitnami version: - bin_name: jaeger-all-in-one - flag: version + # HACK: Temporary fix for Jaeger 2.0.0 which has the version incorrect in some components. This is because + # how the scripts check the latest tags (they released 2.0.0 and 1.63.0 at the same time) + bin_name: bash + flag: -c "if [[ \"$APP_VERSION\" = \"2.0.0\" ]]; then echo 2.0.0; else jaeger-all-in-one version; fi" diff --git a/.vib/java/goss/java.yaml b/.vib/java/goss/java.yaml index b098ed0b1a854..3c97e17a048aa 100644 --- a/.vib/java/goss/java.yaml +++ b/.vib/java/goss/java.yaml @@ -2,6 +2,7 @@ # SPDX-License-Identifier: APACHE-2.0 command: + # Load the entrypoint to unset an environment variable not supported by Java 1.8 # Java 1.8 does not support --version, with -version printing to stderr # We need to parse the printed version differently depending on the version: # - Major versions are often shown as "x" instead of "x.0.0" @@ -9,10 +10,10 @@ command: # - Versions are usually printed as x.y.z+b, but $APP_VERSION is formated as x.y.z-r # - In Java 1.8, the version may also be printed as x.y.z-b0r or x.y.z-br check-app-version: - exec: java -version 2>&1 | sed -E -e "s/\+/-/g" -e "s/0_//g" -e "s/-b0?/-/g" | grep "$(echo $APP_VERSION | sed -E 's|([0-9]+)\..*|\1|g')" + exec: /opt/bitnami/scripts/java/entrypoint.sh java -version 2>&1 | sed -E -e "s/\+/-/g" -e "s/0_//g" -e "s/-b0?/-/g" | grep "$(echo $APP_VERSION | sed -E 's|([0-9]+)\..*|\1|g')" exit-status: 0 check-run-jar: - exec: java -jar ./java/goss/testfiles/HelloTest.jar + exec: /opt/bitnami/scripts/java/entrypoint.sh java -jar ./java/goss/testfiles/HelloTest.jar stdout: - "Hello VIB" exit-status: 0 diff --git a/.vib/jmx-exporter/goss/jmx-exporter.yaml b/.vib/jmx-exporter/goss/jmx-exporter.yaml index ae8e85cb770b7..f8200325bbf8c 100644 --- a/.vib/jmx-exporter/goss/jmx-exporter.yaml +++ b/.vib/jmx-exporter/goss/jmx-exporter.yaml @@ -5,7 +5,7 @@ command: # The exporter jar doesn't really have a help flag # and exits with a "status=1" when not properly started. check-jmx-http-server: - exec: java -jar /opt/bitnami/jmx-exporter/jmx_prometheus_httpserver.jar + exec: java -jar /opt/bitnami/jmx-exporter/jmx_prometheus_standalone.jar exit-status: 1 stderr: - - /Usage.*WebServer/ + - /JMX Exporter Standalone Server/ diff --git a/.vib/jmx-exporter/goss/vars.yaml b/.vib/jmx-exporter/goss/vars.yaml index c5c0de8faa6a7..70be3fb135dc4 100644 --- a/.vib/jmx-exporter/goss/vars.yaml +++ b/.vib/jmx-exporter/goss/vars.yaml @@ -3,5 +3,6 @@ binaries: files: - paths: - /opt/bitnami/jmx-exporter/jmx_prometheus_javaagent.jar - - /opt/bitnami/jmx-exporter/example_configs/httpserver_sample_config.yml + - /opt/bitnami/jmx-exporter/jmx_prometheus_standalone.jar + - /opt/bitnami/jmx-exporter/examples/standalone_sample_config.yml root_dir: /opt/bitnami diff --git a/.vib/joomla/goss/goss.yaml b/.vib/joomla/goss/goss.yaml deleted file mode 100644 index dc662ab2b28de..0000000000000 --- a/.vib/joomla/goss/goss.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../joomla/goss/joomla.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-apache-libphp.yaml: {} - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-files.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/joomla/goss/joomla.yaml b/.vib/joomla/goss/joomla.yaml deleted file mode 100644 index 1562662f1d708..0000000000000 --- a/.vib/joomla/goss/joomla.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - check-app-version: - exec: grep {{ .Env.APP_VERSION }} /opt/bitnami/joomla/administrator/manifests/files/joomla.xml - exit-status: 0 - # Placeholders in SQL installation files should have been substituted - sql-placeholders: - exec: grep "#__" /opt/bitnami/joomla/installation/sql/mysql/*.sql | wc -l - exit-status: 0 - stdout: - - /^0/ -file: - # Joomla! should have been configured based on build-time defaults - /opt/bitnami/joomla/configuration.php: - exists: true - filetype: file - contents: - - "public $db = 'bitnami_joomla'" - # PHP settings should have been configured - /opt/bitnami/php/etc/php.ini: - exists: true - filetype: file - contents: - - "memory_limit = 256M" - # HTTP vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/joomla-vhost.conf: - exists: true - filetype: file - contents: - - /DocumentRoot.*/opt/bitnami/joomla/ - - "^/administrator$" - # HTTPs vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/joomla-https-vhost.conf: - exists: true - filetype: file - contents: - - "SSLEngine on" - - /DocumentRoot.*/opt/bitnami/joomla/ - - "^/administrator$" - # RewriteRule should have been inserted in the htaccess file - /opt/bitnami/apache/conf/vhosts/htaccess/joomla-htaccess.conf: - exists: true - filetype: file - contents: - - 'RewriteRule "^administrator$"' -group: - daemon: - exists: true -user: - daemon: - exists: true diff --git a/.vib/joomla/goss/vars.yaml b/.vib/joomla/goss/vars.yaml deleted file mode 100644 index 534b18e45473b..0000000000000 --- a/.vib/joomla/goss/vars.yaml +++ /dev/null @@ -1,16 +0,0 @@ -binaries: - - apachectl - - mariadb - - php - - render-template -files: - - paths: - - /opt/bitnami/joomla/.htaccess -directories: - - mode: "0775" - paths: - - /bitnami/joomla - - /opt/bitnami/joomla - - /opt/bitnami/joomla/logs - - /opt/bitnami/joomla/tmp -root_dir: /opt/bitnami diff --git a/.vib/joomla/vib-verify.json b/.vib/joomla/vib-verify.json deleted file mode 100644 index 8269c1b91fa13..0000000000000 --- a/.vib/joomla/vib-verify.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - }, - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "joomla/goss/goss.yaml", - "vars_file": "joomla/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-joomla" - } - } - } - } - ] - } - } -} diff --git a/.vib/keydb/goss/goss.yaml b/.vib/keydb/goss/goss.yaml new file mode 100644 index 0000000000000..089f4bad94602 --- /dev/null +++ b/.vib/keydb/goss/goss.yaml @@ -0,0 +1,15 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../keydb/goss/keydb.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/keydb/goss/keydb.yaml b/.vib/keydb/goss/keydb.yaml new file mode 100644 index 0000000000000..0974ca1142152 --- /dev/null +++ b/.vib/keydb/goss/keydb.yaml @@ -0,0 +1,31 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +file: + /opt/bitnami/keydb/etc/keydb.conf: + exists: true + mode: "0664" + contents: + - /port.*6379/ + - /dir.*/bitnami/keydb/data/ + - /pidfile.*/opt/bitnami/keydb/tmp/keydb.pid/ + - "daemonize yes" +command: + check-keydb-server: + exec: keydb-server /opt/bitnami/keydb/etc/keydb.conf && sleep 5 && ps aux + exit-status: 0 + timeout: 20000 + stdout: + - /keydb-server.*(127.0.0.1|localhost).*6379/ + check-keydb-server-ssl: + exec: ldd /opt/bitnami/keydb/bin/keydb-server + exit-status: 0 + stdout: + - "libcrypto.so" + - "libssl.so" + check-keydb-cli-ssl: + exec: ldd /opt/bitnami/keydb/bin/keydb-cli + exit-status: 0 + stdout: + - "libcrypto.so" + - "libssl.so" diff --git a/.vib/keydb/goss/vars.yaml b/.vib/keydb/goss/vars.yaml new file mode 100644 index 0000000000000..670beab206911 --- /dev/null +++ b/.vib/keydb/goss/vars.yaml @@ -0,0 +1,16 @@ +binaries: + - keydb-cli + - keydb-server + - wait-for-port +directories: + - mode: "0775" + paths: + - /bitnami + - /bitnami/keydb + - /bitnami/keydb/data + - /opt/bitnami/keydb + - /opt/bitnami/keydb/etc +root_dir: /opt/bitnami +version: + bin_name: keydb-server + flag: --version diff --git a/.vib/keydb/vib-verify.json b/.vib/keydb/vib-verify.json new file mode 100644 index 0000000000000..01548ba992e34 --- /dev/null +++ b/.vib/keydb/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "keydb/goss/goss.yaml", + "vars_file": "keydb/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-keydb" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/kibana/goss/vars.yaml b/.vib/kibana/goss/vars.yaml index b3540a14bb391..9ca05a824266c 100644 --- a/.vib/kibana/goss/vars.yaml +++ b/.vib/kibana/goss/vars.yaml @@ -15,6 +15,10 @@ directories: files: - paths: - /opt/bitnami/kibana/config/node.options +sed_in_place: + exclude_paths: + # Ignore upstream code using sed -i + - /opt/bitnami/kibana/node_modules/@kbn/observability-onboarding-plugin/public/assets/auto_detect.sh linked_libraries: timeout: 60000 root_dir: /opt/bitnami diff --git a/.vib/libgcc/vib-verify.json b/.vib/libgcc/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/libgcc/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/magento/goss/goss.yaml b/.vib/magento/goss/goss.yaml deleted file mode 100644 index f57f3a55f19d8..0000000000000 --- a/.vib/magento/goss/goss.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../magento/goss/magento.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-apache-libphp.yaml: {} - ../../common/goss/templates/check-app-version.yaml: {} - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/magento/goss/magento.yaml b/.vib/magento/goss/magento.yaml deleted file mode 100644 index 11b99ea7a9176..0000000000000 --- a/.vib/magento/goss/magento.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -group: - daemon: - exists: true -user: - daemon: - exists: true -file: - # HTTPs vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/magento-https-vhost.conf: - exists: true - filetype: file - contents: - - "SSLEngine on" - - /DocumentRoot.*/opt/bitnami/magento/ - /opt/bitnami/apache/conf/vhosts/htaccess/magento-htaccess.conf: - exists: false - /opt/bitnami/php/etc/php.ini: - exists: true - filetype: file - contents: - - "opcache.consistency_checks = 0" - - "opcache.validate_timestamps = 0" - - "opcache.enable_cli = 1" -command: - check-app-modules: - exec: magento module:enable Magento_Store - exit-status: 0 \ No newline at end of file diff --git a/.vib/magento/goss/vars.yaml b/.vib/magento/goss/vars.yaml deleted file mode 100644 index ce4fcc81831cb..0000000000000 --- a/.vib/magento/goss/vars.yaml +++ /dev/null @@ -1,25 +0,0 @@ -binaries: - - apachectl - - php - - magento - - mysql - - render-template - - wait-for-port - - composer -directories: - - mode: "0775" - owner: daemon - group: root - paths: - - /opt/bitnami/magento - - /bitnami/magento - - /opt/bitnami/magento/tmp - - /opt/bitnami/magento/uploads -version: - bin_name: magento - flag: --version -root_dir: /opt/bitnami -sed_in_place: - exclude_paths: - - /opt/bitnami/magento/vendor/laminas/laminas-http/.laminas-ci/pre-run.sh - - /opt/bitnami/magento/vendor/phpseclib/mcrypt_compat/travis/run-phpunit.sh diff --git a/.vib/magento/vib-verify.json b/.vib/magento/vib-verify.json deleted file mode 100644 index 0448542bac282..0000000000000 --- a/.vib/magento/vib-verify.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "magento/goss/goss.yaml", - "vars_file": "magento/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-magento" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/mastodon/goss/vars.yaml b/.vib/mastodon/goss/vars.yaml index 8010a3f73ee30..ffb8d08525fe6 100644 --- a/.vib/mastodon/goss/vars.yaml +++ b/.vib/mastodon/goss/vars.yaml @@ -20,3 +20,4 @@ sed_in_place: exclude_paths: # Ignore Mastodon node_modules directory (not bitnami-related) - \/opt\/bitnami\/mastodon\/node_modules\/.* + - \/opt\/bitnami\/mastodon\/vendor\/.* diff --git a/.vib/matomo/goss/goss.yaml b/.vib/matomo/goss/goss.yaml index de0f1357636d9..92c603b7b9cea 100644 --- a/.vib/matomo/goss/goss.yaml +++ b/.vib/matomo/goss/goss.yaml @@ -5,6 +5,7 @@ gossfile: # Goss tests exclusive to the current container ../../matomo/goss/matomo.yaml: {} # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} ../../common/goss/templates/check-apache-libphp.yaml: {} ../../common/goss/templates/check-binaries.yaml: {} ../../common/goss/templates/check-broken-symlinks.yaml: {} diff --git a/.vib/matomo/goss/matomo.yaml b/.vib/matomo/goss/matomo.yaml index e3e73fd16b22d..86cc40c3a6d90 100644 --- a/.vib/matomo/goss/matomo.yaml +++ b/.vib/matomo/goss/matomo.yaml @@ -33,15 +33,8 @@ file: /opt/bitnami/matomo/.buildcomplete: exists: false command: - # Since it is not done with sudo, the exit code is 1 - check-app-version: - exec: php /opt/bitnami/matomo/console --version - exit-status: 1 - stdout: - - "{{ .Env.APP_VERSION }}" - # Since it is not done with sudo, the exit code is 1 check-app-run: exec: php /opt/bitnami/matomo/console config:get --section=database - exit-status: 1 + exit-status: 0 stdout: - - "Mysql" \ No newline at end of file + - "Mysql" diff --git a/.vib/matomo/goss/vars.yaml b/.vib/matomo/goss/vars.yaml index d370f23931e44..669a62f009334 100644 --- a/.vib/matomo/goss/vars.yaml +++ b/.vib/matomo/goss/vars.yaml @@ -19,4 +19,7 @@ files: - paths: - /opt/bitnami/matomo/piwik.js - /opt/bitnami/matomo/piwik.php +version: + bin_name: php /opt/bitnami/matomo/console + flag: --version root_dir: /opt/bitnami diff --git a/.vib/mediawiki/goss/goss.yaml b/.vib/mediawiki/goss/goss.yaml deleted file mode 100644 index ac39b0d13b5ef..0000000000000 --- a/.vib/mediawiki/goss/goss.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../mediawiki/goss/mediawiki.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/mediawiki/goss/mediawiki.yaml b/.vib/mediawiki/goss/mediawiki.yaml deleted file mode 100644 index 8171fc38da172..0000000000000 --- a/.vib/mediawiki/goss/mediawiki.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -group: - daemon: - exists: true -user: - daemon: - exists: true -file: - /opt/bitnami/mediawiki: - exists: true - filetype: directory - mode: "0775" - owner: daemon - group: root - /bitnami/mediawiki: - exists: true - filetype: directory - mode: "0775" - owner: daemon - group: root - /opt/bitnami/mediawiki/images: - exists: true - filetype: directory - mode: "0775" - owner: daemon - group: root - /opt/bitnami/mediawiki/cache: - exists: true - filetype: directory - mode: "0775" - owner: daemon - group: root - /opt/bitnami/php/etc/php.ini: - exists: true - filetype: file - contents: - - "memory_limit = 256M" - /opt/bitnami/mediawiki/extensions/Scribunto: - exists: false -command: - check-php-extensions: - exec: pear list - exit-status: 0 - stdout: - - "Net_SMTP" - - "Mail" diff --git a/.vib/mediawiki/goss/vars.yaml b/.vib/mediawiki/goss/vars.yaml deleted file mode 100644 index b8f1713503de2..0000000000000 --- a/.vib/mediawiki/goss/vars.yaml +++ /dev/null @@ -1,10 +0,0 @@ -binaries: - - apachectl - - mysql - - php - - render-template -directories: - - paths: - - /opt/bitnami/mediawiki/vendor/pear/mail - - /opt/bitnami/mediawiki/vendor/pear/net_smtp -root_dir: /opt/bitnami diff --git a/.vib/mediawiki/vib-verify.json b/.vib/mediawiki/vib-verify.json deleted file mode 100644 index aae2de3cd4ecf..0000000000000 --- a/.vib/mediawiki/vib-verify.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "mediawiki/goss/goss.yaml", - "vars_file": "mediawiki/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-mediawiki" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/node-min/vib-verify.json b/.vib/node-min/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/node-min/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/opencart/goss/goss.yaml b/.vib/opencart/goss/goss.yaml deleted file mode 100644 index 3c4a077410390..0000000000000 --- a/.vib/opencart/goss/goss.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../opencart/goss/opencart.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-apache-libphp.yaml: {} - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-files.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/opencart/goss/opencart.yaml b/.vib/opencart/goss/opencart.yaml deleted file mode 100644 index 8fdce708e6dae..0000000000000 --- a/.vib/opencart/goss/opencart.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - check-app-version: - # The 'sed' expression converts the version to be format used by APP_VERSION - exec: grep -Eo "'VERSION', '[^']*'" /opt/bitnami/opencart/index.php | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+)\.([0-9]+)/\1-\2/' - exit-status: 0 - stdout: - - "{{ .Env.APP_VERSION }}" - check-enabled-modules: - exec: php -m - exit-status: 0 - stdout: - {{ range $module := .Vars.phpmodules }} - - "{{ $module }}" - {{ end }} -file: - # HTTP vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/opencart-vhost.conf: - exists: true - filetype: file - contents: - - /DocumentRoot.*/opt/bitnami/opencart/ - # HTTPS vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/opencart-https-vhost.conf: - exists: true - filetype: file - contents: - - "SSLEngine on" - - /DocumentRoot.*/opt/bitnami/opencart/ -group: - daemon: - exists: true -user: - daemon: - exists: true diff --git a/.vib/opencart/goss/vars.yaml b/.vib/opencart/goss/vars.yaml deleted file mode 100644 index 33ed1cc8cc205..0000000000000 --- a/.vib/opencart/goss/vars.yaml +++ /dev/null @@ -1,25 +0,0 @@ -binaries: - - apachectl - - mariadb - - php - - render-template -directories: - - mode: "0775" - paths: - - /bitnami/opencart - - /bitnami/opencart_storage - - /opt/bitnami/opencart -files: - - paths: - - /opt/bitnami/opencart/.htaccess - - /opt/bitnami/opencart/config.php - - /opt/bitnami/opencart/admin/config.php -phpmodules: - # Based on https://docs.opencart.com/requirements/ - - curl - - gd - - mbstring - - mysqli - - zip - - zlib -root_dir: /opt/bitnami diff --git a/.vib/opencart/vib-verify.json b/.vib/opencart/vib-verify.json deleted file mode 100644 index 4208ddab6650a..0000000000000 --- a/.vib/opencart/vib-verify.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "opencart/goss/goss.yaml", - "vars_file": "opencart/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-opencart" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/phpbb/goss/goss.yaml b/.vib/phpbb/goss/goss.yaml deleted file mode 100644 index 4e5074da9748d..0000000000000 --- a/.vib/phpbb/goss/goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../phpbb/goss/phpbb.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-apache-libphp.yaml: {} - ../../common/goss/templates/check-app-version.yaml: {} - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-files.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/phpbb/goss/phpbb.yaml b/.vib/phpbb/goss/phpbb.yaml deleted file mode 100644 index 61c5590425532..0000000000000 --- a/.vib/phpbb/goss/phpbb.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - check-enabled-modules: - exec: php -m - exit-status: 0 - stdout: - {{ range $module := .Vars.phpmodules }} - - "{{ $module }}" - {{ end }} -file: - # HTTP vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/phpbb-vhost.conf: - exists: true - filetype: file - contents: - - /DocumentRoot.*/opt/bitnami/phpbb/ - - "Alias /bitnami/phpbb /bitnami/phpbb" - # HTTPS vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/phpbb-https-vhost.conf: - exists: true - filetype: file - contents: - - "SSLEngine on" - - /DocumentRoot.*/opt/bitnami/phpbb/ - - "Alias /bitnami/phpbb /bitnami/phpbb" -group: - daemon: - exists: true -user: - daemon: - exists: true diff --git a/.vib/phpbb/goss/vars.yaml b/.vib/phpbb/goss/vars.yaml deleted file mode 100644 index cdc88d7ddc9e9..0000000000000 --- a/.vib/phpbb/goss/vars.yaml +++ /dev/null @@ -1,34 +0,0 @@ -binaries: - - apachectl - - mariadb - - php - - render-template -directories: - - mode: "0775" - paths: - - /bitnami/phpbb - - /opt/bitnami/phpbb - - /opt/bitnami/phpbb/cache - - /opt/bitnami/phpbb/files - - /opt/bitnami/phpbb/images - - /opt/bitnami/phpbb/store - - /opt/bitnami/phpbb/ext -files: - - paths: - - /opt/bitnami/phpbb/config.php - - /opt/bitnami/phpbb/install/install_config.json -phpmodules: - # Based on https://www.phpbb.com/support/docs/ug/ - # Required - - json - - mbstring - - mysqli - - xml - # Recommended - - ftp - - gd - - zlib -root_dir: /opt/bitnami -version: - bin_name: php - flag: /opt/bitnami/phpbb/install/phpbbcli.php --version diff --git a/.vib/phpbb/vib-verify.json b/.vib/phpbb/vib-verify.json deleted file mode 100644 index b954d244087fc..0000000000000 --- a/.vib/phpbb/vib-verify.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "phpbb/goss/goss.yaml", - "vars_file": "phpbb/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-phpbb" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/prestashop/goss/goss.yaml b/.vib/prestashop/goss/goss.yaml deleted file mode 100644 index 92cc6a44e5274..0000000000000 --- a/.vib/prestashop/goss/goss.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../prestashop/goss/prestashop.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-apache-libphp.yaml: {} - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-files.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/prestashop/goss/prestashop.yaml b/.vib/prestashop/goss/prestashop.yaml deleted file mode 100644 index 43ff22038e74e..0000000000000 --- a/.vib/prestashop/goss/prestashop.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - check-app-version: - exec: grep -Eo "'_PS_INSTALL_VERSION_', '[^']*'" /opt/bitnami/prestashop/install/install_version.php - exit-status: 0 - stdout: - - "{{ .Env.APP_VERSION }}" - check-enabled-modules: - exec: php -m - exit-status: 0 - stdout: - {{ range $module := .Vars.phpmodules }} - - "{{ $module }}" - {{ end }} -file: - /opt/bitnami/php/etc/php.ini: - exists: true - filetype: file - contents: - - "post_max_size = 128M" - - "upload_max_filesize = 128M" - # Ensure that .htaccess file contents have not been moved to /opt/bitnami/apache/conf/vhosts/htaccess - /opt/bitnami/prestashop/app/.htaccess: - exists: true - filetype: file - contents: - - "Require all denied" - # HTTP vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/prestashop-vhost.conf: - exists: true - filetype: file - contents: - - /DocumentRoot.*/opt/bitnami/prestashop/ - # HTTPS vhost should have been properly rendered - /opt/bitnami/apache/conf/vhosts/prestashop-https-vhost.conf: - exists: true - filetype: file - contents: - - "SSLEngine on" - - /DocumentRoot.*/opt/bitnami/prestashop/ -group: - daemon: - exists: true -user: - daemon: - exists: true diff --git a/.vib/prestashop/goss/vars.yaml b/.vib/prestashop/goss/vars.yaml deleted file mode 100644 index 3ba7698363257..0000000000000 --- a/.vib/prestashop/goss/vars.yaml +++ /dev/null @@ -1,35 +0,0 @@ -binaries: - - apachectl - - mariadb - - php - - render-template -directories: - - mode: "0775" - paths: - - /bitnami/prestashop - - /opt/bitnami/prestashop - - /opt/bitnami/prestashop/admin - - /opt/bitnami/prestashop/install -files: - - paths: - - /opt/bitnami/prestashop/install/index_cli.php -phpmodules: - # Based on https://github.com/PrestaShop/php-ps-info - # Required - - curl - - dom - - fileinfo - - gd - - iconv - - intl - - json - - mbstring - - openssl - - pdo_mysql - - SimpleXML - - zip - # Recommended - - bcmath - - imagick - - memcached -root_dir: /opt/bitnami diff --git a/.vib/prestashop/vib-verify.json b/.vib/prestashop/vib-verify.json deleted file mode 100644 index 992ecca35c635..0000000000000 --- a/.vib/prestashop/vib-verify.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64", - "linux/arm64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "prestashop/goss/goss.yaml", - "vars_file": "prestashop/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-prestashop" - } - } - } - }, - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - } - ] - } - } -} diff --git a/.vib/prometheus/goss/prometheus.yaml b/.vib/prometheus/goss/prometheus.yaml index a7694d74d1aa4..721f7751fd1fd 100644 --- a/.vib/prometheus/goss/prometheus.yaml +++ b/.vib/prometheus/goss/prometheus.yaml @@ -12,3 +12,14 @@ command: stderr: - "Starting Prometheus Server" - "Server is ready" +{{ if regexMatch "^2.+" .Env.APP_VERSION }} +file: + /opt/bitnami/prometheus/conf/consoles: + exists: true + mode: "0755" + filetype: directory + /opt/bitnami/prometheus/conf/console_libraries: + exists: true + mode: "0755" + filetype: directory +{{end}} \ No newline at end of file diff --git a/.vib/prometheus/goss/vars.yaml b/.vib/prometheus/goss/vars.yaml index 9c34ff93b9c5f..d538fa1d08f43 100644 --- a/.vib/prometheus/goss/vars.yaml +++ b/.vib/prometheus/goss/vars.yaml @@ -5,9 +5,6 @@ directories: - mode: "0775" paths: - /opt/bitnami/prometheus/data - - paths: - - /opt/bitnami/prometheus/conf/console_libraries - - /opt/bitnami/prometheus/conf/consoles files: - paths: - /opt/bitnami/prometheus/conf/prometheus.yml diff --git a/.vib/rabbitmq/goss/vars.yaml b/.vib/rabbitmq/goss/vars.yaml index 5db20772a0aff..b8b086dd8f491 100644 --- a/.vib/rabbitmq/goss/vars.yaml +++ b/.vib/rabbitmq/goss/vars.yaml @@ -14,5 +14,7 @@ directories: - /opt/bitnami/rabbitmq/plugins root_dir: /opt/bitnami version: - bin_name: rabbitmqctl - flag: --version + # HACK: Temporary fix for RabbitMQ 4.0.1 which had an incorrect version set + # https://github.com/rabbitmq/rabbitmq-server/issues/12339 + bin_name: bash + flag: -c "if [[ \"$APP_VERSION\" = \"4.0.1\" ]]; then echo 4.0.1; else rabbitmqctl --version; fi" diff --git a/.vib/ruby/goss/ruby.yaml b/.vib/ruby/goss/ruby.yaml index d446731b5e69e..7d1b96bf8a2e2 100644 --- a/.vib/ruby/goss/ruby.yaml +++ b/.vib/ruby/goss/ruby.yaml @@ -10,7 +10,7 @@ command: - "{{ $module }}" {{ end }} check-ssl: - exec: ruby -rnet/https -e "Net::HTTP.get URI('https://bitnami.com')" + exec: ruby -rnet/https -e "Net::HTTP.get URI('https://google.com')" exit-status: 0 {{ range $flag := .Vars.flags }} check-{{ $flag }}: diff --git a/.vib/rust/goss/goss.yaml b/.vib/rust/goss/goss.yaml new file mode 100644 index 0000000000000..5459a81ef0f7b --- /dev/null +++ b/.vib/rust/goss/goss.yaml @@ -0,0 +1,12 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/rust/goss/vars.yaml b/.vib/rust/goss/vars.yaml new file mode 100644 index 0000000000000..bb93d64195cfd --- /dev/null +++ b/.vib/rust/goss/vars.yaml @@ -0,0 +1,10 @@ +binaries: + - rustc + - rustfmt +root_dir: /opt/bitnami +directories: + - paths: + - /opt/bitnami/rust +version: + bin_name: rustc + flag: --version diff --git a/.vib/rust/vib-verify.json b/.vib/rust/vib-verify.json new file mode 100644 index 0000000000000..18a67ae1a608a --- /dev/null +++ b/.vib/rust/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + }, + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "rust/goss/goss.yaml", + "vars_file": "rust/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-rust" + } + } + } + } + ] + } + } +} diff --git a/.vib/scylladb/goss/vars.yaml b/.vib/scylladb/goss/vars.yaml index 1d39adba20322..97dd65246fbe8 100644 --- a/.vib/scylladb/goss/vars.yaml +++ b/.vib/scylladb/goss/vars.yaml @@ -14,7 +14,7 @@ directories: paths: - /.cassandra - /bitnami/scylladb - - /bitnami/scylladb/conf + - /bitnami/scylladb/etc - /opt/bitnami/scylladb/tmp - /opt/bitnami/scylladb/etc - /opt/bitnami/scylladb/logs diff --git a/.vib/static/vib-verify.json b/.vib/static/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/static/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/statsd-exporter/goss/goss.yaml b/.vib/statsd-exporter/goss/goss.yaml new file mode 100644 index 0000000000000..5459a81ef0f7b --- /dev/null +++ b/.vib/statsd-exporter/goss/goss.yaml @@ -0,0 +1,12 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/statsd-exporter/goss/vars.yaml b/.vib/statsd-exporter/goss/vars.yaml new file mode 100644 index 0000000000000..33c6126c460b1 --- /dev/null +++ b/.vib/statsd-exporter/goss/vars.yaml @@ -0,0 +1,6 @@ +binaries: + - statsd_exporter +root_dir: /opt/bitnami +version: + bin_name: statsd_exporter + flag: --version diff --git a/.vib/statsd-exporter/vib-verify.json b/.vib/statsd-exporter/vib-verify.json new file mode 100644 index 0000000000000..bd6d067f5984b --- /dev/null +++ b/.vib/statsd-exporter/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + }, + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "statsd-exporter/goss/goss.yaml", + "vars_file": "statsd-exporter/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-statsd-exporter" + } + } + } + } + ] + } + } +} diff --git a/.vib/supabase-postgres-meta/goss/goss.yaml b/.vib/supabase-postgres-meta/goss/goss.yaml deleted file mode 100644 index 74960d32717bf..0000000000000 --- a/.vib/supabase-postgres-meta/goss/goss.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../supabase-postgres-meta/goss/supabase-postgres-meta.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-files.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/supabase-postgres-meta/goss/supabase-postgres-meta.yaml b/.vib/supabase-postgres-meta/goss/supabase-postgres-meta.yaml deleted file mode 100644 index edcec13c70f05..0000000000000 --- a/.vib/supabase-postgres-meta/goss/supabase-postgres-meta.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - check-supabase-postgres-meta-run: - exec: cd /opt/bitnami/supabase-postgres-meta; timeout --preserve-status 5 npm run start || true - timeout: 8000 - exit-status: 0 - stdout: - - "node dist/server/server.js" - - "Server listening" diff --git a/.vib/supabase-postgres-meta/goss/vars.yaml b/.vib/supabase-postgres-meta/goss/vars.yaml deleted file mode 100644 index 47b503fe809e6..0000000000000 --- a/.vib/supabase-postgres-meta/goss/vars.yaml +++ /dev/null @@ -1,14 +0,0 @@ -binaries: - - node - - npm -directories: - - paths: - - /opt/bitnami/supabase-postgres-meta/node_modules - - /opt/bitnami/supabase-postgres-meta/dist -files: - - paths: - - /opt/bitnami/supabase-postgres-meta/package.json -root_dir: /opt/bitnami -sed_in_place: - exclude_paths: - - /opt/bitnami/supabase-postgres-meta/node_modules/ diff --git a/.vib/supabase-postgres-meta/vib-verify.json b/.vib/supabase-postgres-meta/vib-verify.json deleted file mode 100644 index b11bd26c0dc6d..0000000000000 --- a/.vib/supabase-postgres-meta/vib-verify.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - }, - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "supabase-postgres-meta/goss/goss.yaml", - "vars_file": "supabase-postgres-meta/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-supabase-postgres-meta" - } - } - } - } - ] - } - } -} diff --git a/.vib/supabase-postgres/goss/goss.yaml b/.vib/supabase-postgres/goss/goss.yaml deleted file mode 100644 index 4615908629142..0000000000000 --- a/.vib/supabase-postgres/goss/goss.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../supabase-postgres/goss/supabase-postgres.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-files.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/supabase-postgres/goss/supabase-postgres.yaml b/.vib/supabase-postgres/goss/supabase-postgres.yaml deleted file mode 100644 index c88543ab4f3bd..0000000000000 --- a/.vib/supabase-postgres/goss/supabase-postgres.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - # PostgreSQL should match the major version - check-postgresql-version: - exec: {{ .Vars.version.bin_name }} {{ .Vars.version.flag }} | grep "$(echo $APP_VERSION | sed -E 's|^([0-9]+\.).+$| \1|g')" - exit-status: 0 -file: - /opt/bitnami/postgresql/logs/postgresql.log: - exists: true - filetype: symlink - linked-to: /dev/stdout - /opt/bitnami/postgresql/conf/postgresql.conf: - exists: true - mode: "0664" - contents: - - /^include_dir = 'conf.d'/ diff --git a/.vib/supabase-postgres/goss/vars.yaml b/.vib/supabase-postgres/goss/vars.yaml deleted file mode 100644 index ce5b12da90e8f..0000000000000 --- a/.vib/supabase-postgres/goss/vars.yaml +++ /dev/null @@ -1,31 +0,0 @@ -binaries: - - java - - postgres - - psql - - pg_dump - - pg_dumpall - - pg_restore -directories: - - paths: - - /opt/bitnami/supabase-postgres/migrations/db - - mode: "0775" - paths: - - /bitnami/postgresql - - /bitnami/postgresql/conf - - /bitnami/postgresql/conf/conf.d - - /docker-entrypoint-initdb.d - - /opt/bitnami/postgresql/conf - - /opt/bitnami/postgresql/conf/conf.d - - /opt/bitnami/postgresql/logs - - /opt/bitnami/postgresql/tmp -files: - - paths: - - /opt/bitnami/supabase-postgres/migrations/00-schema.sql - - /opt/bitnami/supabase-postgres/migrations/01-extension.sql - - /opt/bitnami/postgresql/conf/pg_hba.conf - - /opt/bitnami/postgresql/lib/timescaledb.so - - /opt/bitnami/postgresql/share/extension/timescaledb.control -root_dir: /opt/bitnami -version: - bin_name: postgres - flag: --version diff --git a/.vib/supabase-postgres/vib-verify.json b/.vib/supabase-postgres/vib-verify.json deleted file mode 100644 index c7204bac35a62..0000000000000 --- a/.vib/supabase-postgres/vib-verify.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - }, - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "supabase-postgres/goss/goss.yaml", - "vars_file": "supabase-postgres/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-supabase-postgres" - } - } - } - } - ] - } - } -} diff --git a/.vib/supabase-realtime/goss/goss.yaml b/.vib/supabase-realtime/goss/goss.yaml deleted file mode 100644 index f51582c975208..0000000000000 --- a/.vib/supabase-realtime/goss/goss.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Load scripts from .vib/common/goss/templates - # ../../common/goss/templates/check-app-version.yaml: {} - Disable due to mismatch version in the upstream release https://github.com/supabase/realtime/releases/tag/v2.22.3 - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/supabase-realtime/goss/vars.yaml b/.vib/supabase-realtime/goss/vars.yaml deleted file mode 100644 index 6ded2aae701e4..0000000000000 --- a/.vib/supabase-realtime/goss/vars.yaml +++ /dev/null @@ -1,7 +0,0 @@ -binaries: - - server - - realtime -root_dir: /opt/bitnami -version: - bin_name: realtime - flag: version diff --git a/.vib/supabase-realtime/vib-verify.json b/.vib/supabase-realtime/vib-verify.json deleted file mode 100644 index 4e398621b4710..0000000000000 --- a/.vib/supabase-realtime/vib-verify.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - }, - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "supabase-realtime/goss/goss.yaml", - "vars_file": "supabase-realtime/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-supabase-realtime" - } - } - } - } - ] - } - } -} diff --git a/.vib/supabase-storage/goss/goss.yaml b/.vib/supabase-storage/goss/goss.yaml deleted file mode 100644 index 5ba77869836fc..0000000000000 --- a/.vib/supabase-storage/goss/goss.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../supabase-storage/goss/supabase-storage.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-files.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/supabase-storage/goss/supabase-storage.yaml b/.vib/supabase-storage/goss/supabase-storage.yaml deleted file mode 100644 index 80540ad71cb5f..0000000000000 --- a/.vib/supabase-storage/goss/supabase-storage.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - list-run-operations: - exec: cd /opt/bitnami/supabase-storage; npm run - exit-status: 0 - stdout: - - "node dist/server.js" diff --git a/.vib/supabase-storage/goss/vars.yaml b/.vib/supabase-storage/goss/vars.yaml deleted file mode 100644 index aa92d61ca4f43..0000000000000 --- a/.vib/supabase-storage/goss/vars.yaml +++ /dev/null @@ -1,16 +0,0 @@ -binaries: - - node - - npm - - pm2-runtime -directories: - - paths: - - /opt/bitnami/supabase-storage/dist - - /opt/bitnami/supabase-storage/migrations - - /opt/bitnami/supabase-storage/node_modules -files: - - paths: - - /opt/bitnami/supabase-storage/package.json -root_dir: /opt/bitnami -sed_in_place: - exclude_paths: - - /opt/bitnami/supabase-storage/node_modules/ diff --git a/.vib/supabase-storage/vib-verify.json b/.vib/supabase-storage/vib-verify.json deleted file mode 100644 index cd9d51363a77e..0000000000000 --- a/.vib/supabase-storage/vib-verify.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - }, - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "supabase-storage/goss/goss.yaml", - "vars_file": "supabase-storage/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-supabase-storage" - } - } - } - } - ] - } - } -} diff --git a/.vib/supabase-studio/goss/goss.yaml b/.vib/supabase-studio/goss/goss.yaml deleted file mode 100644 index 58295a28dcb1e..0000000000000 --- a/.vib/supabase-studio/goss/goss.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -gossfile: - # Goss tests exclusive to the current container - ../../supabase-studio/goss/supabase-studio.yaml: {} - # Load scripts from .vib/common/goss/templates - ../../common/goss/templates/check-binaries.yaml: {} - ../../common/goss/templates/check-broken-symlinks.yaml: {} - ../../common/goss/templates/check-ca-certs.yaml: {} - ../../common/goss/templates/check-directories.yaml: {} - ../../common/goss/templates/check-files.yaml: {} - ../../common/goss/templates/check-linked-libraries.yaml: {} - ../../common/goss/templates/check-sed-in-place.yaml: {} - ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/supabase-studio/goss/supabase-studio.yaml b/.vib/supabase-studio/goss/supabase-studio.yaml deleted file mode 100644 index d3c2b166a7fb1..0000000000000 --- a/.vib/supabase-studio/goss/supabase-studio.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -command: - list-run-operations: - exec: cd /opt/bitnami/supabase/; timeout --preserve-status 5 /opt/bitnami/node/bin/node apps/studio/server.js || true - timeout: 8000 - exit-status: 0 - stdout: - - "Ready" diff --git a/.vib/supabase-studio/goss/vars.yaml b/.vib/supabase-studio/goss/vars.yaml deleted file mode 100644 index 37b694a3f5085..0000000000000 --- a/.vib/supabase-studio/goss/vars.yaml +++ /dev/null @@ -1,14 +0,0 @@ -binaries: - - node - - npm -directories: - - paths: - - /opt/bitnami/supabase/apps/studio/public - - /opt/bitnami/supabase/apps/studio/.next/static -files: - - paths: - - /opt/bitnami/supabase/package.json -root_dir: /opt/bitnami -sed_in_place: - exclude_paths: - - /opt/bitnami/supabase/node_modules/ diff --git a/.vib/supabase-studio/vib-verify.json b/.vib/supabase-studio/vib-verify.json deleted file mode 100644 index 4b620b633f8f6..0000000000000 --- a/.vib/supabase-studio/vib-verify.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "context": { - "resources": { - "url": "{SHA_ARCHIVE}", - "path": "{VIB_ENV_PATH}" - }, - "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" - }, - "phases": { - "package": { - "actions": [ - { - "action_id": "container-image-package", - "params": { - "application": { - "details": { - "name": "{VIB_ENV_CONTAINER}", - "tag": "{VIB_ENV_TAG}" - } - }, - "architectures": [ - "linux/amd64" - ] - } - }, - { - "action_id": "container-image-lint", - "params": { - "threshold": "error" - } - } - ] - }, - "verify": { - "actions": [ - { - "action_id": "trivy", - "params": { - "threshold": "LOW", - "vuln_type": [ - "OS" - ] - } - }, - { - "action_id": "grype", - "params": { - "threshold": "CRITICAL", - "package_type": [ - "OS" - ] - } - }, - { - "action_id": "goss", - "params": { - "resources": { - "path": "/.vib" - }, - "tests_file": "supabase-studio/goss/goss.yaml", - "vars_file": "supabase-studio/goss/vars.yaml", - "remote": { - "pod": { - "workload": "deploy-supabase-studio" - } - } - } - } - ] - } - } -} diff --git a/.vib/valkey-cluster/goss/goss.yaml b/.vib/valkey-cluster/goss/goss.yaml new file mode 100644 index 0000000000000..8ec1b1a95d69a --- /dev/null +++ b/.vib/valkey-cluster/goss/goss.yaml @@ -0,0 +1,16 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../valkey-cluster/goss/valkey-cluster.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-files.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/valkey-cluster/goss/valkey-cluster.yaml b/.vib/valkey-cluster/goss/valkey-cluster.yaml new file mode 100644 index 0000000000000..6357ac0bc05d8 --- /dev/null +++ b/.vib/valkey-cluster/goss/valkey-cluster.yaml @@ -0,0 +1,32 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +file: + /opt/bitnami/valkey/etc/valkey.conf: + exists: true + contents: + - /port.*6379/ + - /dir.*/bitnami/valkey/data/ + - /pidfile.*/opt/bitnami/valkey/tmp/valkey.pid/ + - "daemonize no" + - "cluster-enabled yes" + - /cluster-config-file.*/bitnami/valkey/data/nodes.conf/ +command: + check-valkey-server: + exec: timeout --preserve-status 5 valkey-server /opt/bitnami/valkey/etc/valkey.conf + exit-status: 0 + timeout: 10000 + stdout: + - "Ready to accept connections" + check-valkey-server-ssl: + exec: ldd /opt/bitnami/valkey/bin/valkey-server + exit-status: 0 + stdout: + - "libcrypto.so" + - "libssl.so" + check-valkey-cli-ssl: + exec: ldd /opt/bitnami/valkey/bin/valkey-cli + exit-status: 0 + stdout: + - "libcrypto.so" + - "libssl.so" diff --git a/.vib/valkey-cluster/goss/vars.yaml b/.vib/valkey-cluster/goss/vars.yaml new file mode 100644 index 0000000000000..76740a957dcd0 --- /dev/null +++ b/.vib/valkey-cluster/goss/vars.yaml @@ -0,0 +1,18 @@ +binaries: + - valkey-cli + - valkey-server +directories: + - mode: "0775" + paths: + - /bitnami/valkey + - /opt/bitnami/valkey + - paths: + - /bitnami/valkey/data + - /opt/bitnami/valkey/etc +files: + - paths: + - /opt/bitnami/valkey/etc/valkey-default.conf +root_dir: /opt/bitnami +version: + bin_name: valkey-server + flag: --version diff --git a/.vib/valkey-cluster/vib-verify.json b/.vib/valkey-cluster/vib-verify.json new file mode 100644 index 0000000000000..782586fb5ed30 --- /dev/null +++ b/.vib/valkey-cluster/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + }, + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "valkey-cluster/goss/goss.yaml", + "vars_file": "valkey-cluster/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-valkey-cluster" + } + } + } + } + ] + } + } +} diff --git a/.vib/valkey-sentinel/goss/valkey-sentinel.yaml b/.vib/valkey-sentinel/goss/valkey-sentinel.yaml index 5a2ecc6bb136c..668e92eddca02 100644 --- a/.vib/valkey-sentinel/goss/valkey-sentinel.yaml +++ b/.vib/valkey-sentinel/goss/valkey-sentinel.yaml @@ -11,6 +11,13 @@ file: - "daemonize no" - 'logfile ""' command: + # Remove if sentinel gets updated: https://github.com/valkey-io/valkey/blob/7.2/sentinel.conf + # Requires to update the libvalkeysentinel.sh script + {{ if regexMatch "^7.+" .Env.APP_VERSION }} + check-primary-master-change: + exec: if ! grep "SENTINEL master-reboot-down-after-period" /opt/bitnami/valkey-sentinel/etc/sentinel.conf; then exit 1; fi + exit-status: 0 + {{ end }} check-valkey-server: exec: timeout --preserve-status 5 valkey-server /opt/bitnami/valkey-sentinel/etc/sentinel.conf --sentinel exit-status: 0 diff --git a/.vib/volsync/goss/goss.yaml b/.vib/volsync/goss/goss.yaml new file mode 100644 index 0000000000000..9f52ef8baa6aa --- /dev/null +++ b/.vib/volsync/goss/goss.yaml @@ -0,0 +1,13 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/volsync/goss/vars.yaml b/.vib/volsync/goss/vars.yaml new file mode 100644 index 0000000000000..0d246a7cb7f14 --- /dev/null +++ b/.vib/volsync/goss/vars.yaml @@ -0,0 +1,23 @@ +binaries: + - manager + - restic + - rclone + - syncthing + - diskrsync + - diskrsync-tcp +sed_in_place: + exclude_paths: + # Ignore scripts provided by upstream volsync + - /opt/bitnami/volsync/mover-.*/.* +directories: + - mode: "0755" + paths: + - /opt/bitnami/volsync/mover-rclone + - /opt/bitnami/volsync/mover-restic + - /opt/bitnami/volsync/mover-rsync + - /opt/bitnami/volsync/mover-rsync-tls + - /opt/bitnami/volsync/mover-syncthing +root_dir: /opt/bitnami +version: + bin_name: restic + flag: version diff --git a/.vib/volsync/vib-verify.json b/.vib/volsync/vib-verify.json new file mode 100644 index 0000000000000..ffc94d7e49234 --- /dev/null +++ b/.vib/volsync/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "volsync/goss/goss.yaml", + "vars_file": "volsync/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-volsync" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/zipkin/goss/goss.yaml b/.vib/zipkin/goss/goss.yaml new file mode 100644 index 0000000000000..34f5c2e71bae1 --- /dev/null +++ b/.vib/zipkin/goss/goss.yaml @@ -0,0 +1,14 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Load scripts from .vib/common/goss/templates + ../../zipkin/goss/zipkin.yaml: {} + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/zipkin/goss/vars.yaml b/.vib/zipkin/goss/vars.yaml new file mode 100644 index 0000000000000..3247d693c0c2e --- /dev/null +++ b/.vib/zipkin/goss/vars.yaml @@ -0,0 +1,11 @@ +binaries: + - java + - start-zipkin +directories: + - paths: + - /opt/bitnami/zipkin +root_dir: /opt/bitnami +# The application does not have a --version flag, but the server logs do show the version +version: + bin_name: timeout + flag: --preserve-status 7 bash -c "cd /opt/bitnami/zipkin; start-zipkin" || true diff --git a/.vib/zipkin/goss/zipkin.yaml b/.vib/zipkin/goss/zipkin.yaml new file mode 100644 index 0000000000000..2aab40b2ac043 --- /dev/null +++ b/.vib/zipkin/goss/zipkin.yaml @@ -0,0 +1,16 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +user: + zipkin: + exists: true + uid: 1001 + gid: 0 +command: + run-zipkin: + # We need a different port to not collide with the version check + exec: export QUERY_PORT=9044; cd /opt/bitnami/zipkin; timeout --preserve-status 12 start-zipkin 2>&1 || true + timeout: 15000 + exit-status: 0 + stdout: + - /Serving HTTP at.*9044/ diff --git a/.vib/zipkin/vib-verify.json b/.vib/zipkin/vib-verify.json new file mode 100644 index 0000000000000..4a272817a7621 --- /dev/null +++ b/.vib/zipkin/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "zipkin/goss/goss.yaml", + "vars_file": "zipkin/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-zipkin" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b173df6557848..bc8437cc53e36 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,7 +9,8 @@ Any type of contribution is welcome: new features, bug fixes, documentation impr 1. Fork this repository, develop, and test your changes. 2. Submit a pull request. -***NOTE***: To make the Pull Requests' (PRs) testing and merging process easier, please submit changes to multiple containers in separate PRs. +> [!NOTE] +> To make the Pull Requests' (PRs) testing and merging process easier, please submit changes to multiple containers in separate PRs. ### Requirements @@ -22,7 +23,7 @@ When submitting a PR make sure that: #### Sign Your Work -The sign-off is a simple line at the end of the explanation for a commit. All commits needs to be signed. Your signature certifies that you wrote the patch or otherwise have the right to contribute the material. The rules are pretty simple, you only need to certify the guidelines from [developercertificate.org](https://developercertificate.org/). +The sign-off is a simple line at the end of the explanation for a commit. All commits need to be signed. Your signature certifies that you wrote the patch or otherwise have the right to contribute the material. The rules are pretty simple, you only need to certify the guidelines from [developercertificate.org](https://developercertificate.org/). Then you just add a line to every git commit message: @@ -49,10 +50,11 @@ Notice the `Author` and `Signed-off-by` lines match. If they don't your PR will ### PR Approval and Release Process -1. Changes are manually reviewed by Bitnami team members usually within a business day. +1. Changes are manually reviewed by Bitnami team members. 2. The changes are automatically tested using our GitHub CI workflow. -3. Once the changes are accepted, the PR is tested (if needed) into the internal Bitnami CI pipeline. This may include testing both container and any associated Helm Chart. +3. Once the changes are accepted, the PR is tested (if needed) in the internal Bitnami CI pipeline. This may include testing both the container and any associated Helm Chart. 4. The PR is merged by the reviewer(s) in the GitHub `main` branch. 5. Then our CI/CD system is going to push the container image to the different registries including the recently merged changes. -***NOTE***: Please note that, in terms of time, may be a slight difference between the appearance of the code in GitHub and the image with the changes in the different registries. +> [!NOTE] +> Please note that, in terms of time, there may be a slight difference between the appearance of the code in GitHub and the image with the changes in the different registries. diff --git a/README.md b/README.md index 6b99123251abb..17167ed89fb3c 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ cd bitnami/APP/VERSION/OPERATING-SYSTEM docker build -t bitnami/APP . ``` +> [!TIP] > Remember to replace the `APP`, `VERSION`, and `OPERATING-SYSTEM` placeholders in the example command above with the correct values. ## Run the application using Docker Compose @@ -57,8 +58,78 @@ curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/APP/ docker-compose up -d ``` +> [!TIP] > Remember to replace the `APP` placeholder in the example command above with the correct value. +## Announcing General Availability of Bitnami Premium + +### A new commercial version of Bitnami open source containers and Helm charts + +Enterprises that love Bitnami can now purchase a Bitnami Premium subscription from [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=github&utm_medium=containers) and consume the containers and Helm charts right in Docker Hub. Bitnami Premium users will get access to private Docker Hub repositories with the same containers and Helm charts they are used to, plus new commercial features including: + +* Enterprise support for all 500+ Bitnami Premium packages +* All LTS branches of all Bitnami application packages maintained up-to-date +* Unlimited pulls of all Bitnami Premium containers and Helm charts from Docker Hub +* Secure software supply chain metadata including Software Bills of Material (SBOMs), SLSA 3 pipeline validation with in-toto attestations, Notation and Cosign signatures, Build-time CVE and anti-virus scan reports, and more. + +Alongside the launch of Bitnami Premium, we are making some changes to how we deliver the Bitnami Application Catalog: + +* Unlimited pulls from Docker Hub will no longer be available. Free Bitnami Application Catalog containers and charts will be subject to the same limits as any other Docker Hub repos starting December 16th, 2024. Pulls of Bitnami Premium containers and Helm charts will not count towards your [Docker Hub pull](https://hub.docker.com/usage/pulls) limits or overages. +* Long-term-support (LTS) branches of the software we package will no longer be maintained in the free Bitnami Application Catalog. To continue receiving updates for LTS branches of packages, you will have to upgrade to Bitnami Premium. +* We are improving Bitnami Application Catalog users’ supply chain security through additional integrity checks in our Helm chart installation process. These checks enable users to be aware when they are using containers that were not created and tested by Bitnami. + +These changes enable us to deliver a premium Bitnami experience to our enterprise users who will benefit from support and security metadata, but who do not need the extensive customization that is core to our other commercial offering called [Tanzu Application Catalog](https://www.vmware.com/products/app-platform/tanzu-application-catalog) (TAC). We are committed to continue delivering free Bitnami Application Catalog content to our community of developers and other open source project maintainers over the long term. + +Read on to learn more about Bitnami Premium and the coming changes to the free Bitnami Application Catalog content. + +### New goodness in Bitnami Premium + +Bitnami Premium is a new version of the content packaged by Bitnami that is sold through [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=github&utm_medium=containers). You can connect to an Arrow salesperson if you have any questions or want to purchase access. Once you buy Bitnami Premium, you will be given access to the Bitnami Premium registries in Docker Hub. You can then return to Docker Hub where you will have access to the Bitnami Premium containers, Helm charts, and software supply chain metadata from the new **/bitnamiprem** and **/bitnamichartsprem** orgs. These private repos are what enable you to pull without limits or caps. You will also see containers for all LTS branches continuously maintained up-to-date: for example, you will see PostgreSQL containers for versions 12, 13, 14, 15, 16, and 17; while in the free Bitnami catalog, you will only find version 17. + +#### A middle ground between free Bitnami Application Catalog and Tanzu Application Catalog customized packages + +In Bitnami Premium, all of the applications are built on Debian just as they are in the free Bitnami library. You get the entire library of containers and Helm charts kept up-to-date with the latest changes anywhere in each app from the OS to the application code itself. You can consume the content through Docker Hub where you’ve already been pulling it to date. However, in the Bitnami Premium registries, you will also find important software supply chain security metadata delivered as OCI artifacts alongside the containers and Helm charts. This metadata is useful for enterprises that need third-party open source software to be compliant with policies around auditability, supply chain integrity, and time to remediation of vulnerabilities. + +* **Supply chain security and integrity**: Bitnami Premium containers and Helm charts are built on an SLSA 3 pipeline, with attestations and signatures serving as proof that the software you’re deploying in your clusters is what you expect and has not been tampered with. +* **Software bills of material (SBOMs)**: At both the Helm chart and container levels, SBOMs give you fine-grained insight into the contents of every package. Bitnami Premium also includes build-time CVE scans and anti-virus reports (helpful for our Federal government customers). This will make it far easier to continuously validate the integrity of software supply chains and to track and triage vulnerabilities as they are discovered and patched. +* **Build time CVE scans, anti-virus scans, and more**: also included with Bitnami Premium content are Trivy CVE scan results and ClamAV scan results that satisfy requirements for, among other things, doing business with the US Federal government. You will also find the results of Bitnami’s automated functional tests that run as part of every artifact update, trigger information that specifies why the latest update was released, and more. + +Bitnami Premium differs from Tanzu Application Catalog in that, just like our free Bitnami content, it is a one-size-fits-all library of containers and Helm charts all built on Debian. Tanzu Application Catalog gives you the ability to customize your artifacts along many different dimensions. Some of the key differences include: + +* **Private delivery**: TAC containers and Helm charts are delivered directly to your private registries, or are hosted in a private registry maintained by us that you can pull from. +* **Choose a Linux distro or use your own “golden image”**: TAC gives you the ability to choose among four supported Linux distros: Debian, Ubuntu, RedHat UBI, or VMware’s own PhotonOS. All of the software packages on these distributions are maintained up-to-date and are tested to work in multiple Kubernetes environments as part of the release process. You can also use your own golden image: we’ll build and maintain the artifacts on top of it. For customers that need it, PhotonOS includes FIPS OpenSSL, is STIG-compliant, and includes zero/minimal CVES with VEX statements to triage any remaining ones. +* **App-specific customization**: With TAC, you can inject your own customizations such as user settings, certificates, or plugins into our SLSA 3 pipeline, so the artifacts you receive are truly promotable to production environments. +* **Software knowledge graph**: This keeps track of all your software dependencies at the individual package level. It continuously scans them for vulnerabilities, and organizes them into a searchable graph database so you can see in real-time which versions of which apps are affected and patched. It also includes useful information such as open source licenses, package management ecosystem data, and more. +* **UI and API**: TAC includes access to a user interface where you can add and remove applications from your catalog, and interact with the software knowledge graph to see at-a-glance details about your software. The [TAC API](https://developer.broadcom.com/xapis/application-catalog/latest/) enables you to build information from the software knowledge graph into your pipelines to ensure you are keeping your applications up-to-date with the latest patched applications. + +### Continuing our long tradition of partnerships + +Since Bitnami’s beginning over a decade ago, our many partnerships have propelled us to be a leading publisher of open source software. Bitnami cloud images drive billions of compute hours annually for our hyperscale cloud partners, for example, and our containers and Helm charts are pulled hundreds of millions of times per month from our partners at Docker Hub. + +We now begin our newest endeavor with [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=github&utm_medium=containers). Arrow is a global leader in IT distribution. Arrow is known for its ability to help businesses navigate the complexities of modern IT landscapes, providing the tools, technology, and expertise needed to drive digital transformation and operational efficiency. + +Arrow will sell Bitnami Premium access through its website. Bitnami users interested in purchasing Bitnami Premium will find a streamlined process to pay, share their Docker Hub user identification, and gain access to the private Bitnami Premium repos in Docker Hub. Bitnami Premium customers can add and remove users through Arrow's support team, as well as submit tickets for enterprise support jointly delivered by the software packaging experts at Arrow and Bitnami. + +### What changes are coming for the free Bitnami library? + +#### Pull limits for free Bitnami content + +Beginning December 16th, 2024, the Bitnami Application Catalog will use [standard Docker Hub pull rate limits](https://docs.docker.com/docker-hub/download-rate-limit/) for Bitnami apps. Enterprise customers will be able to access the full Bitnami library in Bitnami Premium, purchased through Arrow and consumed right in Docker Hub, with no rate limits or restrictions. Note that we are not changing any licenses for our packages, meaning that projects can continue to bundle our Helm charts and containers in their own application packages. + +#### Long Term Support version updates + +Many open source projects we publish packages for have multiple LTS versions supported by their communities. Currently, Bitnami maintains all of these LTS versions up-to-date. Starting December 10th, 2024, we will only continue updating the latest version available for apps in the free Bitnami Application Catalog. This will enable OSS projects and individual/small businesses to continue using the latest versions of Bitnami applications. Bitnami Premium customers who need to continue pulling up-to-date versions of LTS branches can access them in the Bitnami Premium repo in Docker Hub. + +#### Supply chain integrity check in Bitnami Helm charts + +Bitnami has invested hundreds of thousands of developer hours in constructing a world-leading pipeline to build, monitor, update, and test open source software in multiple Kubernetes environments. For these Helm charts to perform as intended, and for them to leverage the many security features built-in, they need to deploy the Bitnami containers they were designed to work with. Therefore, we are adding new checks in the deployment process to check that the containers they were designed to deploy are the ones being deployed. + +### Keep an eye out for more updates + +We are excited to deliver an enhanced experience for [Bitnami Premium](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=github&utm_medium=containers) users, but this is just the beginning. We will continue to build on the value that all of our Bitnami community members, both free and paid, realize through our many years of experience publishing high-quality open source software packages for the world’s developers. + +Keep abreast of our blog for new updates and features, and be sure to check to follow us on [X (formerly Twitter)](https://x.com/bitnami) and [LinkedIn](https://www.linkedin.com/company/bitnami/). + ## Vulnerability scan in Bitnami container images As part of the release process, the Bitnami container images are analyzed for vulnerabilities. At this moment, we are using two different tools: @@ -68,6 +139,16 @@ As part of the release process, the Bitnami container images are analyzed for vu This scanning process is triggered via a GH action for every PR affecting the source code of the containers, regardless of its nature or origin. +## Changes in version support and pull-rate limits in Docker Hub for BItnami containers and Helm charts + +Following the release of Bitnami Premium, we are making some changes in the way we distribute our free catalog. These changes enable us to sustain a viable business while also continuing to serve our community, including other open source projects, with free, high-quality software packages. + +Beginning on December 16th, 2024, Bitnami will no longer subsidize unlimited pulls from the free Bitnami catalog in Docker Hub. Bitnami containers and charts will be subject to standard pull-rate limits and pull caps. Users who upgrade to Bitnami Premium will be able to pull without any limitations on pull rate or pulls per time period, regardless of the type of Docker subscription you have. + +Also on December 10t,h 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. Suppose you use a branch of any Bitnami container other than the latest stable. In that case, you can either migrate to the latest stable branch or upgrade to Bitnami Premium to pull the most up-to-date images of all upstream-supported branches. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +We have partnered with Arrow Electronics as the exclusive vendor of Bitnami Premium. When you purchase a Bitnami Premium subscription through ArrowSphere Marketplace, you will be granted access to the /bitnamiprem and /bitnamichartsprem distribution registries in Docker Hub. To learn more, visit [https://www.arrow.com/globalecs/na/vendors/bitnami](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=github&utm_medium=containers). + ## Retention policy Deprecated assets will be retained in the container registry ([Bitnami DockerHub org](https://hub.docker.com/u/bitnami)) without changes for, at least, 6 months after the deprecation. diff --git a/TESTING.md b/TESTING.md index 77916a9512be2..b445b5acf20db 100644 --- a/TESTING.md +++ b/TESTING.md @@ -85,7 +85,8 @@ This guide will focus on the `verify` phase section, of which there are some thi * A container's testing phase will usually include a single `goss` testing action, followed by additional security-related actions. -> NOTE: Some containers with per-branch ARM support use separate per-branch `vib-verify.json` pipelines. Remember to replicate changes performed on the main pipeline definition file to those pipelines. +> [!NOTE] +> Some containers with per-branch ARM support use separate per-branch `vib-verify.json` pipelines. Remember to replicate changes performed on the main pipeline definition file to those pipelines. ## Testing strategy @@ -133,6 +134,7 @@ For your test code PR to be accepted the following criteria must be fulfilled: For VIB to execute GOSS tests, the following block of code needs to be defined in the corresponding [VIB pipeline definition file](#vib-pipeline-definition-file) (`/.vib/app/vib-verify.json`). +> [!NOTE] > Values denoted withing dollar signs (`$$VALUE$$`) should be treated as placeholders ```json diff --git a/bitnami/acmesolver/1/debian-12/Dockerfile b/bitnami/acmesolver/1/debian-12/Dockerfile index 316b3808ec226..8a3480a3a3306 100644 --- a/bitnami/acmesolver/1/debian-12/Dockerfile +++ b/bitnami/acmesolver/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:41:32Z" \ + org.opencontainers.image.created="2025-01-06T18:58:32Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/acmesolver/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.14.5-debian-12-r5" \ + org.opencontainers.image.ref.name="1.16.2-debian-12-r3" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/acmesolver" \ org.opencontainers.image.title="acmesolver" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.14.5" + org.opencontainers.image.version="1.16.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "acmesolver-1.14.5-3-linux-${OS_ARCH}-debian-12" \ + "acmesolver-1.16.2-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.14.5" \ +ENV APP_VERSION="1.16.2" \ BITNAMI_APP_NAME="acmesolver" \ PATH="/opt/bitnami/acmesolver/bin:$PATH" diff --git a/bitnami/acmesolver/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/acmesolver/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index f6ac8af8e9c57..efd9b2c42cca1 100644 --- a/bitnami/acmesolver/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/acmesolver/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.14.5-3" + "version": "1.16.2-1" } } \ No newline at end of file diff --git a/bitnami/acmesolver/1/debian-12/tags-info.yaml b/bitnami/acmesolver/1/debian-12/tags-info.yaml index b046df4b98acc..c8a4b67475171 100644 --- a/bitnami/acmesolver/1/debian-12/tags-info.yaml +++ b/bitnami/acmesolver/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.14.5 +- 1.16.2 - latest diff --git a/bitnami/acmesolver/README.md b/bitnami/acmesolver/README.md index a1451f7384556..b55bd74608eda 100644 --- a/bitnami/acmesolver/README.md +++ b/bitnami/acmesolver/README.md @@ -16,7 +16,7 @@ docker run --name redis -e ALLOW_EMPTY_PASSWORD=yes bitnami/acmesolver:latest **Warning**: These quick setups are only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Configuration](#configuration) section for a more secure deployment. -## Pre-requisites +## Prerequisites Kubernetes cluster with `CustomResourceDefinition` or `ThirdPartyResource support` @@ -29,15 +29,21 @@ Kubernetes cluster with `CustomResourceDefinition` or `ThirdPartyResource suppor * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use ACME Solver in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use ACME Solver in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -65,7 +71,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/airflow-exporter/0/debian-12/Dockerfile b/bitnami/airflow-exporter/0/debian-12/Dockerfile deleted file mode 100644 index 4e9bfa91f156e..0000000000000 --- a/bitnami/airflow-exporter/0/debian-12/Dockerfile +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:41:32Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/airflow-exporter/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.20220314.0-debian-12-r34" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/airflow-exporter" \ - org.opencontainers.image.title="airflow-exporter" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.20220314.0" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "airflow-exporter-0.20220314.0-16-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -ENV APP_VERSION="0.20220314.0" \ - BITNAMI_APP_NAME="airflow-exporter" \ - PATH="/opt/bitnami/airflow-exporter/bin:$PATH" - -EXPOSE 9112 - -WORKDIR /opt/bitnami/airflow-exporter -USER 1001 -ENTRYPOINT [ "airflow-prometheus-exporter" ] diff --git a/bitnami/airflow-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/airflow-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 75861f6169fbc..0000000000000 --- a/bitnami/airflow-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "airflow-exporter": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "0.20220314.0-16" - } -} \ No newline at end of file diff --git a/bitnami/airflow-exporter/0/debian-12/tags-info.yaml b/bitnami/airflow-exporter/0/debian-12/tags-info.yaml deleted file mode 100644 index 0a4b2909c2a0a..0000000000000 --- a/bitnami/airflow-exporter/0/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "0" -- 0-debian-12 -- 0.20220314.0 -- latest diff --git a/bitnami/airflow-exporter/README.md b/bitnami/airflow-exporter/README.md deleted file mode 100644 index bf30084f77f80..0000000000000 --- a/bitnami/airflow-exporter/README.md +++ /dev/null @@ -1,185 +0,0 @@ -# Bitnami package for Airflow Exporter - -## What is Airflow Exporter? - -> Export airflow metrics in Prometheus format. - -[Overview of Airflow Exporter](https://github.com/PBWebMedia/airflow-prometheus-exporter) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -docker run --name airflow-exporter bitnami/airflow-exporter:latest -``` - -## Why use Bitnami Images? - -* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. -* With Bitnami images the latest bug fixes and features are available as soon as possible. -* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. -* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. -* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. -* Bitnami container images are released on a regular basis with the latest distribution packages available. - -Looking to use Airflow Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Why use a non-root container? - -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). - -## Supported tags and respective `Dockerfile` links - -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). - -You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. - -Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). - -## Get this image - -The recommended way to get the Bitnami Airflow Exporter Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/airflow-exporter). - -```console -docker pull bitnami/airflow-exporter:latest -``` - -To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/airflow-exporter/tags/) in the Docker Hub Registry. - -```console -docker pull bitnami/airflow-exporter:[TAG] -``` - -If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. - -```console -git clone https://github.com/bitnami/containers.git -cd bitnami/APP/VERSION/OPERATING-SYSTEM -docker build -t bitnami/APP:latest . -``` - -## Connecting to other containers - -Using [Docker container networking](https://docs.docker.com/engine/userguide/networking/), a different server running inside a container can easily be accessed by your application containers and vice-versa. - -Containers attached to the same network can communicate with each other using the container name as the hostname. - -### Using the Command Line - -#### Step 1: Create a network - -```console -docker network create airflow-exporter-network --driver bridge -``` - -#### Step 2: Launch the airflow-exporter container within your network - -Use the `--network ` argument to the `docker run` command to attach the container to the `airflow-exporter-network` network. - -```console -docker run --name airflow-exporter-node1 --network airflow-exporter-network bitnami/airflow-exporter:latest -``` - -#### Step 3: Run another containers - -We can launch another containers using the same flag (`--network NETWORK`) in the `docker run` command. If you also set a name to your container, you will be able to use it as hostname in your network. - -## Configuration - -Find all the configuration options in the [Airflow Prometheus Exporter documentation](https://github.com/PBWebMedia/airflow-prometheus-exporter#run). - -### Environment variables - -#### Customizable environment variables - -| Name | Description | Default Value | -|--------------------------------------|------------------------------------------|----------------------------------------| -| `AIRFLOW_EXPORTER_BASE_DIR` | airflow-exporter installation directory. | `${BITNAMI_ROOT_DIR}/airflow-exporter` | -| `AIRFLOW_EXPORTER_DATABASE_BACKEND` | The database backend | `postgres` | -| `AIRFLOW_EXPORTER_DATABASE_HOST` | The hostname of the database | `127.0.0.1` | -| `AIRFLOW_EXPORTER_DATABASE_PORT` | The port of the database | `5432` | -| `AIRFLOW_EXPORTER_DATABASE_USER` | The user of the database | `bn_airflow` | -| `AIRFLOW_EXPORTER_DATABASE_PASSWORD` | The password of the database | `nil` | -| `AIRFLOW_EXPORTER_DATABASE_NAME` | The name of the database | `bitnami_airflow` | - -#### Read-only environment variables - -| Name | Description | Value | -|---------------------------------|----------------------------------------------------|------------------------------------| -| `AIRFLOW_EXPORTER_BIN_DIR` | airflow-exporter directory for binary executables. | `${AIRFLOW_EXPORTER_BASE_DIR}/bin` | -| `AIRFLOW_EXPORTER_DAEMON_USER` | airflow-exporter system user. | `airflow` | -| `AIRFLOW_EXPORTER_DAEMON_GROUP` | airflow-exporter system group. | `airflow` | - -## Logging - -The Bitnami Airflow Exporter Docker image sends the container logs to `stdout`. To view the logs: - -```console -docker logs airflow-exporter -``` - -You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver. - -## Maintenance - -### Upgrade this image - -Bitnami provides up-to-date versions of Airflow Exporter, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container. - -#### Step 1: Get the updated image - -```console -docker pull bitnami/airflow-exporter:latest -``` - -#### Step 2: Stop the running container - -Stop the currently running container using the command - -```console -docker stop airflow-exporter -``` - -#### Step 3: Remove the currently running container - -```console -docker rm -v airflow-exporter -``` - -#### Step 4: Run the new image - -Re-create your container from the new image. - -```console -docker run --name airflow-exporter bitnami/airflow-exporter:latest -``` - -## Notable Changes - -### Starting January 16, 2024 - -* The `docker-compose.yaml` file has been removed, as it was solely intended for internal testing purposes. - -## Contributing - -We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. - -## Issues - -If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/bitnami/airflow-scheduler/2/debian-12/Dockerfile b/bitnami/airflow-scheduler/2/debian-12/Dockerfile deleted file mode 100644 index f4fefb7d6a69e..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/Dockerfile +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T23:00:38Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/airflow-scheduler/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.9.1-debian-12-r5" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/airflow-scheduler" \ - org.opencontainers.image.title="airflow-scheduler" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.9.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl krb5-user libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libedit2 libffi8 libgcc-s1 libgmp10 libgnutls30 libgss-dev libgssapi-krb5-2 libhogweed6 libicu72 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5-dev libkrb5support0 libldap-2.5-0 liblz4-1 liblzma5 libmariadb3 libmd0 libncursesw6 libnettle8 libnsl2 libp11-kit0 libreadline8 libsasl2-2 libsasl2-modules libsqlite3-0 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtinfo6 libtirpc3 libudev1 libunistring2 libuuid1 libxml2 libxslt1.1 locales netbase procps tzdata zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "python-3.11.9-9-linux-${OS_ARCH}-debian-12" \ - "postgresql-client-16.3.0-2-linux-${OS_ARCH}-debian-12" \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "airflow-scheduler-2.9.1-3-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8 -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales -RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen -RUN mkdir /.local && chmod g+rwX /.local - -COPY rootfs / -RUN /opt/bitnami/scripts/airflow-scheduler/postunpack.sh -RUN /opt/bitnami/scripts/locales/add-extra-locales.sh -ENV AIRFLOW_HOME="/opt/bitnami/airflow" \ - APP_VERSION="2.9.1" \ - BITNAMI_APP_NAME="airflow-scheduler" \ - LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - LD_LIBRARY_PATH="/opt/bitnami/airflow/venv/lib/python3.8/site-packages/numpy.libs:/opt/bitnami/python/lib:$LD_LIBRARY_PATH" \ - LIBNSS_WRAPPER_PATH="/opt/bitnami/common/lib/libnss_wrapper.so" \ - LNAME="airflow" \ - NSS_WRAPPER_GROUP="/opt/bitnami/airflow/nss-wrapper/nss_group" \ - NSS_WRAPPER_PASSWD="/opt/bitnami/airflow/nss-wrapper/nss_passwd" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/python/bin:/opt/bitnami/postgresql/bin:/opt/bitnami/airflow/venv/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/airflow-scheduler/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/airflow-scheduler/run.sh" ] diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index e69a5a7d74feb..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "airflow-scheduler": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.9.1-3" - }, - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "postgresql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "16.3.0-2" - }, - "python": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.11.9-9" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-13" - } -} \ No newline at end of file diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler-env.sh b/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler-env.sh deleted file mode 100644 index ae28f808c55ab..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler-env.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for airflow-scheduler - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-airflow-scheduler}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -airflow_scheduler_env_vars=( - AIRFLOW_EXECUTOR - AIRFLOW_FORCE_OVERWRITE_CONF_FILE - AIRFLOW_RAW_FERNET_KEY - AIRFLOW_FERNET_KEY - AIRFLOW_SECRET_KEY - AIRFLOW_WEBSERVER_HOST - AIRFLOW_WEBSERVER_PORT_NUMBER - AIRFLOW_LOAD_EXAMPLES - AIRFLOW_HOSTNAME_CALLABLE - AIRFLOW_DATABASE_HOST - AIRFLOW_DATABASE_PORT_NUMBER - AIRFLOW_DATABASE_NAME - AIRFLOW_DATABASE_USERNAME - AIRFLOW_DATABASE_PASSWORD - AIRFLOW_DATABASE_USE_SSL - AIRFLOW_REDIS_USE_SSL - REDIS_HOST - REDIS_PORT_NUMBER - REDIS_USER - REDIS_PASSWORD - REDIS_DATABASE -) -for env_var in "${airflow_scheduler_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset airflow_scheduler_env_vars - -# Airflow paths -export AIRFLOW_BASE_DIR="${BITNAMI_ROOT_DIR}/airflow" -export AIRFLOW_HOME="${AIRFLOW_BASE_DIR}" -export AIRFLOW_BIN_DIR="${AIRFLOW_BASE_DIR}/venv/bin" -export AIRFLOW_LOGS_DIR="${AIRFLOW_BASE_DIR}/logs" -export AIRFLOW_SCHEDULER_LOGS_DIR="${AIRFLOW_LOGS_DIR}/scheduler" -export AIRFLOW_LOG_FILE="${AIRFLOW_LOGS_DIR}/airflow-scheduler.log" -export AIRFLOW_CONF_FILE="${AIRFLOW_BASE_DIR}/airflow.cfg" -export AIRFLOW_TMP_DIR="${AIRFLOW_BASE_DIR}/tmp" -export AIRFLOW_PID_FILE="${AIRFLOW_TMP_DIR}/airflow-scheduler.pid" -export AIRFLOW_DAGS_DIR="${AIRFLOW_BASE_DIR}/dags" -export PATH="${AIRFLOW_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" - -# System users (when running with a privileged user) -export AIRFLOW_DAEMON_USER="airflow" -export AIRFLOW_DAEMON_GROUP="airflow" - -# Airflow configuration -export AIRFLOW_EXECUTOR="${AIRFLOW_EXECUTOR:-SequentialExecutor}" -export AIRFLOW_FORCE_OVERWRITE_CONF_FILE="${AIRFLOW_FORCE_OVERWRITE_CONF_FILE:-no}" -export AIRFLOW_RAW_FERNET_KEY="${AIRFLOW_RAW_FERNET_KEY:-}" -export AIRFLOW_FERNET_KEY="${AIRFLOW_FERNET_KEY:-}" -export AIRFLOW_SECRET_KEY="${AIRFLOW_SECRET_KEY:-}" -export AIRFLOW_WEBSERVER_HOST="${AIRFLOW_WEBSERVER_HOST:-127.0.0.1}" -export AIRFLOW_WEBSERVER_PORT_NUMBER="${AIRFLOW_WEBSERVER_PORT_NUMBER:-8080}" -export AIRFLOW_LOAD_EXAMPLES="${AIRFLOW_LOAD_EXAMPLES:-yes}" -export AIRFLOW_HOSTNAME_CALLABLE="${AIRFLOW_HOSTNAME_CALLABLE:-}" - -# Airflow database configuration -export AIRFLOW_DATABASE_HOST="${AIRFLOW_DATABASE_HOST:-postgresql}" -export AIRFLOW_DATABASE_PORT_NUMBER="${AIRFLOW_DATABASE_PORT_NUMBER:-5432}" -export AIRFLOW_DATABASE_NAME="${AIRFLOW_DATABASE_NAME:-bitnami_airflow}" -export AIRFLOW_DATABASE_USERNAME="${AIRFLOW_DATABASE_USERNAME:-bn_airflow}" -export AIRFLOW_DATABASE_PASSWORD="${AIRFLOW_DATABASE_PASSWORD:-}" -export AIRFLOW_DATABASE_USE_SSL="${AIRFLOW_DATABASE_USE_SSL:-no}" -export AIRFLOW_REDIS_USE_SSL="${AIRFLOW_REDIS_USE_SSL:-no}" -export REDIS_HOST="${REDIS_HOST:-redis}" -export REDIS_PORT_NUMBER="${REDIS_PORT_NUMBER:-6379}" -export REDIS_USER="${REDIS_USER:-}" -export REDIS_PASSWORD="${REDIS_PASSWORD:-}" -export REDIS_DATABASE="${REDIS_DATABASE:-1}" - -# Custom environment variables may be defined below diff --git a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/entrypoint.sh b/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/entrypoint.sh deleted file mode 100755 index 92819aa8b4611..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/entrypoint.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Airflow environment variables -. /opt/bitnami/scripts/airflow-scheduler-env.sh - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libairflowscheduler.sh - -print_welcome_page - -if ! am_i_root && [[ -e "$LIBNSS_WRAPPER_PATH" ]]; then - info "Enabling non-root system user with nss_wrapper" - echo "airflow:x:$(id -u):$(id -g):Airflow:$AIRFLOW_HOME:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "airflow:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - - export LD_PRELOAD="$LIBNSS_WRAPPER_PATH" - export HOME="$AIRFLOW_HOME" -fi - -# Install custom python package if requirements.txt is present -if [[ -f "/bitnami/python/requirements.txt" ]]; then - . /opt/bitnami/airflow/venv/bin/activate - pip install -r /bitnami/python/requirements.txt - deactivate -fi - -if [[ "$*" = *"/opt/bitnami/scripts/airflow-scheduler/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Airflow setup **" - /opt/bitnami/scripts/airflow-scheduler/setup.sh - info "** Airflow setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/postunpack.sh b/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/postunpack.sh deleted file mode 100755 index b79c2a829b5c6..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/postunpack.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Airflow environment variables -. /opt/bitnami/scripts/airflow-scheduler-env.sh - -# Load libraries -. /opt/bitnami/scripts/libairflowscheduler.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh - -ensure_dir_exists "$AIRFLOW_BASE_DIR" -# Ensure the needed directories exist with write permissions -for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR" "$AIRFLOW_DAGS_DIR" "${AIRFLOW_BASE_DIR}/nss-wrapper"; do - ensure_dir_exists "$dir" - configure_permissions_ownership "$dir" -d "775" -f "664" -g "root" -done - -chmod -R g+rwX "$AIRFLOW_BASE_DIR" diff --git a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/run.sh b/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/run.sh deleted file mode 100755 index 7e535897a61b6..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/run.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Airflow environment variables -. /opt/bitnami/scripts/airflow-scheduler-env.sh - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libairflowscheduler.sh - -args=("--pid" "$AIRFLOW_PID_FILE" "$@") - -info "** Starting Airflow **" -if am_i_root; then - exec_as_user "$AIRFLOW_DAEMON_USER" "${AIRFLOW_BIN_DIR}/airflow" "scheduler" "${args[@]}" -else - exec "${AIRFLOW_BIN_DIR}/airflow" "scheduler" "${args[@]}" -fi diff --git a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/setup.sh b/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/setup.sh deleted file mode 100755 index 19adf9cc8a135..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/airflow-scheduler/setup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Airflow environment variables -. /opt/bitnami/scripts/airflow-scheduler-env.sh - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libairflowscheduler.sh - - -# Ensure Airflow environment variables settings are valid -airflow_scheduler_validate -# Ensure Airflow daemon user exists when running as root -am_i_root && ensure_user_exists "$AIRFLOW_DAEMON_USER" --group "$AIRFLOW_DAEMON_GROUP" -# Ensure Airflow is initialized -airflow_scheduler_initialize diff --git a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh b/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh deleted file mode 100644 index 7a91931beccc0..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh +++ /dev/null @@ -1,552 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# Bitnami Airflow library - -# shellcheck disable=SC1091,SC2153 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libpersistence.sh - -# Load database library -if [[ -f /opt/bitnami/scripts/libpostgresqlclient.sh ]]; then - . /opt/bitnami/scripts/libpostgresqlclient.sh -elif [[ -f /opt/bitnami/scripts/libpostgresql.sh ]]; then - . /opt/bitnami/scripts/libpostgresql.sh -fi - -# Functions - -######################## -# Validate Airflow inputs -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -airflow_validate() { - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - - # Check postgresql host - [[ -z "$AIRFLOW_DATABASE_HOST" ]] && print_validation_error "Missing AIRFLOW_DATABASE_HOST" - - # Check LDAP parameters - if is_boolean_yes "$AIRFLOW_LDAP_ENABLE"; then - [[ -z "$AIRFLOW_LDAP_URI" ]] && print_validation_error "Missing AIRFLOW_LDAP_URI" - [[ -z "$AIRFLOW_LDAP_SEARCH" ]] && print_validation_error "Missing AIRFLOW_LDAP_SEARCH" - [[ -z "$AIRFLOW_LDAP_UID_FIELD" ]] && print_validation_error "Missing AIRFLOW_LDAP_UID_FIELD" - [[ -z "$AIRFLOW_LDAP_BIND_USER" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_USER" - [[ -z "$AIRFLOW_LDAP_BIND_PASSWORD" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_PASSWORD" - [[ -z "$AIRFLOW_LDAP_ROLES_MAPPING" ]] && print_validation_error "Missing AIRFLOW_LDAP_ROLES_MAPPING" - [[ -z "$AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" ]] && print_validation_error "Missing AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" - [[ -z "$AIRFLOW_LDAP_USER_REGISTRATION" ]] && print_validation_error "Missing AIRFLOW_LDAP_USER_REGISTRATION" - [[ -z "$AIRFLOW_LDAP_USER_REGISTRATION_ROLE" ]] && print_validation_error "Missing AIRFLOW_LDAP_USER_REGISTRATION_ROLE" - - # Chack boolean env vars contain valid values - for var in "AIRFLOW_LDAP_USER_REGISTRATION" "AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" "AIRFLOW_LDAP_USE_TLS"; do - check_multi_value "$var" "True False" - done - - if [[ "$AIRFLOW_LDAP_USE_TLS" == "True" ]]; then - [[ -z "$AIRFLOW_LDAP_ALLOW_SELF_SIGNED" ]] && print_validation_error "Missing AIRFLOW_LDAP_ALLOW_SELF_SIGNED" - [[ -z "$AIRFLOW_LDAP_TLS_CA_CERTIFICATE" ]] && print_validation_error "Missing AIRFLOW_LDAP_TLS_CA_CERTIFICATE" - fi - - fi - - # Check pool parameters - if [[ -n "$AIRFLOW_POOL_NAME" ]]; then - [[ -z "$AIRFLOW_POOL_DESC" ]] && print_validation_error "Provided AIRFLOW_POOL_NAME but missing AIRFLOW_POOL_DESC" - [[ -z "$AIRFLOW_POOL_SIZE" ]] && print_validation_error "Provided AIRFLOW_POOL_NAME but missing AIRFLOW_POOL_SIZE" - fi - - # Check cryptography parameters - if [[ -n "$AIRFLOW_RAW_FERNET_KEY" && -z "$AIRFLOW_FERNET_KEY" ]]; then - local fernet_char_count - fernet_char_count="$(echo -n "$AIRFLOW_RAW_FERNET_KEY")" - if [[ "$fernet_char_count" -lt 32 ]]; then - print_validation_error "AIRFLOW_RAW_FERNET_KEY must have at least 32 characters" - elif [[ "$fernet_char_count" -gt 32 ]]; then - warn "AIRFLOW_RAW_FERNET_KEY has more than 32 characters, the rest will be ignored" - fi - AIRFLOW_FERNET_KEY="$(echo -n "${AIRFLOW_RAW_FERNET_KEY:0:32}" | base64)" - fi - - return "$error_code" -} - -######################## -# Ensure Airflow is initialized -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_initialize() { - info "Initializing Airflow ..." - - # Change permissions if running as root - for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR" "$AIRFLOW_DAGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown "$AIRFLOW_DAEMON_USER:$AIRFLOW_DAEMON_GROUP" "$dir" - done - - # The configuration file is not persisted. If it is not provided, generate it based on env vars - if [[ ! -f "$AIRFLOW_CONF_FILE" ]] || is_boolean_yes "$AIRFLOW_FORCE_OVERWRITE_CONF_FILE"; then - info "No injected configuration file found. Creating default config file" - airflow_generate_config - else - info "Configuration file found, loading configuration" - fi - - info "Trying to connect to the database server" - airflow_wait_for_postgresql_connection - # Check if the Airflow database has been already initialized - if ! airflow_execute db check-migrations; then - # Delete pid file - rm -f "$AIRFLOW_PID_FILE" - - # Initialize database - info "Populating database" - airflow_execute db init - - airflow_create_admin_user - airflow_create_pool - else - # Upgrade database - info "Upgrading database schema" - airflow_execute db upgrade - true # Avoid return false when I am not root - fi -} - -######################## -# Executes the 'airflow' CLI with the specified arguments and print result to stdout/stderr -# Globals: -# AIRFLOW_* -# Arguments: -# $1..$n - Arguments to pass to the CLI call -# Returns: -# None -######################### -airflow_execute_print_output() { - # Run as web server user to avoid having to change permissions/ownership afterwards - if am_i_root; then - run_as_user "$AIRFLOW_DAEMON_USER" airflow "$@" - else - airflow "$@" - fi -} - -######################## -# Executes the 'airflow' CLI with the specified arguments -# Globals: -# AIRFLOW_* -# Arguments: -# $1..$n - Arguments to pass to the CLI call -# Returns: -# None -######################### -airflow_execute() { - debug_execute airflow_execute_print_output "$@" -} - -######################## -# Generate Airflow conf file -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_generate_config() { - # Create Airflow confirguration from default files - [[ ! -f "$AIRFLOW_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_airflow.cfg)" "$AIRFLOW_CONF_FILE" - [[ -n "$AIRFLOW_WEBSERVER_CONF_FILE" ]] && [[ ! -f "$AIRFLOW_WEBSERVER_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_webserver_config.py)" "$AIRFLOW_WEBSERVER_CONF_FILE" - - # Setup Airflow base URL - airflow_configure_base_url - # Configure Airflow Hostname - [[ -n "$AIRFLOW_HOSTNAME_CALLABLE" ]] && airflow_conf_set "core" "hostname_callable" "$AIRFLOW_HOSTNAME_CALLABLE" - # Configure Airflow webserver authentication - airflow_configure_webserver_authentication - # Configure Airflow to load examples - if is_boolean_yes "$AIRFLOW_LOAD_EXAMPLES"; then - airflow_conf_set "core" "load_examples" "True" - else - airflow_conf_set "core" "load_examples" "False" - fi - # Configure Airflow database - airflow_configure_database - - # Configure the Webserver port - airflow_conf_set "webserver" "web_server_port" "$AIRFLOW_WEBSERVER_PORT_NUMBER" - - # Setup the secret keys for database connection and flask application (fernet key and secret key) - # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#fernet-key - # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key - [[ -n "$AIRFLOW_FERNET_KEY" ]] && airflow_conf_set "core" "fernet_key" "$AIRFLOW_FERNET_KEY" - [[ -n "$AIRFLOW_SECRET_KEY" ]] && airflow_conf_set "webserver" "secret_key" "$AIRFLOW_SECRET_KEY" - - # Configure Airflow executor - airflow_conf_set "core" "executor" "$AIRFLOW_EXECUTOR" - [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]] && airflow_configure_celery_executor - true # Avoid the function to fail due to the check above -} - -######################## -# Set property on the Airflow configuration file -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_conf_set() { - local -r section="${1:?section is required}" - local -r key="${2:?key is required}" - local -r value="${3:?value is required}" - local -r file="${4:-${AIRFLOW_CONF_FILE}}" - - ini-file set "--section=$section" "--key=$key" "--value=$value" -- "$file" -} - -######################## -# Configure Airflow base url -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_configure_base_url() { - if [[ -z "$AIRFLOW_BASE_URL" ]]; then - airflow_conf_set "webserver" "base_url" "http://${AIRFLOW_WEBSERVER_HOST}:${AIRFLOW_WEBSERVER_PORT_NUMBER}" - else - airflow_conf_set "webserver" "base_url" "$AIRFLOW_BASE_URL" - fi -} - -######################## -# Configure Airflow webserver authentication -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_configure_webserver_authentication() { - info "Configuring Airflow webserver authentication" - airflow_conf_set "webserver" "rbac" "true" - - if is_boolean_yes "$AIRFLOW_LDAP_ENABLE"; then - info "Enabling LDAP authentication" - # Based on PR https://github.com/apache/airflow/pull/16647 - replace_in_file "$AIRFLOW_WEBSERVER_CONF_FILE" "# from airflow.www.fab_security.manager import AUTH_LDAP" "from airflow.www.fab_security.manager import AUTH_LDAP" - replace_in_file "$AIRFLOW_WEBSERVER_CONF_FILE" "from airflow.www.fab_security.manager import AUTH_DB" "# from airflow.www.fab_security.manager import AUTH_DB" - - # webserver config - airflow_webserver_conf_set "AUTH_TYPE" "AUTH_LDAP" - airflow_webserver_conf_set "AUTH_LDAP_SERVER" "$AIRFLOW_LDAP_URI" "yes" - - # searches - airflow_webserver_conf_set "AUTH_LDAP_SEARCH" "$AIRFLOW_LDAP_SEARCH" "yes" - airflow_webserver_conf_set "AUTH_LDAP_UID_FIELD" "$AIRFLOW_LDAP_UID_FIELD" "yes" - - # Special account for searches - airflow_webserver_conf_set "AUTH_LDAP_BIND_USER" "$AIRFLOW_LDAP_BIND_USER" "yes" - airflow_webserver_conf_set "AUTH_LDAP_BIND_PASSWORD" "$AIRFLOW_LDAP_BIND_PASSWORD" "yes" - - # User self registration - airflow_webserver_conf_set "AUTH_USER_REGISTRATION" "$AIRFLOW_LDAP_USER_REGISTRATION" - airflow_webserver_conf_set "AUTH_USER_REGISTRATION_ROLE" "$AIRFLOW_LDAP_USER_REGISTRATION_ROLE" "yes" - - # Mapping from LDAP DN to list of FAB roles - airflow_webserver_conf_set "AUTH_ROLES_MAPPING" "$AIRFLOW_LDAP_ROLES_MAPPING" - - # Replace user's roles at login - airflow_webserver_conf_set "AUTH_ROLES_SYNC_AT_LOGIN" "$AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" - - # Allowing/Denying of self signed certs for StartTLS OR SSL ldaps:// connections - airflow_webserver_conf_set "AUTH_LDAP_ALLOW_SELF_SIGNED" "$AIRFLOW_LDAP_ALLOW_SELF_SIGNED" - - # If StartTLS supply cert - if [[ "$AIRFLOW_LDAP_USE_TLS" == "True" ]]; then - airflow_webserver_conf_set "AUTH_LDAP_TLS_CACERTFILE" "$AIRFLOW_LDAP_TLS_CA_CERTIFICATE" "yes" - fi - fi -} - -######################## -# Set properties in Airflow's webserver_config.py -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_webserver_conf_set() { - local -r key="${1:?missing key}" - local -r value="${2:?missing key}" - local -r is_literal="${3:-no}" - shift 2 - - local -r file="$AIRFLOW_WEBSERVER_CONF_FILE" - # Check if the value was set before - if grep -q "^#*\\s*${key} =.*$" "$file"; then - local entry - is_boolean_yes "$is_literal" && entry="${key} = '${value}'" || entry="${key} = ${value}" - # Update the existing key - replace_in_file "$file" "^#*\\s*${key} =.*$" "$entry" false - else - # Add a new key - local new_value="$value" - is_boolean_yes "$is_literal" && new_value="'${value}'" - printf '\n%s = %s' "$key" "$new_value" >>"$file" - fi -} - -######################## -# Configure Airflow database -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_configure_database() { - local -r user=$(airflow_encode_url "$AIRFLOW_DATABASE_USERNAME") - local -r password=$(airflow_encode_url "$AIRFLOW_DATABASE_PASSWORD") - local extra_options - is_boolean_yes "$AIRFLOW_DATABASE_USE_SSL" && extra_options="?sslmode=require" - - info "Configuring Airflow database" - airflow_conf_set "database" "sql_alchemy_conn" "postgresql+psycopg2://${user}:${password}@${AIRFLOW_DATABASE_HOST}:${AIRFLOW_DATABASE_PORT_NUMBER}/${AIRFLOW_DATABASE_NAME}${extra_options:-}" -} - -######################## -# Return URL encoded string in the airflow conf format -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_encode_url() { - local -r url="${1?Missing url}" - - urlencode() { - old_lc_collate="${LC_COLLATE:-}" - LC_COLLATE=C - - local length="${#1}" - for ((i = 0; i < length; i++)); do - local c="${1:$i:1}" - case $c in - [a-zA-Z0-9.~_-]) printf '%s' "$c" ;; - *) printf '%%%02X' "'$c" ;; - esac - done - - LC_COLLATE="$old_lc_collate" - } - - local -r url_encoded=$(urlencode "$url") - # Replace % by %% - echo "${url_encoded//\%/\%\%}" -} - -######################## -# Configure Airflow celery executor -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_configure_celery_executor() { - info "Configuring Celery Executor" - - # Configure celery Redis url - local -r redis_user=$(airflow_encode_url "$REDIS_USER") - local -r redis_password=$(airflow_encode_url "$REDIS_PASSWORD") - airflow_conf_set "celery" "broker_url" "redis://${redis_user}:${redis_password}@${REDIS_HOST}:${REDIS_PORT_NUMBER}/${REDIS_DATABASE}" - is_boolean_yes "$AIRFLOW_REDIS_USE_SSL" && airflow_conf_set "celery" "broker_url" "rediss://${redis_user}:${redis_password}@${REDIS_HOST}:${REDIS_PORT_NUMBER}/${REDIS_DATABASE}" - is_boolean_yes "$AIRFLOW_REDIS_USE_SSL" && airflow_conf_set "celery" "redis_backend_use_ssl" "true" - - # Configure celery backend - local -r database_user=$(airflow_encode_url "$AIRFLOW_DATABASE_USERNAME") - local -r database_password=$(airflow_encode_url "$AIRFLOW_DATABASE_PASSWORD") - local database_extra_options - is_boolean_yes "$AIRFLOW_DATABASE_USE_SSL" && database_extra_options="?sslmode=require" - airflow_conf_set "celery" "result_backend" "db+postgresql://${database_user}:${database_password}@${AIRFLOW_DATABASE_HOST}:${AIRFLOW_DATABASE_PORT_NUMBER}/${AIRFLOW_DATABASE_NAME}${database_extra_options:-}" -} - -######################## -# Wait until the database is accessible -# Globals: -# None -# Arguments: -# None -# Returns: -# true if the database connection succeeded, false otherwise -######################### -airflow_wait_for_postgresql_connection() { - if ! retry_while "airflow_execute db check"; then - error "Could not connect to the database" - return 1 - fi -} - -######################## -# Airflow create admin user -# Arguments: -# None -# Returns: -# None -######################### -airflow_create_admin_user() { - info "Creating Airflow admin user" - airflow_execute users create -r "Admin" -u "$AIRFLOW_USERNAME" -e "$AIRFLOW_EMAIL" -p "$AIRFLOW_PASSWORD" -f "$AIRFLOW_FIRSTNAME" -l "$AIRFLOW_LASTNAME" -} - -######################## -# Airflow create pool -# Arguments: -# None -# Returns: -# None -######################### -airflow_create_pool() { - if [[ -n "$AIRFLOW_POOL_NAME" ]] && [[ -n "$AIRFLOW_POOL_SIZE" ]] && [[ -n "$AIRFLOW_POOL_DESC" ]]; then - info "Creating Airflow pool" - airflow_execute pool -s "$AIRFLOW_POOL_NAME" "$AIRFLOW_POOL_SIZE" "$AIRFLOW_POOL_DESC" - fi -} - -######################## -# Check if Airflow is running -# Globals: -# AIRFLOW_PID_FILE -# Arguments: -# None -# Returns: -# Whether Airflow is running -######################## -is_airflow_running() { - local pid - pid="$(get_pid_from_file "$AIRFLOW_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Airflow is not running -# Globals: -# AIRFLOW_PID_FILE -# Arguments: -# None -# Returns: -# Whether Airflow is not running -######################## -is_airflow_not_running() { - ! is_airflow_running -} - -######################## -# Stop Airflow -# Globals: -# AIRFLOW* -# Arguments: -# None -# Returns: -# None -######################### -airflow_stop() { - info "Stopping Airflow..." - stop_service_using_pid "$AIRFLOW_PID_FILE" -} - -######################## -# Check if airflow-exporter is running -# Globals: -# AIRFLOW_EXPORTER_PID_FILE -# Arguments: -# None -# Returns: -# Whether airflow-exporter is running -######################## -is_airflow_exporter_running() { - # airflow-exporter does not create any PID file - # We regenerate the PID file for each time we query it to avoid getting outdated - pgrep -f "airflow-prometheus-exporter" | head -n 1 > "$AIRFLOW_EXPORTER_PID_FILE" - - local pid - pid="$(get_pid_from_file "$AIRFLOW_EXPORTER_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if airflow-exporter is not running -# Globals: -# AIRFLOW_EXPORTER_PID_FILE -# Arguments: -# None -# Returns: -# Whether airflow-exporter is not running -######################## -is_airflow_exporter_not_running() { - ! is_airflow_exporter_running -} - -######################## -# Stop airflow-exporter -# Globals: -# AIRFLOW* -# Arguments: -# None -# Returns: -# None -######################### -airflow_exporter_stop() { - info "Stopping airflow-exporter..." - stop_service_using_pid "$AIRFLOW_EXPORTER_PID_FILE" -} diff --git a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libairflowscheduler.sh b/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libairflowscheduler.sh deleted file mode 100644 index 912dc847f1b47..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libairflowscheduler.sh +++ /dev/null @@ -1,155 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# Bitnami Airflow library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libpersistence.sh - -# Load airflow library -. /opt/bitnami/scripts/libairflow.sh - -######################## -# Validate Airflow Scheduler inputs -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_scheduler_validate() { - # Check webserver host - [[ -z "$AIRFLOW_WEBSERVER_HOST" ]] && print_validation_error "Missing AIRFLOW_WEBSERVER_HOST" - [[ -z "$AIRFLOW_WEBSERVER_PORT_NUMBER" ]] && print_validation_error "Missing AIRFLOW_WEBSERVER_PORT_NUMBER" - # Check postgresql host - [[ -z "$AIRFLOW_DATABASE_HOST" ]] && print_validation_error "Missing AIRFLOW_DATABASE_HOST" - - # Check cryptography parameters - if [[ -n "$AIRFLOW_RAW_FERNET_KEY" && -z "$AIRFLOW_FERNET_KEY" ]]; then - local fernet_char_count - fernet_char_count="$(echo -n "$AIRFLOW_RAW_FERNET_KEY")" - if [[ "$fernet_char_count" -lt 32 ]]; then - print_validation_error "AIRFLOW_RAW_FERNET_KEY must have at least 32 characters" - elif [[ "$fernet_char_count" -gt 32 ]]; then - warn "AIRFLOW_RAW_FERNET_KEY has more than 32 characters, the rest will be ignored" - fi - AIRFLOW_FERNET_KEY="$(echo -n "${AIRFLOW_RAW_FERNET_KEY:0:32}" | base64)" - fi - - # Avoid to fail because of the above check - true -} - -######################## -# Ensure Airflow Scheduler is initialized -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_scheduler_initialize() { - # Change permissions if running as root - for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR" "$AIRFLOW_SCHEDULER_LOGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown "$AIRFLOW_DAEMON_USER:$AIRFLOW_DAEMON_GROUP" "$dir" - done - - # The configuration file is not persisted. If it is not provided, generate it based on env vars - if [[ ! -f "$AIRFLOW_CONF_FILE" ]] || is_boolean_yes "$AIRFLOW_FORCE_OVERWRITE_CONF_FILE"; then - info "No injected configuration file found. Creating default config file" - airflow_scheduler_generate_config - else - info "Configuration file found, loading configuration" - fi - - info "Trying to connect to the database server" - airflow_wait_for_postgresql_connection - # Change the permissions after restoring the persisted data in case we are root - for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown "$AIRFLOW_DAEMON_USER:$AIRFLOW_DAEMON_GROUP" "$dir" - done - - # Wait for airflow webserver to be available - info "Waiting for Airflow Webserver to be up" - airflow_scheduler_wait_for_webserver "$AIRFLOW_WEBSERVER_HOST" "$AIRFLOW_WEBSERVER_PORT_NUMBER" - if [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]]; then - wait-for-port --host "$REDIS_HOST" "$REDIS_PORT_NUMBER" - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Generate Airflow Scheduler conf file -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_scheduler_generate_config() { - # Generate Airflow default files - debug_execute airflow version - - # Configure Airflow Hostname - [[ -n "$AIRFLOW_HOSTNAME_CALLABLE" ]] && airflow_conf_set "core" "hostname_callable" "$AIRFLOW_HOSTNAME_CALLABLE" - # Configure Airflow to load examples - if is_boolean_yes "$AIRFLOW_LOAD_EXAMPLES"; then - airflow_conf_set "core" "load_examples" "True" - else - airflow_conf_set "core" "load_examples" "False" - fi - - # Configure Airflow database - airflow_configure_database - - # Configure the Webserver port - airflow_conf_set "webserver" "web_server_port" "$AIRFLOW_WEBSERVER_PORT_NUMBER" - - # Setup the secret keys for database connection and flask application (fernet key and secret key) - # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#fernet-key - # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key - [[ -n "$AIRFLOW_FERNET_KEY" ]] && airflow_conf_set "core" "fernet_key" "$AIRFLOW_FERNET_KEY" - [[ -n "$AIRFLOW_SECRET_KEY" ]] && airflow_conf_set "webserver" "secret_key" "$AIRFLOW_SECRET_KEY" - - # Configure Airflow executor - airflow_conf_set "core" "executor" "$AIRFLOW_EXECUTOR" - [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]] && airflow_configure_celery_executor - true # Avoid the function to fail due to the check above -} - -######################## -# Wait Ariflow webserver -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_scheduler_wait_for_webserver() { - local -r webserver_host="${1:?missing database host}" - local -r webserver_port="${2:?missing database port}" - check_webserver_connection() { - wait-for-port --host "$webserver_host" "$webserver_port" - } - if ! retry_while "check_webserver_connection"; then - error "Could not connect to the Airflow webserver" - return 1 - fi -} diff --git a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh b/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh deleted file mode 100644 index 3c8c53037a6af..0000000000000 --- a/bitnami/airflow-scheduler/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh +++ /dev/null @@ -1,424 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami PostgreSQL Client library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Validate settings in POSTGRESQL_CLIENT_* environment variables -# Globals: -# POSTGRESQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -postgresql_client_validate() { - info "Validating settings in POSTGRESQL_CLIENT_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - - # Only validate environment variables if any action needs to be performed - local -a database_names - read -r -a database_names <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES")" - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" || "${#database_names[@]}" -gt 0 ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" ]]; then - empty_password_error "POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - fi - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]] && [[ -z "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then - empty_password_error "POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - fi - # When enabling extensions, the DB name must be provided - local -a extensions - read -r -a extensions <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS")" - if [[ "${#database_names[@]}" -le 0 && "${#extensions[@]}" -gt 0 ]]; then - print_validation_error "POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS requires POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES to be set." - fi - return "$error_code" -} - -######################## -# Perform actions to a database -# Globals: -# POSTGRESQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -postgresql_client_initialize() { - local -a database_names - read -r -a database_names <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES")" - # Wait for the database to be accessible if any action needs to be performed - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" || "${#database_names[@]}" -gt 0 ]]; then - info "Trying to connect to the database server" - check_postgresql_connection() { - echo "SELECT 1" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "postgres" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - } - if ! retry_while "check_postgresql_connection"; then - error "Could not connect to the database server" - return 1 - fi - fi - # Ensure a database user exists in the server - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]]; then - info "Creating database user ${POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME}" - local -a args=("$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" "--host" "$POSTGRESQL_CLIENT_DATABASE_HOST" "--port" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD") - postgresql_ensure_user_exists "${args[@]}" - fi - # Ensure a database exists in the server (and that the user has write privileges, if specified) - if [[ "${#database_names[@]}" -gt 0 ]]; then - local -a createdb_args extensions - read -r -a extensions <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS")" - for database_name in "${database_names[@]}"; do - info "Creating database ${database_name}" - createdb_args=("$database_name" "--host" "$POSTGRESQL_CLIENT_DATABASE_HOST" "--port" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]] && createdb_args+=("-u" "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME") - postgresql_ensure_database_exists "${createdb_args[@]}" - # Ensure the list of extensions are enabled in the specified database - if [[ "${#extensions[@]}" -gt 0 ]]; then - for extension_to_create in "${extensions[@]}"; do - echo "CREATE EXTENSION IF NOT EXISTS ${extension_to_create}" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "$database_name" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - done - fi - done - fi - # Execute a custom SQL script - if [[ -n "$POSTGRESQL_CLIENT_EXECUTE_SQL" ]]; then - info "Executing custom SQL script" - echo "$POSTGRESQL_CLIENT_EXECUTE_SQL" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "postgres" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - fi - # Avoid exit code of previous commands to affect the result of this function - true -} - -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC2148 - -######################## -# Return PostgreSQL major version -# Globals: -# POSTGRESQL_* -# Arguments: -# None -# Returns: -# String -######################### -postgresql_get_major_version() { - psql --version | grep -oE "[0-9]+\.[0-9]+" | grep -oE "^[0-9]+" -} - -######################## -# Gets an environment variable name based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var_value() { - local env_var_suffix="${1:?missing suffix}" - local env_var_name - for env_var_prefix in POSTGRESQL POSTGRESQL_CLIENT; do - env_var_name="${env_var_prefix}_${env_var_suffix}" - if [[ -n "${!env_var_name:-}" ]]; then - echo "${!env_var_name}" - break - fi - done -} - -######################## -# Execute an arbitrary query/queries against the running PostgreSQL service and print the output -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# POSTGRESQL_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra options (eg. -tA) -# Returns: -# None -######################### -postgresql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-postgres}" - local -r pass="${3:-}" - local opts - read -r -a opts <<<"${@:4}" - - local args=("-U" "$user" "-p" "${POSTGRESQL_PORT_NUMBER:-5432}") - [[ -n "$db" ]] && args+=("-d" "$db") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - - # Execute the Query/queries from stdin - PGPASSWORD=$pass psql "${args[@]}" -} - -######################## -# Execute an arbitrary query/queries against the running PostgreSQL service -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# POSTGRESQL_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra options (eg. -tA) -# Returns: -# None -######################### -postgresql_execute() { - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - "postgresql_execute_print_output" "$@" - elif [[ "${NO_ERRORS:-false}" = true ]]; then - "postgresql_execute_print_output" "$@" 2>/dev/null - else - "postgresql_execute_print_output" "$@" >/dev/null 2>&1 - fi -} - -######################## -# Execute an arbitrary query/queries against a remote PostgreSQL service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Remote PostgreSQL service hostname -# $2 - Remote PostgreSQL service port -# $3 - Database where to run the queries -# $4 - User to run queries -# $5 - Password -# $6 - Extra options (eg. -tA) -# Returns: -# None -postgresql_remote_execute_print_output() { - local -r hostname="${1:?hostname is required}" - local -r port="${2:?port is required}" - local -a args=("-h" "$hostname" "-p" "$port") - shift 2 - "postgresql_execute_print_output" "$@" "${args[@]}" -} - -######################## -# Execute an arbitrary query/queries against a remote PostgreSQL service -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Remote PostgreSQL service hostname -# $2 - Remote PostgreSQL service port -# $3 - Database where to run the queries -# $4 - User to run queries -# $5 - Password -# $6 - Extra options (eg. -tA) -# Returns: -# None -postgresql_remote_execute() { - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - "postgresql_remote_execute_print_output" "$@" - elif [[ "${NO_ERRORS:-false}" = true ]]; then - "postgresql_remote_execute_print_output" "$@" 2>/dev/null - else - "postgresql_remote_execute_print_output" "$@" >/dev/null 2>&1 - fi -} - -######################## -# Optionally create the given database user -# Flags: -# -p|--password - database password -# --host - database host -# --port - database port -# Arguments: -# $1 - user -# Returns: -# None -######################### -postgresql_ensure_user_exists() { - local -r user="${1:?user is missing}" - local password="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p | --password) - shift - password="${1:?missing password}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a postgresql_execute_cmd=("postgresql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && postgresql_execute_cmd=("postgresql_remote_execute" "$db_host" "$db_port") - local -a postgresql_execute_flags=("postgres" "$(get_env_var_value POSTGRES_USER)" "$(get_env_var_value POSTGRES_PASSWORD)") - - "${postgresql_execute_cmd[@]}" "${postgresql_execute_flags[@]}" <&2 - return 1 - ;; - esac - shift - done - - local -a postgresql_execute_cmd=("postgresql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && postgresql_execute_cmd=("postgresql_remote_execute" "$db_host" "$db_port") - local -a postgresql_execute_flags=("postgres" "$(get_env_var_value POSTGRES_USER)" "$(get_env_var_value POSTGRES_PASSWORD)") - - "${postgresql_execute_cmd[@]}" "${postgresql_execute_flags[@]}" < Apache Airflow is a tool to express and execute workflows as directed acyclic graphs (DAGs). The Airflow scheduler triggers tasks and provides tools to monitor task progress. - -[Overview of Apache Airflow Scheduler](https://airflow.apache.org/) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -docker run --name airflow-scheduler bitnami/airflow-scheduler:latest -``` - -You can find the default credentials and available configuration options in the [Environment Variables](#environment-variables) section. - -## Why use Bitnami Images? - -* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. -* With Bitnami images the latest bug fixes and features are available as soon as possible. -* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. -* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. -* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. -* Bitnami container images are released on a regular basis with the latest distribution packages available. - -Looking to use Apache Airflow Scheduler in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Supported tags and respective `Dockerfile` links - -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). - -You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. - -Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). - -## Prerequisites - -To run this application you need [Docker Engine](https://www.docker.com/products/docker-engine) >= `1.10.0`. [Docker Compose](https://docs.docker.com/compose/) is recommended with a version `1.6.0` or later. - -## How to use this image - -Apache Airflow Scheduler is a component of an Airflow solution configuring with the `CeleryExecutor`. Hence, you will need to rest of Airflow components for this image to work. -You will need an [Airflow Webserver](https://github.com/bitnami/containers/tree/main/bitnami/airflow), one or more [Airflow Workers](https://github.com/bitnami/containers/tree/main/bitnami/airflow-worker), a [PostgreSQL database](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) and a [Redis(R) server](https://github.com/bitnami/containers/tree/main/bitnami/redis). - -### Using the Docker Command Line - -1. Create a network - - ```console - docker network create airflow-tier - ``` - -2. Create a volume for PostgreSQL persistence and create a PostgreSQL container - - ```console - docker volume create --name postgresql_data - docker run -d --name postgresql \ - -e POSTGRESQL_USERNAME=bn_airflow \ - -e POSTGRESQL_PASSWORD=bitnami1 \ - -e POSTGRESQL_DATABASE=bitnami_airflow \ - --net airflow-tier \ - --volume postgresql_data:/bitnami/postgresql \ - bitnami/postgresql:latest - ``` - -3. Create a volume for Redis(R) persistence and create a Redis(R) container - - ```console - docker volume create --name redis_data - docker run -d --name redis \ - -e ALLOW_EMPTY_PASSWORD=yes \ - --net airflow-tier \ - --volume redis_data:/bitnami \ - bitnami/redis:latest - ``` - -4. Launch the Apache Airflow Scheduler web container - - ```console - docker run -d --name airflow -p 8080:8080 \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_LOAD_EXAMPLES=yes \ - -e AIRFLOW_PASSWORD=bitnami123 \ - -e AIRFLOW_USERNAME=user \ - -e AIRFLOW_EMAIL=user@example.com \ - --net airflow-tier \ - bitnami/airflow:latest - ``` - -5. Launch the Apache Airflow Scheduler scheduler container - - ```console - docker run -d --name airflow-scheduler \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_LOAD_EXAMPLES=yes \ - --net airflow-tier \ - bitnami/airflow-scheduler:latest - ``` - -6. Launch the Apache Airflow Scheduler worker container - - ```console - docker run -d --name airflow-worker \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - --net airflow-tier \ - bitnami/airflow-worker:latest - ``` - - Access your application at `http://your-ip:8080` - -### Persisting your application - -The Bitnami Airflow container relies on the PostgreSQL database & Redis to persist the data. This means that Airflow does not persist anything. To avoid loss of data, you should mount volumes for persistence of [PostgreSQL data](https://github.com/bitnami/containers/blob/main/bitnami/mariadb#persisting-your-database) and [Redis(R) data](https://github.com/bitnami/containers/blob/main/bitnami/redis#persisting-your-database) - -The above examples define docker volumes namely `postgresql_data`, and `redis_data`. The Airflow application state will persist as long as these volumes are not removed. - -To avoid inadvertent removal of these volumes you can [mount host directories as data volumes](https://docs.docker.com/engine/tutorials/dockervolumes/). Alternatively you can make use of volume plugins to host the volume data. - -#### Mount host directories as data volumes with Docker Compose - -The following `docker-compose.yml` template demonstrates the use of host directories as data volumes. - -```yaml -version: '2' -services: - postgresql: - image: 'bitnami/postgresql:latest' - environment: - - POSTGRESQL_DATABASE=bitnami_airflow - - POSTGRESQL_USERNAME=bn_airflow - - POSTGRESQL_PASSWORD=bitnami1 - volumes: - - /path/to/postgresql-persistence:/bitnami - redis: - image: 'bitnami/redis:latest' - environment: - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - /path/to/redis-persistence:/bitnami - airflow-worker: - image: bitnami/airflow-worker:latest - environment: - - AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= - - AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_LOAD_EXAMPLES=yes - airflow-scheduler: - image: bitnami/airflow-scheduler:latest - environment: - - AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= - - AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_LOAD_EXAMPLES=yes - airflow: - image: bitnami/airflow:latest - environment: - - AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= - - AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_PASSWORD=bitnami123 - - AIRFLOW_USERNAME=user - - AIRFLOW_EMAIL=user@example.com - ports: - - '8080:8080' -``` - -#### Mount host directories as data volumes using the Docker command line - -1. Create a network (if it does not exist) - - ```console - docker network create airflow-tier - ``` - -2. Create the PostgreSQL container with host volumes - - ```console - docker run -d --name postgresql \ - -e POSTGRESQL_USERNAME=bn_airflow \ - -e POSTGRESQL_PASSWORD=bitnami1 \ - -e POSTGRESQL_DATABASE=bitnami_airflow \ - --net airflow-tier \ - --volume /path/to/postgresql-persistence:/bitnami \ - bitnami/postgresql:latest - ``` - -3. Create the Redis(R) container with host volumes - - ```console - docker run -d --name redis \ - -e ALLOW_EMPTY_PASSWORD=yes \ - --net airflow-tier \ - --volume /path/to/redis-persistence:/bitnami \ - bitnami/redis:latest - ``` - -4. Create the Airflow container - - ```console - docker run -d --name airflow -p 8080:8080 \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_LOAD_EXAMPLES=yes \ - -e AIRFLOW_PASSWORD=bitnami123 \ - -e AIRFLOW_USERNAME=user \ - -e AIRFLOW_EMAIL=user@example.com \ - --net airflow-tier \ - bitnami/airflow:latest - ``` - -5. Create the Apache Airflow Scheduler container - - ```console - docker run -d --name airflow-scheduler \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_LOAD_EXAMPLES=yes \ - --net airflow-tier \ - bitnami/airflow-scheduler:latest - ``` - -6. Create the Airflow Worker container - - ```console - docker run -d --name airflow-worker \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - --net airflow-tier \ - bitnami/airflow-worker:latest - ``` - -### Using `docker-compose.yaml` - -```console -curl -LO https://raw.githubusercontent.com/bitnami/containers/main/bitnami/airflow/docker-compose.yml -docker-compose up -``` - -Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/airflow). - -If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). - -## Configuration - -### Installing additional python modules - -This container supports the installation of additional python modules at start-up time. In order to do that, you can mount a `requirements.txt` file with your specific needs under the path `/bitnami/python/requirements.txt`. - -### Environment variables - -#### Customizable environment variables - -| Name | Description | Default Value | -|-------------------------------------|-----------------------------------------------------------------------|----------------------| -| `AIRFLOW_EXECUTOR` | Airflow executor. | `SequentialExecutor` | -| `AIRFLOW_FORCE_OVERWRITE_CONF_FILE` | Force the airflow.cfg config file generation. | `no` | -| `AIRFLOW_RAW_FERNET_KEY` | Airflow raw/unencoded Fernet key | `nil` | -| `AIRFLOW_FERNET_KEY` | Airflow Fernet key | `nil` | -| `AIRFLOW_SECRET_KEY` | Airflow Secret key | `nil` | -| `AIRFLOW_WEBSERVER_HOST` | Airflow webserver host | `127.0.0.1` | -| `AIRFLOW_WEBSERVER_PORT_NUMBER` | Airflow webserver port. | `8080` | -| `AIRFLOW_LOAD_EXAMPLES` | To load example tasks into the application. | `yes` | -| `AIRFLOW_HOSTNAME_CALLABLE` | Method to obtain the hostname. | `nil` | -| `AIRFLOW_DATABASE_HOST` | Hostname for PostgreSQL server. | `postgresql` | -| `AIRFLOW_DATABASE_PORT_NUMBER` | Port used by PostgreSQL server. | `5432` | -| `AIRFLOW_DATABASE_NAME` | Database name that Airflow will use to connect with the database. | `bitnami_airflow` | -| `AIRFLOW_DATABASE_USERNAME` | Database user that Airflow will use to connect with the database. | `bn_airflow` | -| `AIRFLOW_DATABASE_PASSWORD` | Database password that Airflow will use to connect with the database. | `nil` | -| `AIRFLOW_DATABASE_USE_SSL` | Set to yes if the database is using SSL. | `no` | -| `AIRFLOW_REDIS_USE_SSL` | Set to yes if Redis(R) uses SSL. | `no` | -| `REDIS_HOST` | Hostname for Redis(R) server. | `redis` | -| `REDIS_PORT_NUMBER` | Port used by Redis(R) server. | `6379` | -| `REDIS_USER` | User that Airflow will use to connect with Redis(R). | `nil` | -| `REDIS_PASSWORD` | Password that Airflow will use to connect with Redis(R). | `nil` | -| `REDIS_DATABASE` | Name of the Redis(R) database. | `1` | - -#### Read-only environment variables - -| Name | Description | Value | -|------------------------------|-------------------------------------------|---------------------------------------------| -| `AIRFLOW_BASE_DIR` | Airflow installation directory. | `${BITNAMI_ROOT_DIR}/airflow` | -| `AIRFLOW_HOME` | Airflow home directory. | `${AIRFLOW_BASE_DIR}` | -| `AIRFLOW_BIN_DIR` | Airflow directory for binary executables. | `${AIRFLOW_BASE_DIR}/venv/bin` | -| `AIRFLOW_LOGS_DIR` | Airflow logs directory. | `${AIRFLOW_BASE_DIR}/logs` | -| `AIRFLOW_SCHEDULER_LOGS_DIR` | Airflow scheduler logs directory. | `${AIRFLOW_LOGS_DIR}/scheduler` | -| `AIRFLOW_LOG_FILE` | Airflow logs file. | `${AIRFLOW_LOGS_DIR}/airflow-scheduler.log` | -| `AIRFLOW_CONF_FILE` | Airflow configuration file. | `${AIRFLOW_BASE_DIR}/airflow.cfg` | -| `AIRFLOW_TMP_DIR` | Airflow directory temporary files. | `${AIRFLOW_BASE_DIR}/tmp` | -| `AIRFLOW_PID_FILE` | Path to the Airflow PID file. | `${AIRFLOW_TMP_DIR}/airflow-scheduler.pid` | -| `AIRFLOW_DAGS_DIR` | Airflow data to be persisted. | `${AIRFLOW_BASE_DIR}/dags` | -| `AIRFLOW_DAEMON_USER` | Airflow system user. | `airflow` | -| `AIRFLOW_DAEMON_GROUP` | Airflow system group. | `airflow` | - -> In addition to the previous environment variables, all the parameters from the configuration file can be overwritten by using environment variables with this format: `AIRFLOW__{SECTION}__{KEY}`. Note the double underscores. - -#### Specifying Environment variables using Docker Compose - -```yaml -version: '2' - -services: - airflow: - image: bitnami/airflow:1 - environment: - - AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= - - AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_PASSWORD=bitnami123 - - AIRFLOW_USERNAME=user - - AIRFLOW_EMAIL=user@example.com -``` - -#### Specifying Environment variables on the Docker command line - -```console -docker run -d --name airflow -p 8080:8080 \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_PASSWORD=bitnami123 \ - -e AIRFLOW_USERNAME=user \ - -e AIRFLOW_EMAIL=user@example.com \ - --volume airflow_data:/bitnami \ - bitnami/airflow:latest -``` - -## Notable Changes - -### Starting January 16, 2024 - -* The `docker-compose.yaml` file has been removed, as it was solely intended for internal testing purposes. - -### 1.10.15-debian-10-r18 and 2.0.1-debian-10-r52 - -* The size of the container image has been decreased. -* The configuration logic is now based on Bash scripts in the *rootfs/* folder. - -## Contributing - -We'd love for you to contribute to this Docker image. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. - -## Issues - -If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/bitnami/airflow-worker/2/debian-12/Dockerfile b/bitnami/airflow-worker/2/debian-12/Dockerfile deleted file mode 100644 index 20495c2adc0bf..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/Dockerfile +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:48:08Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/airflow-worker/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.9.1-debian-12-r2" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/airflow-worker" \ - org.opencontainers.image.title="airflow-worker" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.9.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl git krb5-user libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libedit2 libffi8 libgcc-s1 libgmp10 libgnutls30 libgss-dev libgssapi-krb5-2 libhogweed6 libicu72 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5-dev libkrb5support0 libldap-2.5-0 liblz4-1 liblzma5 libmariadb3 libmd0 libncursesw6 libnettle8 libnsl2 libp11-kit0 libreadline8 libsasl2-2 libsasl2-modules libsqlite3-0 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtinfo6 libtirpc3 libudev1 libunistring2 libuuid1 libxml2 libxslt1.1 locales netbase procps tzdata zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "python-3.11.9-9-linux-${OS_ARCH}-debian-12" \ - "postgresql-client-16.3.0-2-linux-${OS_ARCH}-debian-12" \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "airflow-worker-2.9.1-3-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8 -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales -RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen -RUN mkdir /.local && chmod g+rwX /.local - -COPY rootfs / -RUN /opt/bitnami/scripts/airflow-worker/postunpack.sh -RUN /opt/bitnami/scripts/locales/add-extra-locales.sh -ENV AIRFLOW_HOME="/opt/bitnami/airflow" \ - APP_VERSION="2.9.1" \ - BITNAMI_APP_NAME="airflow-worker" \ - C_FORCE_ROOT="True" \ - LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - LD_LIBRARY_PATH="/opt/bitnami/airflow/venv/lib/python3.8/site-packages/numpy.libs:/opt/bitnami/python/lib:$LD_LIBRARY_PATH" \ - LIBNSS_WRAPPER_PATH="/opt/bitnami/common/lib/libnss_wrapper.so" \ - LNAME="airflow" \ - NSS_WRAPPER_GROUP="/opt/bitnami/airflow/nss-wrapper/nss_group" \ - NSS_WRAPPER_PASSWD="/opt/bitnami/airflow/nss-wrapper/nss_passwd" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/python/bin:/opt/bitnami/postgresql/bin:/opt/bitnami/airflow/venv/bin:$PATH" - -EXPOSE 8793 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/airflow-worker/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/airflow-worker/run.sh" ] diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 4bf0024c975c5..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "airflow-worker": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.9.1-3" - }, - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "postgresql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "16.3.0-2" - }, - "python": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.11.9-9" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-13" - } -} \ No newline at end of file diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker-env.sh b/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker-env.sh deleted file mode 100644 index b31cbe645d1c0..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker-env.sh +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for airflow-worker - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-airflow-worker}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -airflow_worker_env_vars=( - AIRFLOW_EXECUTOR - AIRFLOW_RAW_FERNET_KEY - AIRFLOW_FERNET_KEY - AIRFLOW_SECRET_KEY - AIRFLOW_FORCE_OVERWRITE_CONF_FILE - AIRFLOW_WEBSERVER_HOST - AIRFLOW_WEBSERVER_PORT_NUMBER - AIRFLOW_HOSTNAME_CALLABLE - AIRFLOW_QUEUE - AIRFLOW_DATABASE_HOST - AIRFLOW_DATABASE_PORT_NUMBER - AIRFLOW_DATABASE_NAME - AIRFLOW_DATABASE_USERNAME - AIRFLOW_DATABASE_PASSWORD - AIRFLOW_DATABASE_USE_SSL - AIRFLOW_REDIS_USE_SSL - REDIS_HOST - REDIS_PORT_NUMBER - REDIS_USER - REDIS_PASSWORD - REDIS_DATABASE -) -for env_var in "${airflow_worker_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset airflow_worker_env_vars - -# Airflow paths -export AIRFLOW_BASE_DIR="${BITNAMI_ROOT_DIR}/airflow" -export AIRFLOW_HOME="${AIRFLOW_BASE_DIR}" -export AIRFLOW_BIN_DIR="${AIRFLOW_BASE_DIR}/venv/bin" -export AIRFLOW_LOGS_DIR="${AIRFLOW_BASE_DIR}/logs" -export AIRFLOW_LOG_FILE="${AIRFLOW_LOGS_DIR}/airflow-worker.log" -export AIRFLOW_CONF_FILE="${AIRFLOW_BASE_DIR}/airflow.cfg" -export AIRFLOW_TMP_DIR="${AIRFLOW_BASE_DIR}/tmp" -export AIRFLOW_PID_FILE="${AIRFLOW_TMP_DIR}/airflow-worker.pid" -export AIRFLOW_DAGS_DIR="${AIRFLOW_BASE_DIR}/dags" -export PATH="${AIRFLOW_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" - -# System users (when running with a privileged user) -export AIRFLOW_DAEMON_USER="airflow" -export AIRFLOW_DAEMON_GROUP="airflow" - -# Airflow configuration -export AIRFLOW_EXECUTOR="${AIRFLOW_EXECUTOR:-SequentialExecutor}" -export AIRFLOW_RAW_FERNET_KEY="${AIRFLOW_RAW_FERNET_KEY:-}" -export AIRFLOW_FERNET_KEY="${AIRFLOW_FERNET_KEY:-}" -export AIRFLOW_SECRET_KEY="${AIRFLOW_SECRET_KEY:-}" -export AIRFLOW_FORCE_OVERWRITE_CONF_FILE="${AIRFLOW_FORCE_OVERWRITE_CONF_FILE:-no}" -export AIRFLOW_WEBSERVER_HOST="${AIRFLOW_WEBSERVER_HOST:-127.0.0.1}" -export AIRFLOW_WEBSERVER_PORT_NUMBER="${AIRFLOW_WEBSERVER_PORT_NUMBER:-8080}" -export AIRFLOW_HOSTNAME_CALLABLE="${AIRFLOW_HOSTNAME_CALLABLE:-}" -export AIRFLOW_QUEUE="${AIRFLOW_QUEUE:-}" - -# Airflow database configuration -export AIRFLOW_DATABASE_HOST="${AIRFLOW_DATABASE_HOST:-postgresql}" -export AIRFLOW_DATABASE_PORT_NUMBER="${AIRFLOW_DATABASE_PORT_NUMBER:-5432}" -export AIRFLOW_DATABASE_NAME="${AIRFLOW_DATABASE_NAME:-bitnami_airflow}" -export AIRFLOW_DATABASE_USERNAME="${AIRFLOW_DATABASE_USERNAME:-bn_airflow}" -export AIRFLOW_DATABASE_PASSWORD="${AIRFLOW_DATABASE_PASSWORD:-}" -export AIRFLOW_DATABASE_USE_SSL="${AIRFLOW_DATABASE_USE_SSL:-no}" -export AIRFLOW_REDIS_USE_SSL="${AIRFLOW_REDIS_USE_SSL:-no}" -export REDIS_HOST="${REDIS_HOST:-redis}" -export REDIS_PORT_NUMBER="${REDIS_PORT_NUMBER:-6379}" -export REDIS_USER="${REDIS_USER:-}" -export REDIS_PASSWORD="${REDIS_PASSWORD:-}" -export REDIS_DATABASE="${REDIS_DATABASE:-1}" - -# Custom environment variables may be defined below diff --git a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/entrypoint.sh b/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/entrypoint.sh deleted file mode 100755 index ff53b885d82a1..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/entrypoint.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Airflow environment variables -. /opt/bitnami/scripts/airflow-worker-env.sh - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libairflowworker.sh - -print_welcome_page - -if ! am_i_root && [[ -e "$LIBNSS_WRAPPER_PATH" ]]; then - info "Enabling non-root system user with nss_wrapper" - echo "airflow:x:$(id -u):$(id -g):Airflow:$AIRFLOW_HOME:/bin/false" > "$NSS_WRAPPER_PASSWD" - echo "airflow:x:$(id -g):" > "$NSS_WRAPPER_GROUP" - - export LD_PRELOAD="$LIBNSS_WRAPPER_PATH" - export HOME="$AIRFLOW_HOME" -fi - -# Install custom python package if requirements.txt is present -if [[ -f "/bitnami/python/requirements.txt" ]]; then - . /opt/bitnami/airflow/venv/bin/activate - pip install -r /bitnami/python/requirements.txt - deactivate -fi - -if [[ "$*" = *"/opt/bitnami/scripts/airflow-worker/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Airflow setup **" - /opt/bitnami/scripts/airflow-worker/setup.sh - info "** Airflow setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/postunpack.sh b/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/postunpack.sh deleted file mode 100755 index ef43253806891..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/postunpack.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Airflow environment variables -. /opt/bitnami/scripts/airflow-worker-env.sh - -# Load libraries -. /opt/bitnami/scripts/libairflowworker.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh - -ensure_dir_exists "$AIRFLOW_BASE_DIR" -# Ensure the needed directories exist with write permissions -for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR" "$AIRFLOW_DAGS_DIR" "${AIRFLOW_BASE_DIR}/nss-wrapper"; do - ensure_dir_exists "$dir" - configure_permissions_ownership "$dir" -d "775" -f "664" -g "root" -done - -chmod -R g+rwX "$AIRFLOW_BASE_DIR" diff --git a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/run.sh b/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/run.sh deleted file mode 100755 index 59d72b367dba5..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/run.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Airflow environment variables -. /opt/bitnami/scripts/airflow-worker-env.sh - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libairflowworker.sh - -EXEC="${AIRFLOW_BIN_DIR}/airflow" -args=("celery" "worker") -if [[ -n "$AIRFLOW_QUEUE" ]]; then - args+=("-q" "$AIRFLOW_QUEUE") -fi -args+=("--pid" "$AIRFLOW_PID_FILE" "$@") - -info "** Starting Airflow **" -if am_i_root; then - exec_as_user "$AIRFLOW_DAEMON_USER" "$EXEC" "${args[@]}" -else - exec "$EXEC" "${args[@]}" -fi diff --git a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/setup.sh b/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/setup.sh deleted file mode 100755 index f000a76d8b742..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/airflow-worker/setup.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Airflow environment variables -. /opt/bitnami/scripts/airflow-worker-env.sh - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libairflowworker.sh - -# Ensure Airflow environment variables settings are valid -airflow_worker_validate -# Ensure Airflow daemon user exists when running as root -am_i_root && ensure_user_exists "$AIRFLOW_DAEMON_USER" --group "$AIRFLOW_DAEMON_GROUP" -# Ensure Airflow is initialized -airflow_worker_initialize diff --git a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh b/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh deleted file mode 100644 index 7a91931beccc0..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh +++ /dev/null @@ -1,552 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# Bitnami Airflow library - -# shellcheck disable=SC1091,SC2153 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libpersistence.sh - -# Load database library -if [[ -f /opt/bitnami/scripts/libpostgresqlclient.sh ]]; then - . /opt/bitnami/scripts/libpostgresqlclient.sh -elif [[ -f /opt/bitnami/scripts/libpostgresql.sh ]]; then - . /opt/bitnami/scripts/libpostgresql.sh -fi - -# Functions - -######################## -# Validate Airflow inputs -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -airflow_validate() { - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - - # Check postgresql host - [[ -z "$AIRFLOW_DATABASE_HOST" ]] && print_validation_error "Missing AIRFLOW_DATABASE_HOST" - - # Check LDAP parameters - if is_boolean_yes "$AIRFLOW_LDAP_ENABLE"; then - [[ -z "$AIRFLOW_LDAP_URI" ]] && print_validation_error "Missing AIRFLOW_LDAP_URI" - [[ -z "$AIRFLOW_LDAP_SEARCH" ]] && print_validation_error "Missing AIRFLOW_LDAP_SEARCH" - [[ -z "$AIRFLOW_LDAP_UID_FIELD" ]] && print_validation_error "Missing AIRFLOW_LDAP_UID_FIELD" - [[ -z "$AIRFLOW_LDAP_BIND_USER" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_USER" - [[ -z "$AIRFLOW_LDAP_BIND_PASSWORD" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_PASSWORD" - [[ -z "$AIRFLOW_LDAP_ROLES_MAPPING" ]] && print_validation_error "Missing AIRFLOW_LDAP_ROLES_MAPPING" - [[ -z "$AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" ]] && print_validation_error "Missing AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" - [[ -z "$AIRFLOW_LDAP_USER_REGISTRATION" ]] && print_validation_error "Missing AIRFLOW_LDAP_USER_REGISTRATION" - [[ -z "$AIRFLOW_LDAP_USER_REGISTRATION_ROLE" ]] && print_validation_error "Missing AIRFLOW_LDAP_USER_REGISTRATION_ROLE" - - # Chack boolean env vars contain valid values - for var in "AIRFLOW_LDAP_USER_REGISTRATION" "AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" "AIRFLOW_LDAP_USE_TLS"; do - check_multi_value "$var" "True False" - done - - if [[ "$AIRFLOW_LDAP_USE_TLS" == "True" ]]; then - [[ -z "$AIRFLOW_LDAP_ALLOW_SELF_SIGNED" ]] && print_validation_error "Missing AIRFLOW_LDAP_ALLOW_SELF_SIGNED" - [[ -z "$AIRFLOW_LDAP_TLS_CA_CERTIFICATE" ]] && print_validation_error "Missing AIRFLOW_LDAP_TLS_CA_CERTIFICATE" - fi - - fi - - # Check pool parameters - if [[ -n "$AIRFLOW_POOL_NAME" ]]; then - [[ -z "$AIRFLOW_POOL_DESC" ]] && print_validation_error "Provided AIRFLOW_POOL_NAME but missing AIRFLOW_POOL_DESC" - [[ -z "$AIRFLOW_POOL_SIZE" ]] && print_validation_error "Provided AIRFLOW_POOL_NAME but missing AIRFLOW_POOL_SIZE" - fi - - # Check cryptography parameters - if [[ -n "$AIRFLOW_RAW_FERNET_KEY" && -z "$AIRFLOW_FERNET_KEY" ]]; then - local fernet_char_count - fernet_char_count="$(echo -n "$AIRFLOW_RAW_FERNET_KEY")" - if [[ "$fernet_char_count" -lt 32 ]]; then - print_validation_error "AIRFLOW_RAW_FERNET_KEY must have at least 32 characters" - elif [[ "$fernet_char_count" -gt 32 ]]; then - warn "AIRFLOW_RAW_FERNET_KEY has more than 32 characters, the rest will be ignored" - fi - AIRFLOW_FERNET_KEY="$(echo -n "${AIRFLOW_RAW_FERNET_KEY:0:32}" | base64)" - fi - - return "$error_code" -} - -######################## -# Ensure Airflow is initialized -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_initialize() { - info "Initializing Airflow ..." - - # Change permissions if running as root - for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR" "$AIRFLOW_DAGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown "$AIRFLOW_DAEMON_USER:$AIRFLOW_DAEMON_GROUP" "$dir" - done - - # The configuration file is not persisted. If it is not provided, generate it based on env vars - if [[ ! -f "$AIRFLOW_CONF_FILE" ]] || is_boolean_yes "$AIRFLOW_FORCE_OVERWRITE_CONF_FILE"; then - info "No injected configuration file found. Creating default config file" - airflow_generate_config - else - info "Configuration file found, loading configuration" - fi - - info "Trying to connect to the database server" - airflow_wait_for_postgresql_connection - # Check if the Airflow database has been already initialized - if ! airflow_execute db check-migrations; then - # Delete pid file - rm -f "$AIRFLOW_PID_FILE" - - # Initialize database - info "Populating database" - airflow_execute db init - - airflow_create_admin_user - airflow_create_pool - else - # Upgrade database - info "Upgrading database schema" - airflow_execute db upgrade - true # Avoid return false when I am not root - fi -} - -######################## -# Executes the 'airflow' CLI with the specified arguments and print result to stdout/stderr -# Globals: -# AIRFLOW_* -# Arguments: -# $1..$n - Arguments to pass to the CLI call -# Returns: -# None -######################### -airflow_execute_print_output() { - # Run as web server user to avoid having to change permissions/ownership afterwards - if am_i_root; then - run_as_user "$AIRFLOW_DAEMON_USER" airflow "$@" - else - airflow "$@" - fi -} - -######################## -# Executes the 'airflow' CLI with the specified arguments -# Globals: -# AIRFLOW_* -# Arguments: -# $1..$n - Arguments to pass to the CLI call -# Returns: -# None -######################### -airflow_execute() { - debug_execute airflow_execute_print_output "$@" -} - -######################## -# Generate Airflow conf file -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_generate_config() { - # Create Airflow confirguration from default files - [[ ! -f "$AIRFLOW_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_airflow.cfg)" "$AIRFLOW_CONF_FILE" - [[ -n "$AIRFLOW_WEBSERVER_CONF_FILE" ]] && [[ ! -f "$AIRFLOW_WEBSERVER_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_webserver_config.py)" "$AIRFLOW_WEBSERVER_CONF_FILE" - - # Setup Airflow base URL - airflow_configure_base_url - # Configure Airflow Hostname - [[ -n "$AIRFLOW_HOSTNAME_CALLABLE" ]] && airflow_conf_set "core" "hostname_callable" "$AIRFLOW_HOSTNAME_CALLABLE" - # Configure Airflow webserver authentication - airflow_configure_webserver_authentication - # Configure Airflow to load examples - if is_boolean_yes "$AIRFLOW_LOAD_EXAMPLES"; then - airflow_conf_set "core" "load_examples" "True" - else - airflow_conf_set "core" "load_examples" "False" - fi - # Configure Airflow database - airflow_configure_database - - # Configure the Webserver port - airflow_conf_set "webserver" "web_server_port" "$AIRFLOW_WEBSERVER_PORT_NUMBER" - - # Setup the secret keys for database connection and flask application (fernet key and secret key) - # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#fernet-key - # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key - [[ -n "$AIRFLOW_FERNET_KEY" ]] && airflow_conf_set "core" "fernet_key" "$AIRFLOW_FERNET_KEY" - [[ -n "$AIRFLOW_SECRET_KEY" ]] && airflow_conf_set "webserver" "secret_key" "$AIRFLOW_SECRET_KEY" - - # Configure Airflow executor - airflow_conf_set "core" "executor" "$AIRFLOW_EXECUTOR" - [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]] && airflow_configure_celery_executor - true # Avoid the function to fail due to the check above -} - -######################## -# Set property on the Airflow configuration file -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_conf_set() { - local -r section="${1:?section is required}" - local -r key="${2:?key is required}" - local -r value="${3:?value is required}" - local -r file="${4:-${AIRFLOW_CONF_FILE}}" - - ini-file set "--section=$section" "--key=$key" "--value=$value" -- "$file" -} - -######################## -# Configure Airflow base url -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_configure_base_url() { - if [[ -z "$AIRFLOW_BASE_URL" ]]; then - airflow_conf_set "webserver" "base_url" "http://${AIRFLOW_WEBSERVER_HOST}:${AIRFLOW_WEBSERVER_PORT_NUMBER}" - else - airflow_conf_set "webserver" "base_url" "$AIRFLOW_BASE_URL" - fi -} - -######################## -# Configure Airflow webserver authentication -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_configure_webserver_authentication() { - info "Configuring Airflow webserver authentication" - airflow_conf_set "webserver" "rbac" "true" - - if is_boolean_yes "$AIRFLOW_LDAP_ENABLE"; then - info "Enabling LDAP authentication" - # Based on PR https://github.com/apache/airflow/pull/16647 - replace_in_file "$AIRFLOW_WEBSERVER_CONF_FILE" "# from airflow.www.fab_security.manager import AUTH_LDAP" "from airflow.www.fab_security.manager import AUTH_LDAP" - replace_in_file "$AIRFLOW_WEBSERVER_CONF_FILE" "from airflow.www.fab_security.manager import AUTH_DB" "# from airflow.www.fab_security.manager import AUTH_DB" - - # webserver config - airflow_webserver_conf_set "AUTH_TYPE" "AUTH_LDAP" - airflow_webserver_conf_set "AUTH_LDAP_SERVER" "$AIRFLOW_LDAP_URI" "yes" - - # searches - airflow_webserver_conf_set "AUTH_LDAP_SEARCH" "$AIRFLOW_LDAP_SEARCH" "yes" - airflow_webserver_conf_set "AUTH_LDAP_UID_FIELD" "$AIRFLOW_LDAP_UID_FIELD" "yes" - - # Special account for searches - airflow_webserver_conf_set "AUTH_LDAP_BIND_USER" "$AIRFLOW_LDAP_BIND_USER" "yes" - airflow_webserver_conf_set "AUTH_LDAP_BIND_PASSWORD" "$AIRFLOW_LDAP_BIND_PASSWORD" "yes" - - # User self registration - airflow_webserver_conf_set "AUTH_USER_REGISTRATION" "$AIRFLOW_LDAP_USER_REGISTRATION" - airflow_webserver_conf_set "AUTH_USER_REGISTRATION_ROLE" "$AIRFLOW_LDAP_USER_REGISTRATION_ROLE" "yes" - - # Mapping from LDAP DN to list of FAB roles - airflow_webserver_conf_set "AUTH_ROLES_MAPPING" "$AIRFLOW_LDAP_ROLES_MAPPING" - - # Replace user's roles at login - airflow_webserver_conf_set "AUTH_ROLES_SYNC_AT_LOGIN" "$AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" - - # Allowing/Denying of self signed certs for StartTLS OR SSL ldaps:// connections - airflow_webserver_conf_set "AUTH_LDAP_ALLOW_SELF_SIGNED" "$AIRFLOW_LDAP_ALLOW_SELF_SIGNED" - - # If StartTLS supply cert - if [[ "$AIRFLOW_LDAP_USE_TLS" == "True" ]]; then - airflow_webserver_conf_set "AUTH_LDAP_TLS_CACERTFILE" "$AIRFLOW_LDAP_TLS_CA_CERTIFICATE" "yes" - fi - fi -} - -######################## -# Set properties in Airflow's webserver_config.py -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_webserver_conf_set() { - local -r key="${1:?missing key}" - local -r value="${2:?missing key}" - local -r is_literal="${3:-no}" - shift 2 - - local -r file="$AIRFLOW_WEBSERVER_CONF_FILE" - # Check if the value was set before - if grep -q "^#*\\s*${key} =.*$" "$file"; then - local entry - is_boolean_yes "$is_literal" && entry="${key} = '${value}'" || entry="${key} = ${value}" - # Update the existing key - replace_in_file "$file" "^#*\\s*${key} =.*$" "$entry" false - else - # Add a new key - local new_value="$value" - is_boolean_yes "$is_literal" && new_value="'${value}'" - printf '\n%s = %s' "$key" "$new_value" >>"$file" - fi -} - -######################## -# Configure Airflow database -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_configure_database() { - local -r user=$(airflow_encode_url "$AIRFLOW_DATABASE_USERNAME") - local -r password=$(airflow_encode_url "$AIRFLOW_DATABASE_PASSWORD") - local extra_options - is_boolean_yes "$AIRFLOW_DATABASE_USE_SSL" && extra_options="?sslmode=require" - - info "Configuring Airflow database" - airflow_conf_set "database" "sql_alchemy_conn" "postgresql+psycopg2://${user}:${password}@${AIRFLOW_DATABASE_HOST}:${AIRFLOW_DATABASE_PORT_NUMBER}/${AIRFLOW_DATABASE_NAME}${extra_options:-}" -} - -######################## -# Return URL encoded string in the airflow conf format -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_encode_url() { - local -r url="${1?Missing url}" - - urlencode() { - old_lc_collate="${LC_COLLATE:-}" - LC_COLLATE=C - - local length="${#1}" - for ((i = 0; i < length; i++)); do - local c="${1:$i:1}" - case $c in - [a-zA-Z0-9.~_-]) printf '%s' "$c" ;; - *) printf '%%%02X' "'$c" ;; - esac - done - - LC_COLLATE="$old_lc_collate" - } - - local -r url_encoded=$(urlencode "$url") - # Replace % by %% - echo "${url_encoded//\%/\%\%}" -} - -######################## -# Configure Airflow celery executor -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_configure_celery_executor() { - info "Configuring Celery Executor" - - # Configure celery Redis url - local -r redis_user=$(airflow_encode_url "$REDIS_USER") - local -r redis_password=$(airflow_encode_url "$REDIS_PASSWORD") - airflow_conf_set "celery" "broker_url" "redis://${redis_user}:${redis_password}@${REDIS_HOST}:${REDIS_PORT_NUMBER}/${REDIS_DATABASE}" - is_boolean_yes "$AIRFLOW_REDIS_USE_SSL" && airflow_conf_set "celery" "broker_url" "rediss://${redis_user}:${redis_password}@${REDIS_HOST}:${REDIS_PORT_NUMBER}/${REDIS_DATABASE}" - is_boolean_yes "$AIRFLOW_REDIS_USE_SSL" && airflow_conf_set "celery" "redis_backend_use_ssl" "true" - - # Configure celery backend - local -r database_user=$(airflow_encode_url "$AIRFLOW_DATABASE_USERNAME") - local -r database_password=$(airflow_encode_url "$AIRFLOW_DATABASE_PASSWORD") - local database_extra_options - is_boolean_yes "$AIRFLOW_DATABASE_USE_SSL" && database_extra_options="?sslmode=require" - airflow_conf_set "celery" "result_backend" "db+postgresql://${database_user}:${database_password}@${AIRFLOW_DATABASE_HOST}:${AIRFLOW_DATABASE_PORT_NUMBER}/${AIRFLOW_DATABASE_NAME}${database_extra_options:-}" -} - -######################## -# Wait until the database is accessible -# Globals: -# None -# Arguments: -# None -# Returns: -# true if the database connection succeeded, false otherwise -######################### -airflow_wait_for_postgresql_connection() { - if ! retry_while "airflow_execute db check"; then - error "Could not connect to the database" - return 1 - fi -} - -######################## -# Airflow create admin user -# Arguments: -# None -# Returns: -# None -######################### -airflow_create_admin_user() { - info "Creating Airflow admin user" - airflow_execute users create -r "Admin" -u "$AIRFLOW_USERNAME" -e "$AIRFLOW_EMAIL" -p "$AIRFLOW_PASSWORD" -f "$AIRFLOW_FIRSTNAME" -l "$AIRFLOW_LASTNAME" -} - -######################## -# Airflow create pool -# Arguments: -# None -# Returns: -# None -######################### -airflow_create_pool() { - if [[ -n "$AIRFLOW_POOL_NAME" ]] && [[ -n "$AIRFLOW_POOL_SIZE" ]] && [[ -n "$AIRFLOW_POOL_DESC" ]]; then - info "Creating Airflow pool" - airflow_execute pool -s "$AIRFLOW_POOL_NAME" "$AIRFLOW_POOL_SIZE" "$AIRFLOW_POOL_DESC" - fi -} - -######################## -# Check if Airflow is running -# Globals: -# AIRFLOW_PID_FILE -# Arguments: -# None -# Returns: -# Whether Airflow is running -######################## -is_airflow_running() { - local pid - pid="$(get_pid_from_file "$AIRFLOW_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Airflow is not running -# Globals: -# AIRFLOW_PID_FILE -# Arguments: -# None -# Returns: -# Whether Airflow is not running -######################## -is_airflow_not_running() { - ! is_airflow_running -} - -######################## -# Stop Airflow -# Globals: -# AIRFLOW* -# Arguments: -# None -# Returns: -# None -######################### -airflow_stop() { - info "Stopping Airflow..." - stop_service_using_pid "$AIRFLOW_PID_FILE" -} - -######################## -# Check if airflow-exporter is running -# Globals: -# AIRFLOW_EXPORTER_PID_FILE -# Arguments: -# None -# Returns: -# Whether airflow-exporter is running -######################## -is_airflow_exporter_running() { - # airflow-exporter does not create any PID file - # We regenerate the PID file for each time we query it to avoid getting outdated - pgrep -f "airflow-prometheus-exporter" | head -n 1 > "$AIRFLOW_EXPORTER_PID_FILE" - - local pid - pid="$(get_pid_from_file "$AIRFLOW_EXPORTER_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if airflow-exporter is not running -# Globals: -# AIRFLOW_EXPORTER_PID_FILE -# Arguments: -# None -# Returns: -# Whether airflow-exporter is not running -######################## -is_airflow_exporter_not_running() { - ! is_airflow_exporter_running -} - -######################## -# Stop airflow-exporter -# Globals: -# AIRFLOW* -# Arguments: -# None -# Returns: -# None -######################### -airflow_exporter_stop() { - info "Stopping airflow-exporter..." - stop_service_using_pid "$AIRFLOW_EXPORTER_PID_FILE" -} diff --git a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libairflowworker.sh b/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libairflowworker.sh deleted file mode 100644 index 4cb802e0fcc91..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libairflowworker.sh +++ /dev/null @@ -1,154 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# Bitnami Airflow library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libpersistence.sh - -# Load airflow library -. /opt/bitnami/scripts/libairflow.sh - -######################## -# Validate Airflow Scheduler inputs -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_worker_validate() { - # Check postgresql host - [[ -z "$AIRFLOW_WEBSERVER_HOST" ]] && print_validation_error "Missing AIRFLOW_WEBSERVER_HOST" - [[ -z "$AIRFLOW_WEBSERVER_PORT_NUMBER" ]] && print_validation_error "Missing AIRFLOW_WEBSERVER_PORT_NUMBER" - # Check postgresql host - [[ -z "$AIRFLOW_DATABASE_HOST" ]] && print_validation_error "Missing AIRFLOW_DATABASE_HOST" - - # Check cryptography parameters - if [[ -n "$AIRFLOW_RAW_FERNET_KEY" && -z "$AIRFLOW_FERNET_KEY" ]]; then - local fernet_char_count - fernet_char_count="$(echo -n "$AIRFLOW_RAW_FERNET_KEY")" - if [[ "$fernet_char_count" -lt 32 ]]; then - print_validation_error "AIRFLOW_RAW_FERNET_KEY must have at least 32 characters" - elif [[ "$fernet_char_count" -gt 32 ]]; then - warn "AIRFLOW_RAW_FERNET_KEY has more than 32 characters, the rest will be ignored" - fi - AIRFLOW_FERNET_KEY="$(echo -n "${AIRFLOW_RAW_FERNET_KEY:0:32}" | base64)" - fi - - # Avoid fail because of the above check - true -} - -######################## -# Ensure Airflow Scheduler is initialized -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_worker_initialize() { - # Remove airflow-worker.pid file if exists to prevent error after WSL restarts - if [ -f "$AIRFLOW_PID_FILE" ]; then - rm "$AIRFLOW_PID_FILE" - fi - - # Change permissions if running as root - for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown "$AIRFLOW_DAEMON_USER:$AIRFLOW_DAEMON_GROUP" "$dir" - done - - # The configuration file is not persisted. If it is not provided, generate it based on env vars - if [[ ! -f "$AIRFLOW_CONF_FILE" ]] || is_boolean_yes "$AIRFLOW_FORCE_OVERWRITE_CONF_FILE"; then - info "No injected configuration file found. Creating default config file" - airflow_worker_generate_config - else - info "Configuration file found, loading configuration" - fi - - info "Trying to connect to the database server" - airflow_wait_for_postgresql_connection - # Change the permissions after restoring the persisted data in case we are root - for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown "$AIRFLOW_DAEMON_USER:$AIRFLOW_DAEMON_GROUP" "$dir" - done - - # Wait for airflow webserver to be available - info "Waiting for Airflow Webserver to be up" - airflow_worker_wait_for_webserver "$AIRFLOW_WEBSERVER_HOST" "$AIRFLOW_WEBSERVER_PORT_NUMBER" - if [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]]; then - wait-for-port --host "$REDIS_HOST" "$REDIS_PORT_NUMBER" - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Generate Airflow Scheduler conf file -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_worker_generate_config() { - # Generate Airflow default files - debug_execute airflow version - - # Configure Airflow Hostname - [[ -n "$AIRFLOW_HOSTNAME_CALLABLE" ]] && airflow_conf_set "core" "hostname_callable" "$AIRFLOW_HOSTNAME_CALLABLE" - - # Configure Airflow database - airflow_configure_database - - # Configure the Webserver port - airflow_conf_set "webserver" "web_server_port" "$AIRFLOW_WEBSERVER_PORT_NUMBER" - - # Setup the secret keys for database connection and flask application (fernet key and secret key) - # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#fernet-key - # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key - [[ -n "$AIRFLOW_FERNET_KEY" ]] && airflow_conf_set "core" "fernet_key" "$AIRFLOW_FERNET_KEY" - [[ -n "$AIRFLOW_SECRET_KEY" ]] && airflow_conf_set "webserver" "secret_key" "$AIRFLOW_SECRET_KEY" - - # Configure Airflow executor - airflow_conf_set "core" "executor" "$AIRFLOW_EXECUTOR" - [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]] && airflow_configure_celery_executor - true # Avoid the function to fail due to the check above -} - -######################## -# Wait Ariflow webserver -# Globals: -# AIRFLOW_* -# Arguments: -# None -# Returns: -# None -######################### -airflow_worker_wait_for_webserver() { - local -r webserver_host="${1:?missing database host}" - local -r webserver_port="${2:?missing database port}" - check_webserver_connection() { - wait-for-port --host "$webserver_host" "$webserver_port" - } - if ! retry_while "check_webserver_connection"; then - error "Could not connect to the Airflow webserver" - return 1 - fi -} diff --git a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh b/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh deleted file mode 100644 index 3c8c53037a6af..0000000000000 --- a/bitnami/airflow-worker/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh +++ /dev/null @@ -1,424 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami PostgreSQL Client library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Validate settings in POSTGRESQL_CLIENT_* environment variables -# Globals: -# POSTGRESQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -postgresql_client_validate() { - info "Validating settings in POSTGRESQL_CLIENT_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - - # Only validate environment variables if any action needs to be performed - local -a database_names - read -r -a database_names <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES")" - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" || "${#database_names[@]}" -gt 0 ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" ]]; then - empty_password_error "POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - fi - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]] && [[ -z "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then - empty_password_error "POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - fi - # When enabling extensions, the DB name must be provided - local -a extensions - read -r -a extensions <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS")" - if [[ "${#database_names[@]}" -le 0 && "${#extensions[@]}" -gt 0 ]]; then - print_validation_error "POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS requires POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES to be set." - fi - return "$error_code" -} - -######################## -# Perform actions to a database -# Globals: -# POSTGRESQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -postgresql_client_initialize() { - local -a database_names - read -r -a database_names <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES")" - # Wait for the database to be accessible if any action needs to be performed - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" || "${#database_names[@]}" -gt 0 ]]; then - info "Trying to connect to the database server" - check_postgresql_connection() { - echo "SELECT 1" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "postgres" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - } - if ! retry_while "check_postgresql_connection"; then - error "Could not connect to the database server" - return 1 - fi - fi - # Ensure a database user exists in the server - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]]; then - info "Creating database user ${POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME}" - local -a args=("$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" "--host" "$POSTGRESQL_CLIENT_DATABASE_HOST" "--port" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD") - postgresql_ensure_user_exists "${args[@]}" - fi - # Ensure a database exists in the server (and that the user has write privileges, if specified) - if [[ "${#database_names[@]}" -gt 0 ]]; then - local -a createdb_args extensions - read -r -a extensions <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS")" - for database_name in "${database_names[@]}"; do - info "Creating database ${database_name}" - createdb_args=("$database_name" "--host" "$POSTGRESQL_CLIENT_DATABASE_HOST" "--port" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]] && createdb_args+=("-u" "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME") - postgresql_ensure_database_exists "${createdb_args[@]}" - # Ensure the list of extensions are enabled in the specified database - if [[ "${#extensions[@]}" -gt 0 ]]; then - for extension_to_create in "${extensions[@]}"; do - echo "CREATE EXTENSION IF NOT EXISTS ${extension_to_create}" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "$database_name" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - done - fi - done - fi - # Execute a custom SQL script - if [[ -n "$POSTGRESQL_CLIENT_EXECUTE_SQL" ]]; then - info "Executing custom SQL script" - echo "$POSTGRESQL_CLIENT_EXECUTE_SQL" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "postgres" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - fi - # Avoid exit code of previous commands to affect the result of this function - true -} - -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC2148 - -######################## -# Return PostgreSQL major version -# Globals: -# POSTGRESQL_* -# Arguments: -# None -# Returns: -# String -######################### -postgresql_get_major_version() { - psql --version | grep -oE "[0-9]+\.[0-9]+" | grep -oE "^[0-9]+" -} - -######################## -# Gets an environment variable name based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var_value() { - local env_var_suffix="${1:?missing suffix}" - local env_var_name - for env_var_prefix in POSTGRESQL POSTGRESQL_CLIENT; do - env_var_name="${env_var_prefix}_${env_var_suffix}" - if [[ -n "${!env_var_name:-}" ]]; then - echo "${!env_var_name}" - break - fi - done -} - -######################## -# Execute an arbitrary query/queries against the running PostgreSQL service and print the output -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# POSTGRESQL_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra options (eg. -tA) -# Returns: -# None -######################### -postgresql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-postgres}" - local -r pass="${3:-}" - local opts - read -r -a opts <<<"${@:4}" - - local args=("-U" "$user" "-p" "${POSTGRESQL_PORT_NUMBER:-5432}") - [[ -n "$db" ]] && args+=("-d" "$db") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - - # Execute the Query/queries from stdin - PGPASSWORD=$pass psql "${args[@]}" -} - -######################## -# Execute an arbitrary query/queries against the running PostgreSQL service -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# POSTGRESQL_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra options (eg. -tA) -# Returns: -# None -######################### -postgresql_execute() { - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - "postgresql_execute_print_output" "$@" - elif [[ "${NO_ERRORS:-false}" = true ]]; then - "postgresql_execute_print_output" "$@" 2>/dev/null - else - "postgresql_execute_print_output" "$@" >/dev/null 2>&1 - fi -} - -######################## -# Execute an arbitrary query/queries against a remote PostgreSQL service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Remote PostgreSQL service hostname -# $2 - Remote PostgreSQL service port -# $3 - Database where to run the queries -# $4 - User to run queries -# $5 - Password -# $6 - Extra options (eg. -tA) -# Returns: -# None -postgresql_remote_execute_print_output() { - local -r hostname="${1:?hostname is required}" - local -r port="${2:?port is required}" - local -a args=("-h" "$hostname" "-p" "$port") - shift 2 - "postgresql_execute_print_output" "$@" "${args[@]}" -} - -######################## -# Execute an arbitrary query/queries against a remote PostgreSQL service -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Remote PostgreSQL service hostname -# $2 - Remote PostgreSQL service port -# $3 - Database where to run the queries -# $4 - User to run queries -# $5 - Password -# $6 - Extra options (eg. -tA) -# Returns: -# None -postgresql_remote_execute() { - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - "postgresql_remote_execute_print_output" "$@" - elif [[ "${NO_ERRORS:-false}" = true ]]; then - "postgresql_remote_execute_print_output" "$@" 2>/dev/null - else - "postgresql_remote_execute_print_output" "$@" >/dev/null 2>&1 - fi -} - -######################## -# Optionally create the given database user -# Flags: -# -p|--password - database password -# --host - database host -# --port - database port -# Arguments: -# $1 - user -# Returns: -# None -######################### -postgresql_ensure_user_exists() { - local -r user="${1:?user is missing}" - local password="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p | --password) - shift - password="${1:?missing password}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a postgresql_execute_cmd=("postgresql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && postgresql_execute_cmd=("postgresql_remote_execute" "$db_host" "$db_port") - local -a postgresql_execute_flags=("postgres" "$(get_env_var_value POSTGRES_USER)" "$(get_env_var_value POSTGRES_PASSWORD)") - - "${postgresql_execute_cmd[@]}" "${postgresql_execute_flags[@]}" <&2 - return 1 - ;; - esac - shift - done - - local -a postgresql_execute_cmd=("postgresql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && postgresql_execute_cmd=("postgresql_remote_execute" "$db_host" "$db_port") - local -a postgresql_execute_flags=("postgres" "$(get_env_var_value POSTGRES_USER)" "$(get_env_var_value POSTGRES_PASSWORD)") - - "${postgresql_execute_cmd[@]}" "${postgresql_execute_flags[@]}" < Apache Airflow is a tool to express and execute workflows as directed acyclic graphs (DAGs). Airflow workers listen to, and process, queues containing workflow tasks. - -[Overview of Apache Airflow Worker](https://airflow.apache.org/) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -docker run --name airflow-worker bitnami/airflow-worker:latest -``` - -You can find the default credentials and available configuration options in the [Environment Variables](#environment-variables) section. - -## Why use Bitnami Images? - -* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. -* With Bitnami images the latest bug fixes and features are available as soon as possible. -* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. -* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. -* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. -* Bitnami container images are released on a regular basis with the latest distribution packages available. - -Looking to use Apache Airflow Worker in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Supported tags and respective `Dockerfile` links - -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). - -You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. - -Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). - -## Prerequisites - -To run this application you need [Docker Engine](https://www.docker.com/products/docker-engine) >= `1.10.0`. [Docker Compose](https://docs.docker.com/compose/) is recommended with a version `1.6.0` or later. - -## How to use this image - -Airflow Worker is a component of an Airflow solution configuring with the `CeleryExecutor`. Hence, you will need to rest of Airflow components for this image to work. -You will need an [Airflow Webserver](https://github.com/bitnami/containers/tree/main/bitnami/airflow), an [Airflow Scheduler](https://github.com/bitnami/containers/tree/main/bitnami/airflow-scheduler), a [PostgreSQL database](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) and a [Redis(R) server](https://github.com/bitnami/containers/tree/main/bitnami/redis). - -### Using the Docker Command Line - -1. Create a network - - ```console - docker network create airflow-tier - ``` - -2. Create a volume for PostgreSQL persistence and create a PostgreSQL container - - ```console - docker volume create --name postgresql_data - docker run -d --name postgresql \ - -e POSTGRESQL_USERNAME=bn_airflow \ - -e POSTGRESQL_PASSWORD=bitnami1 \ - -e POSTGRESQL_DATABASE=bitnami_airflow \ - --net airflow-tier \ - --volume postgresql_data:/bitnami/postgresql \ - bitnami/postgresql:latest - ``` - -3. Create a volume for Redis(R) persistence and create a Redis(R) container - - ```console - docker volume create --name redis_data - docker run -d --name redis \ - -e ALLOW_EMPTY_PASSWORD=yes \ - --net airflow-tier \ - --volume redis_data:/bitnami \ - bitnami/redis:latest - ``` - -4. Launch the Apache Airflow Worker web container - - ```console - docker run -d --name airflow -p 8080:8080 \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_LOAD_EXAMPLES=yes \ - -e AIRFLOW_PASSWORD=bitnami123 \ - -e AIRFLOW_USERNAME=user \ - -e AIRFLOW_EMAIL=user@example.com \ - --net airflow-tier \ - bitnami/airflow:latest - ``` - -5. Launch the Apache Airflow Worker scheduler container - - ```console - docker run -d --name airflow-scheduler \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_LOAD_EXAMPLES=yes \ - --net airflow-tier \ - bitnami/airflow-scheduler:latest - ``` - -6. Launch the Apache Airflow Worker worker container - - ```console - docker run -d --name airflow-worker \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_QUEUE=new_queue \ - --net airflow-tier \ - bitnami/airflow-worker:latest - ``` - - Access your application at `http://your-ip:8080` - -### Using `docker-compose.yaml` - -```console -curl -LO https://raw.githubusercontent.com/bitnami/containers/main/bitnami/airflow/docker-compose.yml -docker-compose up -``` - -Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/airflow). - -If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). - -### Persisting your application - -The Bitnami Airflow container relies on the PostgreSQL database & Redis to persist the data. This means that Airflow does not persist anything. To avoid loss of data, you should mount volumes for persistence of [PostgreSQL data](https://github.com/bitnami/containers/blob/main/bitnami/mariadb#persisting-your-database) and [Redis(R) data](https://github.com/bitnami/containers/blob/main/bitnami/redis#persisting-your-database) - -The above examples define docker volumes namely `postgresql_data`, and `redis_data`. The Airflow application state will persist as long as these volumes are not removed. - -To avoid inadvertent removal of these volumes you can [mount host directories as data volumes](https://docs.docker.com/engine/tutorials/dockervolumes/). Alternatively you can make use of volume plugins to host the volume data. - -#### Mount host directories as data volumes with Docker Compose - -The following `docker-compose.yml` template demonstrates the use of host directories as data volumes. - -```yaml -version: '2' -services: - postgresql: - image: 'bitnami/postgresql:latest' - environment: - - POSTGRESQL_DATABASE=bitnami_airflow - - POSTGRESQL_USERNAME=bn_airflow - - POSTGRESQL_PASSWORD=bitnami1 - volumes: - - /path/to/postgresql-persistence:/bitnami - redis: - image: 'bitnami/redis:latest' - environment: - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - /path/to/redis-persistence:/bitnami - airflow-worker: - image: bitnami/airflow-worker:latest - environment: - - AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= - - AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_LOAD_EXAMPLES=yes - airflow-scheduler: - image: bitnami/airflow-scheduler:latest - environment: - - AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= - - AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_LOAD_EXAMPLES=yes - airflow: - image: bitnami/airflow:latest - environment: - - AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= - - AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_PASSWORD=bitnami123 - - AIRFLOW_USERNAME=user - - AIRFLOW_EMAIL=user@example.com - ports: - - '8080:8080' -``` - -#### Mount host directories as data volumes using the Docker command line - -1. Create a network (if it does not exist) - - ```console - docker network create airflow-tier - ``` - -2. Create the PostgreSQL container with host volumes - - ```console - docker run -d --name postgresql \ - -e POSTGRESQL_USERNAME=bn_airflow \ - -e POSTGRESQL_PASSWORD=bitnami1 \ - -e POSTGRESQL_DATABASE=bitnami_airflow \ - --net airflow-tier \ - --volume /path/to/postgresql-persistence:/bitnami \ - bitnami/postgresql:latest - ``` - -3. Create the Redis(R) container with host volumes - - ```console - docker run -d --name redis \ - -e ALLOW_EMPTY_PASSWORD=yes \ - --net airflow-tier \ - --volume /path/to/redis-persistence:/bitnami \ - bitnami/redis:latest - ``` - -4. Create the Airflow container - - ```console - docker run -d --name airflow -p 8080:8080 \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_LOAD_EXAMPLES=yes \ - -e AIRFLOW_PASSWORD=bitnami123 \ - -e AIRFLOW_USERNAME=user \ - -e AIRFLOW_EMAIL=user@example.com \ - --net airflow-tier \ - bitnami/airflow:latest - ``` - -5. Create the Airflow Scheduler container - - ```console - docker run -d --name airflow-scheduler \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_LOAD_EXAMPLES=yes \ - --net airflow-tier \ - bitnami/airflow-scheduler:latest - ``` - -6. Create the Airflow Worker container - - ```console - docker run -d --name airflow-worker \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - --net airflow-tier \ - bitnami/airflow-worker:latest - ``` - -## Configuration - -### Installing additional python modules - -This container supports the installation of additional python modules at start-up time. In order to do that, you can mount a `requirements.txt` file with your specific needs under the path `/bitnami/python/requirements.txt`. - -### Environment variables - -#### Customizable environment variables - -| Name | Description | Default Value | -|-------------------------------------|-----------------------------------------------------------------------|----------------------| -| `AIRFLOW_EXECUTOR` | Airflow executor. | `SequentialExecutor` | -| `AIRFLOW_RAW_FERNET_KEY` | Airflow raw/unencoded Fernet key | `nil` | -| `AIRFLOW_FERNET_KEY` | Airflow Fernet key | `nil` | -| `AIRFLOW_SECRET_KEY` | Airflow Secret key | `nil` | -| `AIRFLOW_FORCE_OVERWRITE_CONF_FILE` | Force the airflow.cfg config file generation. | `no` | -| `AIRFLOW_WEBSERVER_HOST` | Airflow webserver host | `127.0.0.1` | -| `AIRFLOW_WEBSERVER_PORT_NUMBER` | Airflow webserver port. | `8080` | -| `AIRFLOW_HOSTNAME_CALLABLE` | Method to obtain the hostname. | `nil` | -| `AIRFLOW_QUEUE` | A queue for the worker to pull tasks from. | `nil` | -| `AIRFLOW_DATABASE_HOST` | Hostname for PostgreSQL server. | `postgresql` | -| `AIRFLOW_DATABASE_PORT_NUMBER` | Port used by PostgreSQL server. | `5432` | -| `AIRFLOW_DATABASE_NAME` | Database name that Airflow will use to connect with the database. | `bitnami_airflow` | -| `AIRFLOW_DATABASE_USERNAME` | Database user that Airflow will use to connect with the database. | `bn_airflow` | -| `AIRFLOW_DATABASE_PASSWORD` | Database password that Airflow will use to connect with the database. | `nil` | -| `AIRFLOW_DATABASE_USE_SSL` | Set to yes if the database is using SSL. | `no` | -| `AIRFLOW_REDIS_USE_SSL` | Set to yes if Redis(R) uses SSL. | `no` | -| `REDIS_HOST` | Hostname for Redis(R) server. | `redis` | -| `REDIS_PORT_NUMBER` | Port used by Redis(R) server. | `6379` | -| `REDIS_USER` | User that Airflow will use to connect with Redis(R). | `nil` | -| `REDIS_PASSWORD` | Password that Airflow will use to connect with Redis(R). | `nil` | -| `REDIS_DATABASE` | Name of the Redis(R) database. | `1` | - -#### Read-only environment variables - -| Name | Description | Value | -|------------------------|-------------------------------------------|------------------------------------------| -| `AIRFLOW_BASE_DIR` | Airflow installation directory. | `${BITNAMI_ROOT_DIR}/airflow` | -| `AIRFLOW_HOME` | Airflow home directory. | `${AIRFLOW_BASE_DIR}` | -| `AIRFLOW_BIN_DIR` | Airflow directory for binary executables. | `${AIRFLOW_BASE_DIR}/venv/bin` | -| `AIRFLOW_LOGS_DIR` | Airflow logs directory. | `${AIRFLOW_BASE_DIR}/logs` | -| `AIRFLOW_LOG_FILE` | Airflow logs directory. | `${AIRFLOW_LOGS_DIR}/airflow-worker.log` | -| `AIRFLOW_CONF_FILE` | Airflow configuration file. | `${AIRFLOW_BASE_DIR}/airflow.cfg` | -| `AIRFLOW_TMP_DIR` | Airflow directory temporary files. | `${AIRFLOW_BASE_DIR}/tmp` | -| `AIRFLOW_PID_FILE` | Path to the Airflow PID file. | `${AIRFLOW_TMP_DIR}/airflow-worker.pid` | -| `AIRFLOW_DAGS_DIR` | Airflow data to be persisted. | `${AIRFLOW_BASE_DIR}/dags` | -| `AIRFLOW_DAEMON_USER` | Airflow system user. | `airflow` | -| `AIRFLOW_DAEMON_GROUP` | Airflow system group. | `airflow` | - -> In addition to the previous environment variables, all the parameters from the configuration file can be overwritten by using environment variables with this format: `AIRFLOW__{SECTION}__{KEY}`. Note the double underscores. - -#### Specifying Environment variables using Docker Compose - -```yaml -version: '2' - -services: - airflow: - image: bitnami/airflow:latest - environment: - - AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= - - AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_PASSWORD=bitnami123 - - AIRFLOW_USERNAME=user - - AIRFLOW_EMAIL=user@example.com -``` - -#### Specifying Environment variables on the Docker command line - -```console -docker run -d --name airflow -p 8080:8080 \ - -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \ - -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \ - -e AIRFLOW_EXECUTOR=CeleryExecutor \ - -e AIRFLOW_DATABASE_NAME=bitnami_airflow \ - -e AIRFLOW_DATABASE_USERNAME=bn_airflow \ - -e AIRFLOW_DATABASE_PASSWORD=bitnami1 \ - -e AIRFLOW_PASSWORD=bitnami123 \ - -e AIRFLOW_USERNAME=user \ - -e AIRFLOW_EMAIL=user@example.com \ - bitnami/airflow:latest -``` - -## Notable Changes - -### Starting January 16, 2024 - -* The `docker-compose.yaml` file has been removed, as it was solely intended for internal testing purposes. - -### 1.10.15-debian-10-r18 and 2.0.1-debian-10-r51 - -* The size of the container image has been decreased. -* The configuration logic is now based on Bash scripts in the *rootfs/* folder. - -## Contributing - -We'd love for you to contribute to this Docker image. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. - -## Issues - -If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/bitnami/airflow/2/debian-12/Dockerfile b/bitnami/airflow/2/debian-12/Dockerfile index c516e8cd642c3..a4eb06272e679 100644 --- a/bitnami/airflow/2/debian-12/Dockerfile +++ b/bitnami/airflow/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:45:48Z" \ + org.opencontainers.image.created="2025-01-11T18:19:27Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/airflow/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.9.1-debian-12-r4" \ + org.opencontainers.image.ref.name="2.10.4-debian-12-r3" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/airflow" \ org.opencontainers.image.title="airflow" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.9.1" + org.opencontainers.image.version="2.10.4" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,19 +26,18 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl git krb5-user libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libedit2 libffi8 libgcc-s1 libgmp10 libgnutls30 libgss-dev libgssapi-krb5-2 libhogweed6 libicu72 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5-dev libkrb5support0 libldap-2.5-0 liblz4-1 liblzma5 libmariadb3 libmd0 libncursesw6 libnettle8 libnsl2 libp11-kit0 libreadline8 libsasl2-2 libsasl2-modules libsqlite3-0 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtinfo6 libtirpc3 libudev1 libunistring2 libuuid1 libxml2 libxslt1.1 locales netbase procps tzdata zlib1g +RUN install_packages ca-certificates curl git krb5-user libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgmp10 libgnutls30 libgss-dev libgssapi-krb5-2 libhogweed6 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5-dev libkrb5support0 libldap-2.5-0 liblzma5 libmariadb3 libncursesw6 libnettle8 libnsl2 libp11-kit0 libreadline8 libsasl2-2 libsasl2-modules libsqlite3-0 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtinfo6 libtirpc3 libudev1 libunistring2 locales netbase openssh-client procps tzdata zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "python-3.11.9-8-linux-${OS_ARCH}-debian-12" \ - "postgresql-client-16.3.0-1-linux-${OS_ARCH}-debian-12" \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "airflow-2.9.1-3-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "python-3.12.8-1-linux-${OS_ARCH}-debian-12" \ + "ini-file-1.4.7-8-linux-${OS_ARCH}-debian-12" \ + "airflow-2.10.4-2-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -58,18 +58,18 @@ COPY rootfs / RUN /opt/bitnami/scripts/airflow/postunpack.sh RUN /opt/bitnami/scripts/locales/add-extra-locales.sh ENV AIRFLOW_HOME="/opt/bitnami/airflow" \ - APP_VERSION="2.9.1" \ + APP_VERSION="2.10.4" \ BITNAMI_APP_NAME="airflow" \ LANG="en_US.UTF-8" \ LANGUAGE="en_US:en" \ - LD_LIBRARY_PATH="/opt/bitnami/airflow/venv/lib/python3.8/site-packages/numpy.libs:/opt/bitnami/python/lib:$LD_LIBRARY_PATH" \ + LD_LIBRARY_PATH="/opt/bitnami/airflow/venv/lib/python3.12/site-packages/numpy.libs:/opt/bitnami/python/lib:$LD_LIBRARY_PATH" \ LIBNSS_WRAPPER_PATH="/opt/bitnami/common/lib/libnss_wrapper.so" \ LNAME="airflow" \ NSS_WRAPPER_GROUP="/opt/bitnami/airflow/nss-wrapper/nss_group" \ NSS_WRAPPER_PASSWD="/opt/bitnami/airflow/nss-wrapper/nss_passwd" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/python/bin:/opt/bitnami/postgresql/bin:/opt/bitnami/airflow/venv/bin:$PATH" + PATH="/opt/bitnami/common/bin:/opt/bitnami/python/bin:/opt/bitnami/airflow/venv/bin:$PATH" -EXPOSE 8080 +EXPOSE 8080 8125 8793 8794 USER 1001 ENTRYPOINT [ "/opt/bitnami/scripts/airflow/entrypoint.sh" ] diff --git a/bitnami/airflow/2/debian-12/docker-compose.yml b/bitnami/airflow/2/debian-12/docker-compose.yml index dc198f98a9513..15bc520c3ed10 100644 --- a/bitnami/airflow/2/debian-12/docker-compose.yml +++ b/bitnami/airflow/2/debian-12/docker-compose.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: @@ -15,23 +13,25 @@ services: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes redis: - image: docker.io/bitnami/redis:7.0 + image: docker.io/bitnami/redis:latest volumes: - 'redis_data:/bitnami' environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes airflow-scheduler: - image: docker.io/bitnami/airflow-scheduler:2 + image: docker.io/bitnami/airflow:2 environment: + - AIRFLOW_COMPONENT_TYPE=scheduler - AIRFLOW_DATABASE_NAME=bitnami_airflow - AIRFLOW_DATABASE_USERNAME=bn_airflow - AIRFLOW_DATABASE_PASSWORD=bitnami1 - AIRFLOW_EXECUTOR=CeleryExecutor - AIRFLOW_WEBSERVER_HOST=airflow airflow-worker: - image: docker.io/bitnami/airflow-worker:2 + image: docker.io/bitnami/airflow:2 environment: + - AIRFLOW_COMPONENT_TYPE=worker - AIRFLOW_DATABASE_NAME=bitnami_airflow - AIRFLOW_DATABASE_USERNAME=bn_airflow - AIRFLOW_DATABASE_PASSWORD=bitnami1 diff --git a/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 41b9d734d5a27..5c23b4c78d75c 100644 --- a/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,30 +3,24 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.9.1-3" + "version": "2.10.4-2" }, "ini-file": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.4.6-13" - }, - "postgresql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "16.3.0-1" + "version": "1.4.7-8" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-8" + "version": "3.12.8-1" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-12" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/airflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow-env.sh b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow-env.sh index 79bdf7ad870f0..99870f4a1f2bb 100644 --- a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow-env.sh +++ b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow-env.sh @@ -29,19 +29,24 @@ airflow_env_vars=( AIRFLOW_FIRSTNAME AIRFLOW_LASTNAME AIRFLOW_EMAIL + AIRFLOW_COMPONENT_TYPE AIRFLOW_EXECUTOR AIRFLOW_RAW_FERNET_KEY AIRFLOW_FORCE_OVERWRITE_CONF_FILE AIRFLOW_FERNET_KEY AIRFLOW_SECRET_KEY + AIRFLOW_WEBSERVER_BASE_URL AIRFLOW_WEBSERVER_HOST AIRFLOW_WEBSERVER_PORT_NUMBER AIRFLOW_LOAD_EXAMPLES - AIRFLOW_BASE_URL AIRFLOW_HOSTNAME_CALLABLE AIRFLOW_POOL_NAME AIRFLOW_POOL_SIZE AIRFLOW_POOL_DESC + AIRFLOW_STANDALONE_DAG_PROCESSOR + AIRFLOW_TRIGGERER_DEFAULT_CAPACITY + AIRFLOW_WORKER_QUEUE + AIRFLOW_SKIP_DB_SETUP AIRFLOW_DATABASE_HOST AIRFLOW_DATABASE_PORT_NUMBER AIRFLOW_DATABASE_NAME @@ -67,6 +72,8 @@ airflow_env_vars=( AIRFLOW_LDAP_USE_TLS AIRFLOW_LDAP_ALLOW_SELF_SIGNED AIRFLOW_LDAP_TLS_CA_CERTIFICATE + AIRFLOW_BASE_URL + AIRFLOW_QUEUE ) for env_var in "${airflow_env_vars[@]}"; do file_env_var="${env_var}_FILE" @@ -83,15 +90,13 @@ unset airflow_env_vars # Airflow paths export AIRFLOW_BASE_DIR="${BITNAMI_ROOT_DIR}/airflow" -export AIRFLOW_HOME="${AIRFLOW_BASE_DIR}" +export AIRFLOW_HOME="$AIRFLOW_BASE_DIR" export AIRFLOW_BIN_DIR="${AIRFLOW_BASE_DIR}/venv/bin" export AIRFLOW_LOGS_DIR="${AIRFLOW_BASE_DIR}/logs" export AIRFLOW_SCHEDULER_LOGS_DIR="${AIRFLOW_LOGS_DIR}/scheduler" -export AIRFLOW_LOG_FILE="${AIRFLOW_LOGS_DIR}/airflow-webserver.log" export AIRFLOW_CONF_FILE="${AIRFLOW_BASE_DIR}/airflow.cfg" export AIRFLOW_WEBSERVER_CONF_FILE="${AIRFLOW_BASE_DIR}/webserver_config.py" export AIRFLOW_TMP_DIR="${AIRFLOW_BASE_DIR}/tmp" -export AIRFLOW_PID_FILE="${AIRFLOW_TMP_DIR}/airflow-webserver.pid" export AIRFLOW_DAGS_DIR="${AIRFLOW_BASE_DIR}/dags" export PATH="${AIRFLOW_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" @@ -107,19 +112,26 @@ export AIRFLOW_LASTNAME="${AIRFLOW_LASTNAME:-Lastname}" export AIRFLOW_EMAIL="${AIRFLOW_EMAIL:-user@example.com}" # Airflow configuration +export AIRFLOW_COMPONENT_TYPE="${AIRFLOW_COMPONENT_TYPE:-webserver}" export AIRFLOW_EXECUTOR="${AIRFLOW_EXECUTOR:-SequentialExecutor}" export AIRFLOW_RAW_FERNET_KEY="${AIRFLOW_RAW_FERNET_KEY:-}" export AIRFLOW_FORCE_OVERWRITE_CONF_FILE="${AIRFLOW_FORCE_OVERWRITE_CONF_FILE:-no}" export AIRFLOW_FERNET_KEY="${AIRFLOW_FERNET_KEY:-}" export AIRFLOW_SECRET_KEY="${AIRFLOW_SECRET_KEY:-}" +AIRFLOW_WEBSERVER_BASE_URL="${AIRFLOW_WEBSERVER_BASE_URL:-"${AIRFLOW_BASE_URL:-}"}" +export AIRFLOW_WEBSERVER_BASE_URL="${AIRFLOW_WEBSERVER_BASE_URL:-}" export AIRFLOW_WEBSERVER_HOST="${AIRFLOW_WEBSERVER_HOST:-127.0.0.1}" export AIRFLOW_WEBSERVER_PORT_NUMBER="${AIRFLOW_WEBSERVER_PORT_NUMBER:-8080}" export AIRFLOW_LOAD_EXAMPLES="${AIRFLOW_LOAD_EXAMPLES:-yes}" -export AIRFLOW_BASE_URL="${AIRFLOW_BASE_URL:-}" export AIRFLOW_HOSTNAME_CALLABLE="${AIRFLOW_HOSTNAME_CALLABLE:-}" export AIRFLOW_POOL_NAME="${AIRFLOW_POOL_NAME:-}" export AIRFLOW_POOL_SIZE="${AIRFLOW_POOL_SIZE:-}" export AIRFLOW_POOL_DESC="${AIRFLOW_POOL_DESC:-}" +export AIRFLOW_STANDALONE_DAG_PROCESSOR="${AIRFLOW_STANDALONE_DAG_PROCESSOR:-no}" +export AIRFLOW_TRIGGERER_DEFAULT_CAPACITY="${AIRFLOW_TRIGGERER_DEFAULT_CAPACITY:-1000}" +AIRFLOW_WORKER_QUEUE="${AIRFLOW_WORKER_QUEUE:-"${AIRFLOW_QUEUE:-}"}" +export AIRFLOW_WORKER_QUEUE="${AIRFLOW_WORKER_QUEUE:-}" +export AIRFLOW_SKIP_DB_SETUP="${AIRFLOW_SKIP_DB_SETUP:-no}" # Airflow database configuration export AIRFLOW_DATABASE_HOST="${AIRFLOW_DATABASE_HOST:-postgresql}" diff --git a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/entrypoint.sh b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/entrypoint.sh index 3a097862ab6f9..d1d30359d06c5 100755 --- a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/entrypoint.sh +++ b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/entrypoint.sh @@ -36,7 +36,6 @@ fi if [[ "$*" = *"/opt/bitnami/scripts/airflow/run.sh"* || "$*" = *"/run.sh"* ]]; then info "** Starting Airflow setup **" - /opt/bitnami/scripts/postgresql-client/setup.sh /opt/bitnami/scripts/airflow/setup.sh info "** Airflow setup finished! **" fi diff --git a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/run.sh b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/run.sh index f67a342f9b312..7d9ca26e34bf7 100755 --- a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/run.sh +++ b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/run.sh @@ -16,11 +16,17 @@ set -o pipefail . /opt/bitnami/scripts/libos.sh . /opt/bitnami/scripts/libairflow.sh -args=("--pid" "$AIRFLOW_PID_FILE" "$@") +command=("$AIRFLOW_COMPONENT_TYPE") +args=("--pid" "${AIRFLOW_TMP_DIR}/airflow-${AIRFLOW_COMPONENT_TYPE}.pid" "$@") +if [[ "$AIRFLOW_COMPONENT_TYPE" = "worker" ]]; then + command=("celery" "worker") + [[ -n "$AIRFLOW_WORKER_QUEUE" ]] && args+=("-q" "$AIRFLOW_WORKER_QUEUE") + am_i_root && export C_FORCE_ROOT="true" +fi info "** Starting Airflow **" if am_i_root; then - exec_as_user "$AIRFLOW_DAEMON_USER" "${AIRFLOW_BIN_DIR}/airflow" "webserver" "${args[@]}" + exec_as_user "$AIRFLOW_DAEMON_USER" "${AIRFLOW_BIN_DIR}/airflow" "${command[@]}" "${args[@]}" else - exec "${AIRFLOW_BIN_DIR}/airflow" "webserver" "${args[@]}" + exec "${AIRFLOW_BIN_DIR}/airflow" "${command[@]}" "${args[@]}" fi diff --git a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/setup.sh b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/setup.sh index 4adc5cf9038dd..0361f526768e8 100755 --- a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/setup.sh +++ b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/airflow/setup.sh @@ -12,13 +12,6 @@ set -o pipefail # Load Airflow environment variables . /opt/bitnami/scripts/airflow-env.sh -# Load PostgreSQL Client environment for 'postgresql_remote_execute' (after 'airflow-env.sh' so that MODULE is not set to a wrong value) -if [[ -f /opt/bitnami/scripts/postgresql-client-env.sh ]]; then - . /opt/bitnami/scripts/postgresql-client-env.sh -elif [[ -f /opt/bitnami/scripts/postgresql-env.sh ]]; then - . /opt/bitnami/scripts/postgresql-env.sh -fi - # Load libraries . /opt/bitnami/scripts/libos.sh . /opt/bitnami/scripts/libfs.sh diff --git a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh index 7a91931beccc0..e1f01cbb82f0a 100644 --- a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh +++ b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh @@ -15,13 +15,6 @@ . /opt/bitnami/scripts/libvalidations.sh . /opt/bitnami/scripts/libpersistence.sh -# Load database library -if [[ -f /opt/bitnami/scripts/libpostgresqlclient.sh ]]; then - . /opt/bitnami/scripts/libpostgresqlclient.sh -elif [[ -f /opt/bitnami/scripts/libpostgresql.sh ]]; then - . /opt/bitnami/scripts/libpostgresql.sh -fi - # Functions ######################## @@ -42,57 +35,108 @@ airflow_validate() { error_code=1 } + check_allowed_port() { + local validate_port_args=() + ! am_i_root && validate_port_args+=("-unprivileged") + validate_port_args+=("${!1}") + if ! err=$(validate_port "${validate_port_args[@]}"); then + print_validation_error "An invalid port was specified in the environment variable $1: $err" + fi + } + + check_resolved_hostname() { + if ! is_hostname_resolved "$1"; then + warn "Hostname $1 could not be resolved. This could lead to connection issues" + fi + } + check_multi_value() { if [[ " ${2} " != *" ${!1} "* ]]; then print_validation_error "The allowed values for ${1} are: ${2}" fi } - # Check postgresql host - [[ -z "$AIRFLOW_DATABASE_HOST" ]] && print_validation_error "Missing AIRFLOW_DATABASE_HOST" - - # Check LDAP parameters - if is_boolean_yes "$AIRFLOW_LDAP_ENABLE"; then - [[ -z "$AIRFLOW_LDAP_URI" ]] && print_validation_error "Missing AIRFLOW_LDAP_URI" - [[ -z "$AIRFLOW_LDAP_SEARCH" ]] && print_validation_error "Missing AIRFLOW_LDAP_SEARCH" - [[ -z "$AIRFLOW_LDAP_UID_FIELD" ]] && print_validation_error "Missing AIRFLOW_LDAP_UID_FIELD" - [[ -z "$AIRFLOW_LDAP_BIND_USER" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_USER" - [[ -z "$AIRFLOW_LDAP_BIND_PASSWORD" ]] && print_validation_error "Missing AIRFLOW_LDAP_BIND_PASSWORD" - [[ -z "$AIRFLOW_LDAP_ROLES_MAPPING" ]] && print_validation_error "Missing AIRFLOW_LDAP_ROLES_MAPPING" - [[ -z "$AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" ]] && print_validation_error "Missing AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" - [[ -z "$AIRFLOW_LDAP_USER_REGISTRATION" ]] && print_validation_error "Missing AIRFLOW_LDAP_USER_REGISTRATION" - [[ -z "$AIRFLOW_LDAP_USER_REGISTRATION_ROLE" ]] && print_validation_error "Missing AIRFLOW_LDAP_USER_REGISTRATION_ROLE" - - # Chack boolean env vars contain valid values - for var in "AIRFLOW_LDAP_USER_REGISTRATION" "AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" "AIRFLOW_LDAP_USE_TLS"; do - check_multi_value "$var" "True False" - done + check_positive_value() { + if ! is_positive_int "${!1}"; then + print_validation_error "The variable $1 must be positive integer" + fi + } - if [[ "$AIRFLOW_LDAP_USE_TLS" == "True" ]]; then - [[ -z "$AIRFLOW_LDAP_ALLOW_SELF_SIGNED" ]] && print_validation_error "Missing AIRFLOW_LDAP_ALLOW_SELF_SIGNED" - [[ -z "$AIRFLOW_LDAP_TLS_CA_CERTIFICATE" ]] && print_validation_error "Missing AIRFLOW_LDAP_TLS_CA_CERTIFICATE" + check_yes_no_value() { + if ! is_yes_no_value "${!1}"; then + print_validation_error "The allowed values for $1 are [yes, no]" fi + } - fi + check_empty_value() { + if is_empty_value "${!1}"; then + print_validation_error "The $1 environment variable is empty or not set." + fi + } - # Check pool parameters - if [[ -n "$AIRFLOW_POOL_NAME" ]]; then - [[ -z "$AIRFLOW_POOL_DESC" ]] && print_validation_error "Provided AIRFLOW_POOL_NAME but missing AIRFLOW_POOL_DESC" - [[ -z "$AIRFLOW_POOL_SIZE" ]] && print_validation_error "Provided AIRFLOW_POOL_NAME but missing AIRFLOW_POOL_SIZE" - fi + # Check component type & executor + check_empty_value "AIRFLOW_COMPONENT_TYPE" + check_multi_value "AIRFLOW_COMPONENT_TYPE" "webserver scheduler worker triggerer dag-processor" + check_empty_value "AIRFLOW_EXECUTOR" + check_yes_no_value "AIRFLOW_STANDALONE_DAG_PROCESSOR" + check_yes_no_value "AIRFLOW_SKIP_DB_SETUP" # Check cryptography parameters if [[ -n "$AIRFLOW_RAW_FERNET_KEY" && -z "$AIRFLOW_FERNET_KEY" ]]; then - local fernet_char_count - fernet_char_count="$(echo -n "$AIRFLOW_RAW_FERNET_KEY")" - if [[ "$fernet_char_count" -lt 32 ]]; then + if validate_string "$AIRFLOW_RAW_FERNET_KEY" -min-length 32; then print_validation_error "AIRFLOW_RAW_FERNET_KEY must have at least 32 characters" - elif [[ "$fernet_char_count" -gt 32 ]]; then + elif validate_string "$AIRFLOW_RAW_FERNET_KEY" -max-length 32; then warn "AIRFLOW_RAW_FERNET_KEY has more than 32 characters, the rest will be ignored" fi AIRFLOW_FERNET_KEY="$(echo -n "${AIRFLOW_RAW_FERNET_KEY:0:32}" | base64)" fi + # Check database host and port number + check_empty_value "AIRFLOW_DATABASE_HOST" + check_resolved_hostname "$AIRFLOW_DATABASE_HOST" + check_positive_value AIRFLOW_DATABASE_PORT_NUMBER + check_positive_value REDIS_PORT_NUMBER + if [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]]; then + check_empty_value "REDIS_HOST" + check_resolved_hostname "$REDIS_HOST" + fi + + case "$AIRFLOW_COMPONENT_TYPE" in + webserver) + # Check webserver port number + check_allowed_port AIRFLOW_WEBSERVER_PORT_NUMBER + + # Check LDAP parameters + check_yes_no_value "AIRFLOW_LDAP_ENABLE" + if is_boolean_yes "$AIRFLOW_LDAP_ENABLE"; then + for var in "AIRFLOW_LDAP_URI" "AIRFLOW_LDAP_SEARCH" "AIRFLOW_LDAP_UID_FIELD" "AIRFLOW_LDAP_BIND_USER" "AIRFLOW_LDAP_BIND_PASSWORD" "AIRFLOW_LDAP_ROLES_MAPPING" "AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" "AIRFLOW_LDAP_USER_REGISTRATION" "AIRFLOW_LDAP_USER_REGISTRATION_ROLE"; do + check_empty_value "$var" + done + for var in "AIRFLOW_LDAP_USER_REGISTRATION" "AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN" "AIRFLOW_LDAP_USE_TLS"; do + check_yes_no_value "$var" + done + if is_boolean_yes "$AIRFLOW_LDAP_USE_TLS"; then + for var in "AIRFLOW_LDAP_ALLOW_SELF_SIGNED" "AIRFLOW_LDAP_TLS_CA_CERTIFICATE"; do + check_empty_value "$var" + done + fi + fi + + # Check pool parameters + if [[ -n "$AIRFLOW_POOL_NAME" ]]; then + for var in "AIRFLOW_POOL_DESC" "AIRFLOW_POOL_SIZE"; do + check_empty_value "$var" + done + fi + ;; + *) + # Check webserver host and port number + check_empty_value "AIRFLOW_WEBSERVER_HOST" + check_resolved_hostname "$AIRFLOW_WEBSERVER_HOST" + check_positive_value AIRFLOW_WEBSERVER_PORT_NUMBER + ;; + esac + return "$error_code" } @@ -109,7 +153,7 @@ airflow_initialize() { info "Initializing Airflow ..." # Change permissions if running as root - for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR" "$AIRFLOW_DAGS_DIR"; do + for dir in "$AIRFLOW_TMP_DIR" "$AIRFLOW_LOGS_DIR" "$AIRFLOW_SCHEDULER_LOGS_DIR" "$AIRFLOW_DAGS_DIR"; do ensure_dir_exists "$dir" am_i_root && chown "$AIRFLOW_DAEMON_USER:$AIRFLOW_DAEMON_GROUP" "$dir" done @@ -123,24 +167,40 @@ airflow_initialize() { fi info "Trying to connect to the database server" - airflow_wait_for_postgresql_connection - # Check if the Airflow database has been already initialized - if ! airflow_execute db check-migrations; then - # Delete pid file - rm -f "$AIRFLOW_PID_FILE" - - # Initialize database - info "Populating database" - airflow_execute db init - - airflow_create_admin_user - airflow_create_pool - else - # Upgrade database - info "Upgrading database schema" - airflow_execute db upgrade - true # Avoid return false when I am not root - fi + airflow_wait_for_db_connection + + case "$AIRFLOW_COMPONENT_TYPE" in + webserver) + # Remove pid file if exists to prevent error after WSL restarts + if [[ -f "${AIRFLOW_TMP_DIR}/airflow-webserver.pid" ]]; then + rm "${AIRFLOW_TMP_DIR}/airflow-webserver.pid" + fi + if is_boolean_yes "$AIRFLOW_SKIP_DB_SETUP"; then + info "Skipping database setup, waiting for db migrations to be completed" + airflow_wait_for_db_migrations + # Check if the Airflow database has been already initialized + elif ! airflow_execute db check-migrations; then + # Initialize database + info "Populating database" + airflow_execute db init + + airflow_create_admin_user + airflow_create_pool + else + # Upgrade database + info "Upgrading database schema" + airflow_execute db upgrade + true # Avoid return false when I am not root + fi + ;; + *) + info "Waiting for db migrations to be completed" + airflow_wait_for_db_migrations + if [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]]; then + wait-for-port --host "$REDIS_HOST" "$REDIS_PORT_NUMBER" + fi + ;; + esac } ######################## @@ -184,34 +244,51 @@ airflow_execute() { # None ######################### airflow_generate_config() { - # Create Airflow confirguration from default files - [[ ! -f "$AIRFLOW_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_airflow.cfg)" "$AIRFLOW_CONF_FILE" - [[ -n "$AIRFLOW_WEBSERVER_CONF_FILE" ]] && [[ ! -f "$AIRFLOW_WEBSERVER_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_webserver_config.py)" "$AIRFLOW_WEBSERVER_CONF_FILE" + case "$AIRFLOW_COMPONENT_TYPE" in + webserver) + # Create Airflow configuration from default files + [[ ! -f "$AIRFLOW_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_airflow.cfg)" "$AIRFLOW_CONF_FILE" + [[ ! -f "$AIRFLOW_WEBSERVER_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_webserver_config.py)" "$AIRFLOW_WEBSERVER_CONF_FILE" + # Setup Airflow webserver base URL + airflow_configure_webserver_base_url + # Configure Airflow webserver authentication + airflow_configure_webserver_authentication + ;; + *) + # Generate Airflow default files + debug_execute airflow version + ;; + esac - # Setup Airflow base URL - airflow_configure_base_url + # Configure the Webserver port + airflow_conf_set "webserver" "web_server_port" "$AIRFLOW_WEBSERVER_PORT_NUMBER" # Configure Airflow Hostname [[ -n "$AIRFLOW_HOSTNAME_CALLABLE" ]] && airflow_conf_set "core" "hostname_callable" "$AIRFLOW_HOSTNAME_CALLABLE" - # Configure Airflow webserver authentication - airflow_configure_webserver_authentication - # Configure Airflow to load examples - if is_boolean_yes "$AIRFLOW_LOAD_EXAMPLES"; then - airflow_conf_set "core" "load_examples" "True" - else - airflow_conf_set "core" "load_examples" "False" - fi # Configure Airflow database airflow_configure_database - # Configure the Webserver port - airflow_conf_set "webserver" "web_server_port" "$AIRFLOW_WEBSERVER_PORT_NUMBER" - # Setup the secret keys for database connection and flask application (fernet key and secret key) # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#fernet-key # ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key [[ -n "$AIRFLOW_FERNET_KEY" ]] && airflow_conf_set "core" "fernet_key" "$AIRFLOW_FERNET_KEY" [[ -n "$AIRFLOW_SECRET_KEY" ]] && airflow_conf_set "webserver" "secret_key" "$AIRFLOW_SECRET_KEY" + [[ "$AIRFLOW_COMPONENT_TYPE" = "triggerer" && -n "$AIRFLOW_TRIGGERER_DEFAULT_CAPACITY" ]] && airflow_conf_set "triggerer" "default_capacity" "$AIRFLOW_TRIGGERER_DEFAULT_CAPACITY" + if [[ "$AIRFLOW_COMPONENT_TYPE" != "worker" ]]; then + # Configure Airflow to load examples + if is_boolean_yes "$AIRFLOW_LOAD_EXAMPLES"; then + airflow_conf_set "core" "load_examples" "True" + else + airflow_conf_set "core" "load_examples" "False" + fi + # Configure Dag Processor mode + if is_boolean_yes "$AIRFLOW_STANDALONE_DAG_PROCESSOR"; then + airflow_conf_set "scheduler" "standalone_dag_processor" "True" + else + airflow_conf_set "scheduler" "standalone_dag_processor" "False" + fi + fi + # Configure Airflow executor airflow_conf_set "core" "executor" "$AIRFLOW_EXECUTOR" [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor" ]] && airflow_configure_celery_executor @@ -237,7 +314,7 @@ airflow_conf_set() { } ######################## -# Configure Airflow base url +# Configure Airflow webserver base url # Globals: # AIRFLOW_* # Arguments: @@ -245,11 +322,11 @@ airflow_conf_set() { # Returns: # None ######################### -airflow_configure_base_url() { - if [[ -z "$AIRFLOW_BASE_URL" ]]; then +airflow_configure_webserver_base_url() { + if [[ -z "$AIRFLOW_WEBSERVER_BASE_URL" ]]; then airflow_conf_set "webserver" "base_url" "http://${AIRFLOW_WEBSERVER_HOST}:${AIRFLOW_WEBSERVER_PORT_NUMBER}" else - airflow_conf_set "webserver" "base_url" "$AIRFLOW_BASE_URL" + airflow_conf_set "webserver" "base_url" "$AIRFLOW_WEBSERVER_BASE_URL" fi } @@ -323,13 +400,25 @@ airflow_webserver_conf_set() { # Check if the value was set before if grep -q "^#*\\s*${key} =.*$" "$file"; then local entry - is_boolean_yes "$is_literal" && entry="${key} = '${value}'" || entry="${key} = ${value}" + if is_boolean_yes "$is_literal"; then + # Replace every single backslash (\) with two backslashes (\\) + local new_value="${value//\\/\\\\}" + # Wrap the value in single quotes (') and escape every single quote with a backslash (\) + entry="${key} = '${new_value//"'"/\\\'}'" + else + entry="${key} = ${value}" + fi # Update the existing key replace_in_file "$file" "^#*\\s*${key} =.*$" "$entry" false else # Add a new key local new_value="$value" - is_boolean_yes "$is_literal" && new_value="'${value}'" + if is_boolean_yes "$is_literal"; then + # Replace every single backslash (\) with two backslashes (\\) + new_value="${new_value//\\/\\\\}" + # Wrap the value in single quotes (') and escape every single quote with a backslash (\) + new_value="'${new_value//"'"/\\\'}'" + fi printf '\n%s = %s' "$key" "$new_value" >>"$file" fi } @@ -354,7 +443,8 @@ airflow_configure_database() { } ######################## -# Return URL encoded string in the airflow conf format +# Return URL encoded string in the airflow conf format. +# This function is used to encode users and passwords following airflow format. Please note that Redis user and password can be empty. # Globals: # AIRFLOW_* # Arguments: @@ -363,7 +453,7 @@ airflow_configure_database() { # None ######################### airflow_encode_url() { - local -r url="${1?Missing url}" + local -r url="${1}" urlencode() { old_lc_collate="${LC_COLLATE:-}" @@ -422,13 +512,29 @@ airflow_configure_celery_executor() { # Returns: # true if the database connection succeeded, false otherwise ######################### -airflow_wait_for_postgresql_connection() { +airflow_wait_for_db_connection() { if ! retry_while "airflow_execute db check"; then error "Could not connect to the database" return 1 fi } +######################## +# Wait until db migrations are done +# Globals: +# None +# Arguments: +# None +# Returns: +# true if the db migrations are ready, false otherwise +######################### +airflow_wait_for_db_migrations() { + if ! retry_while "airflow_execute db check-migrations"; then + error "DB migrations are not ready yet" + return 1 + fi +} + ######################## # Airflow create admin user # Arguments: @@ -458,15 +564,17 @@ airflow_create_pool() { ######################## # Check if Airflow is running # Globals: -# AIRFLOW_PID_FILE +# AIRFLOW_TMP_DIR # Arguments: -# None +# 1 - PID file # Returns: # Whether Airflow is running ######################## is_airflow_running() { + local -r pid_file="${1:?Missing pid file}" + local pid - pid="$(get_pid_from_file "$AIRFLOW_PID_FILE")" + pid="$(get_pid_from_file "${AIRFLOW_TMP_DIR}/${pid_file}")" if [[ -n "$pid" ]]; then is_service_running "$pid" else @@ -477,28 +585,30 @@ is_airflow_running() { ######################## # Check if Airflow is not running # Globals: -# AIRFLOW_PID_FILE +# AIRFLOW_TMP_DIR # Arguments: -# None +# 1 - PID file # Returns: # Whether Airflow is not running ######################## is_airflow_not_running() { - ! is_airflow_running + ! is_airflow_running "$@" } ######################## # Stop Airflow # Globals: -# AIRFLOW* +# AIRFLOW_TMP_DIR # Arguments: -# None +# 1 - PID file # Returns: # None ######################### airflow_stop() { + local -r pid_file="${1:?Missing pid file}" + info "Stopping Airflow..." - stop_service_using_pid "$AIRFLOW_PID_FILE" + stop_service_using_pid "${AIRFLOW_TMP_DIR}/${pid_file}" } ######################## diff --git a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh b/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh deleted file mode 100644 index 3c8c53037a6af..0000000000000 --- a/bitnami/airflow/2/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh +++ /dev/null @@ -1,424 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami PostgreSQL Client library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Validate settings in POSTGRESQL_CLIENT_* environment variables -# Globals: -# POSTGRESQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -postgresql_client_validate() { - info "Validating settings in POSTGRESQL_CLIENT_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - - # Only validate environment variables if any action needs to be performed - local -a database_names - read -r -a database_names <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES")" - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" || "${#database_names[@]}" -gt 0 ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" ]]; then - empty_password_error "POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - fi - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]] && [[ -z "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then - empty_password_error "POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - fi - # When enabling extensions, the DB name must be provided - local -a extensions - read -r -a extensions <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS")" - if [[ "${#database_names[@]}" -le 0 && "${#extensions[@]}" -gt 0 ]]; then - print_validation_error "POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS requires POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES to be set." - fi - return "$error_code" -} - -######################## -# Perform actions to a database -# Globals: -# POSTGRESQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -postgresql_client_initialize() { - local -a database_names - read -r -a database_names <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_NAMES")" - # Wait for the database to be accessible if any action needs to be performed - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" || "${#database_names[@]}" -gt 0 ]]; then - info "Trying to connect to the database server" - check_postgresql_connection() { - echo "SELECT 1" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "postgres" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - } - if ! retry_while "check_postgresql_connection"; then - error "Could not connect to the database server" - return 1 - fi - fi - # Ensure a database user exists in the server - if [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]]; then - info "Creating database user ${POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME}" - local -a args=("$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" "--host" "$POSTGRESQL_CLIENT_DATABASE_HOST" "--port" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD") - postgresql_ensure_user_exists "${args[@]}" - fi - # Ensure a database exists in the server (and that the user has write privileges, if specified) - if [[ "${#database_names[@]}" -gt 0 ]]; then - local -a createdb_args extensions - read -r -a extensions <<< "$(tr ',;' ' ' <<< "$POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS")" - for database_name in "${database_names[@]}"; do - info "Creating database ${database_name}" - createdb_args=("$database_name" "--host" "$POSTGRESQL_CLIENT_DATABASE_HOST" "--port" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME" ]] && createdb_args+=("-u" "$POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME") - postgresql_ensure_database_exists "${createdb_args[@]}" - # Ensure the list of extensions are enabled in the specified database - if [[ "${#extensions[@]}" -gt 0 ]]; then - for extension_to_create in "${extensions[@]}"; do - echo "CREATE EXTENSION IF NOT EXISTS ${extension_to_create}" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "$database_name" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - done - fi - done - fi - # Execute a custom SQL script - if [[ -n "$POSTGRESQL_CLIENT_EXECUTE_SQL" ]]; then - info "Executing custom SQL script" - echo "$POSTGRESQL_CLIENT_EXECUTE_SQL" | postgresql_remote_execute "$POSTGRESQL_CLIENT_DATABASE_HOST" "$POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER" "postgres" "$POSTGRESQL_CLIENT_POSTGRES_USER" "$POSTGRESQL_CLIENT_POSTGRES_PASSWORD" - fi - # Avoid exit code of previous commands to affect the result of this function - true -} - -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC2148 - -######################## -# Return PostgreSQL major version -# Globals: -# POSTGRESQL_* -# Arguments: -# None -# Returns: -# String -######################### -postgresql_get_major_version() { - psql --version | grep -oE "[0-9]+\.[0-9]+" | grep -oE "^[0-9]+" -} - -######################## -# Gets an environment variable name based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var_value() { - local env_var_suffix="${1:?missing suffix}" - local env_var_name - for env_var_prefix in POSTGRESQL POSTGRESQL_CLIENT; do - env_var_name="${env_var_prefix}_${env_var_suffix}" - if [[ -n "${!env_var_name:-}" ]]; then - echo "${!env_var_name}" - break - fi - done -} - -######################## -# Execute an arbitrary query/queries against the running PostgreSQL service and print the output -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# POSTGRESQL_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra options (eg. -tA) -# Returns: -# None -######################### -postgresql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-postgres}" - local -r pass="${3:-}" - local opts - read -r -a opts <<<"${@:4}" - - local args=("-U" "$user" "-p" "${POSTGRESQL_PORT_NUMBER:-5432}") - [[ -n "$db" ]] && args+=("-d" "$db") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - - # Execute the Query/queries from stdin - PGPASSWORD=$pass psql "${args[@]}" -} - -######################## -# Execute an arbitrary query/queries against the running PostgreSQL service -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# POSTGRESQL_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra options (eg. -tA) -# Returns: -# None -######################### -postgresql_execute() { - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - "postgresql_execute_print_output" "$@" - elif [[ "${NO_ERRORS:-false}" = true ]]; then - "postgresql_execute_print_output" "$@" 2>/dev/null - else - "postgresql_execute_print_output" "$@" >/dev/null 2>&1 - fi -} - -######################## -# Execute an arbitrary query/queries against a remote PostgreSQL service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Remote PostgreSQL service hostname -# $2 - Remote PostgreSQL service port -# $3 - Database where to run the queries -# $4 - User to run queries -# $5 - Password -# $6 - Extra options (eg. -tA) -# Returns: -# None -postgresql_remote_execute_print_output() { - local -r hostname="${1:?hostname is required}" - local -r port="${2:?port is required}" - local -a args=("-h" "$hostname" "-p" "$port") - shift 2 - "postgresql_execute_print_output" "$@" "${args[@]}" -} - -######################## -# Execute an arbitrary query/queries against a remote PostgreSQL service -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Remote PostgreSQL service hostname -# $2 - Remote PostgreSQL service port -# $3 - Database where to run the queries -# $4 - User to run queries -# $5 - Password -# $6 - Extra options (eg. -tA) -# Returns: -# None -postgresql_remote_execute() { - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - "postgresql_remote_execute_print_output" "$@" - elif [[ "${NO_ERRORS:-false}" = true ]]; then - "postgresql_remote_execute_print_output" "$@" 2>/dev/null - else - "postgresql_remote_execute_print_output" "$@" >/dev/null 2>&1 - fi -} - -######################## -# Optionally create the given database user -# Flags: -# -p|--password - database password -# --host - database host -# --port - database port -# Arguments: -# $1 - user -# Returns: -# None -######################### -postgresql_ensure_user_exists() { - local -r user="${1:?user is missing}" - local password="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p | --password) - shift - password="${1:?missing password}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a postgresql_execute_cmd=("postgresql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && postgresql_execute_cmd=("postgresql_remote_execute" "$db_host" "$db_port") - local -a postgresql_execute_flags=("postgres" "$(get_env_var_value POSTGRES_USER)" "$(get_env_var_value POSTGRES_PASSWORD)") - - "${postgresql_execute_cmd[@]}" "${postgresql_execute_flags[@]}" <&2 - return 1 - ;; - esac - shift - done - - local -a postgresql_execute_cmd=("postgresql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && postgresql_execute_cmd=("postgresql_remote_execute" "$db_host" "$db_port") - local -a postgresql_execute_flags=("postgres" "$(get_env_var_value POSTGRES_USER)" "$(get_env_var_value POSTGRES_PASSWORD)") - - "${postgresql_execute_cmd[@]}" "${postgresql_execute_flags[@]}" < In addition to the previous environment variables, all the parameters from the configuration file can be overwritten by using environment variables with this format: `AIRFLOW__{SECTION}__{KEY}`. Note the double underscores. @@ -456,6 +470,11 @@ docker run -d --name airflow -p 8080:8080 \ ## Notable Changes +### Starting October 30, 2024 + +* The Airflow container now supports running as a Web server, Scheduler or Worker component, so it's no longer necessary to combine this container image with `bitnami/airflow-scheduler` and `bitnami/airflow-worker` in order to use the `CeleryExecutor`. +* The `AIRFLOW_COMPONENT_TYPE` environment variable was introduced to specify the component type. Current supported values are `webserver`, `scheduler` and `worker`, although it's planned to add soon support for `dag-processor` and `triggerer` components. The default value is `webserver`. + ### 1.10.15-debian-10-r17 and 2.0.1-debian-10-r50 * The size of the container image has been decreased. @@ -471,7 +490,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/airflow/docker-compose-ldap.yml b/bitnami/airflow/docker-compose-ldap.yml index 637ab4bf94faf..51d157ae956e4 100644 --- a/bitnami/airflow/docker-compose-ldap.yml +++ b/bitnami/airflow/docker-compose-ldap.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: @@ -14,14 +12,15 @@ services: - POSTGRESQL_PASSWORD=bitnami1 - ALLOW_EMPTY_PASSWORD=yes redis: - image: docker.io/bitnami/redis:7.0 + image: docker.io/bitnami/redis:latest volumes: - 'redis_data:/bitnami' environment: - ALLOW_EMPTY_PASSWORD=yes airflow-scheduler: - image: docker.io/bitnami/airflow-scheduler:2 + image: docker.io/bitnami/airflow:2 environment: + - AIRFLOW_COMPONENT_TYPE=scheduler - AIRFLOW_DATABASE_NAME=bitnami_airflow - AIRFLOW_DATABASE_USERNAME=bn_airflow - AIRFLOW_DATABASE_PASSWORD=bitnami1 @@ -30,8 +29,9 @@ services: volumes: - airflow_scheduler_data:/bitnami airflow-worker: - image: docker.io/bitnami/airflow-worker:2 + image: docker.io/bitnami/airflow:2 environment: + - AIRFLOW_COMPONENT_TYPE=worker - AIRFLOW_DATABASE_NAME=bitnami_airflow - AIRFLOW_DATABASE_USERNAME=bn_airflow - AIRFLOW_DATABASE_PASSWORD=bitnami1 diff --git a/bitnami/airflow/docker-compose.yml b/bitnami/airflow/docker-compose.yml index dc198f98a9513..15bc520c3ed10 100644 --- a/bitnami/airflow/docker-compose.yml +++ b/bitnami/airflow/docker-compose.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: @@ -15,23 +13,25 @@ services: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes redis: - image: docker.io/bitnami/redis:7.0 + image: docker.io/bitnami/redis:latest volumes: - 'redis_data:/bitnami' environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes airflow-scheduler: - image: docker.io/bitnami/airflow-scheduler:2 + image: docker.io/bitnami/airflow:2 environment: + - AIRFLOW_COMPONENT_TYPE=scheduler - AIRFLOW_DATABASE_NAME=bitnami_airflow - AIRFLOW_DATABASE_USERNAME=bn_airflow - AIRFLOW_DATABASE_PASSWORD=bitnami1 - AIRFLOW_EXECUTOR=CeleryExecutor - AIRFLOW_WEBSERVER_HOST=airflow airflow-worker: - image: docker.io/bitnami/airflow-worker:2 + image: docker.io/bitnami/airflow:2 environment: + - AIRFLOW_COMPONENT_TYPE=worker - AIRFLOW_DATABASE_NAME=bitnami_airflow - AIRFLOW_DATABASE_USERNAME=bn_airflow - AIRFLOW_DATABASE_PASSWORD=bitnami1 diff --git a/bitnami/alertmanager/0/debian-12/Dockerfile b/bitnami/alertmanager/0/debian-12/Dockerfile index 2586b993b8b0c..bfdcbb646204c 100644 --- a/bitnami/alertmanager/0/debian-12/Dockerfile +++ b/bitnami/alertmanager/0/debian-12/Dockerfile @@ -3,15 +3,16 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:41:51Z" \ + org.opencontainers.image.created="2025-01-06T19:03:42Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/alertmanager/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.27.0-debian-12-r10" \ + org.opencontainers.image.ref.name="0.27.0-debian-12-r29" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/alertmanager" \ org.opencontainers.image.title="alertmanager" \ org.opencontainers.image.vendor="Broadcom, Inc." \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "alertmanager-0.27.0-4-linux-${OS_ARCH}-debian-12" \ + "alertmanager-0.27.0-14-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ diff --git a/bitnami/alertmanager/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/alertmanager/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index a679fed4c7837..3d813ae434e4f 100644 --- a/bitnami/alertmanager/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/alertmanager/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.27.0-4" + "version": "0.27.0-14" } } \ No newline at end of file diff --git a/bitnami/alertmanager/README.md b/bitnami/alertmanager/README.md index d7fc4cc4eb43a..d213bee9df99e 100644 --- a/bitnami/alertmanager/README.md +++ b/bitnami/alertmanager/README.md @@ -22,15 +22,21 @@ docker run --name alertmanager bitnami/alertmanager:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use AlertManager in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use AlertManager in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -194,7 +200,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/apache-exporter/1/debian-12/Dockerfile b/bitnami/apache-exporter/1/debian-12/Dockerfile index c98a9fcdb6f2f..502f5cbb3244a 100644 --- a/bitnami/apache-exporter/1/debian-12/Dockerfile +++ b/bitnami/apache-exporter/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:45:58Z" \ + org.opencontainers.image.created="2025-01-06T19:03:41Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/apache-exporter/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.0.7-debian-12-r8" \ + org.opencontainers.image.ref.name="1.0.9-debian-12-r7" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/apache-exporter" \ org.opencontainers.image.title="apache-exporter" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.0.7" + org.opencontainers.image.version="1.0.9" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "apache-exporter-1.0.7-4-linux-${OS_ARCH}-debian-12" \ + "apache-exporter-1.0.9-6-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN ln -sf /opt/bitnami/apache-exporter/bin/apache_exporter /bin/apache_exporter RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.0.7" \ +ENV APP_VERSION="1.0.9" \ BITNAMI_APP_NAME="apache-exporter" \ PATH="/opt/bitnami/apache-exporter/bin:$PATH" diff --git a/bitnami/apache-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/apache-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index a0f94d29b1314..b6b6509d85172 100644 --- a/bitnami/apache-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/apache-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-4" + "version": "1.0.9-6" } } \ No newline at end of file diff --git a/bitnami/apache-exporter/1/debian-12/tags-info.yaml b/bitnami/apache-exporter/1/debian-12/tags-info.yaml index 229ad79405ef3..c54d9fea78273 100644 --- a/bitnami/apache-exporter/1/debian-12/tags-info.yaml +++ b/bitnami/apache-exporter/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.0.7 +- 1.0.9 - latest diff --git a/bitnami/apache-exporter/README.md b/bitnami/apache-exporter/README.md index f3081b4d0c51d..c1d8d3bfaa02e 100644 --- a/bitnami/apache-exporter/README.md +++ b/bitnami/apache-exporter/README.md @@ -22,15 +22,21 @@ docker run --name apache-exporter bitnami/apache-exporter:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Apache Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Apache Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -148,7 +154,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/apache/2.4/debian-12/Dockerfile b/bitnami/apache/2.4/debian-12/Dockerfile index d6e5d5eb99cb9..c17ad3f952392 100644 --- a/bitnami/apache/2.4/debian-12/Dockerfile +++ b/bitnami/apache/2.4/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:48:07Z" \ + org.opencontainers.image.created="2025-01-08T18:51:38Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/apache/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.4.59-debian-12-r4" \ + org.opencontainers.image.ref.name="2.4.62-debian-12-r15" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/apache" \ org.opencontainers.image.title="apache" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.4.59" + org.opencontainers.image.version="2.4.62" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libcrypt1 libexpat1 libffi8 libgcc-s1 libgmp10 libgnutls30 libhogweed6 libicu72 libidn2-0 libldap-2.5-0 liblzma5 libnettle8 libnghttp2-14 libp11-kit0 libpcre3 libsasl2-2 libssl3 libstdc++6 libtasn1-6 libunistring2 libxml2 openssl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-12-linux-${OS_ARCH}-debian-12" \ - "apache-2.4.59-2-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "apache-2.4.62-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -50,7 +51,7 @@ COPY rootfs / RUN /opt/bitnami/scripts/apache/postunpack.sh ENV APACHE_HTTPS_PORT_NUMBER="" \ APACHE_HTTP_PORT_NUMBER="" \ - APP_VERSION="2.4.59" \ + APP_VERSION="2.4.62" \ BITNAMI_APP_NAME="apache" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/apache/bin:$PATH" diff --git a/bitnami/apache/2.4/debian-12/docker-compose.yml b/bitnami/apache/2.4/debian-12/docker-compose.yml index b4bb7f631d29c..5d852800e1b52 100644 --- a/bitnami/apache/2.4/debian-12/docker-compose.yml +++ b/bitnami/apache/2.4/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: apache: image: docker.io/bitnami/apache:2.4 diff --git a/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 37ada1e32cf1f..83d7191929a9b 100644 --- a/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.4.59-2" + "version": "2.4.62-4" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-12" + "version": "1.0.7-8" } } \ No newline at end of file diff --git a/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/apache/2.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/apache/2.4/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/apache/2.4/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh index eb8f766a37bf1..5e39a42f625fa 100755 --- a/bitnami/apache/2.4/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ b/bitnami/apache/2.4/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh @@ -109,6 +109,7 @@ EOF apache_setup_bitnami_config # Ensure non-root user has write permissions on a set of directories +chmod g+w "$APACHE_BASE_DIR" for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do ensure_dir_exists "$dir" chmod -R g+rwX "$dir" diff --git a/bitnami/apache/2.4/debian-12/tags-info.yaml b/bitnami/apache/2.4/debian-12/tags-info.yaml index 587190fe82cd8..fb260aa6d8bfa 100644 --- a/bitnami/apache/2.4/debian-12/tags-info.yaml +++ b/bitnami/apache/2.4/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2.4" - 2.4-debian-12 -- 2.4.59 +- 2.4.62 - latest diff --git a/bitnami/apache/README.md b/bitnami/apache/README.md index 7a8ce6bca2bb7..7d7e89c154359 100644 --- a/bitnami/apache/README.md +++ b/bitnami/apache/README.md @@ -24,7 +24,7 @@ You can find the available configuration options in the [Environment Variables]( * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Apache in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Apache in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Apache in Kubernetes? @@ -34,11 +34,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -525,7 +531,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/apache/docker-compose.yml b/bitnami/apache/docker-compose.yml index b4bb7f631d29c..5d852800e1b52 100644 --- a/bitnami/apache/docker-compose.yml +++ b/bitnami/apache/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: apache: image: docker.io/bitnami/apache:2.4 diff --git a/bitnami/apisix-dashboard/3/debian-12/Dockerfile b/bitnami/apisix-dashboard/3/debian-12/Dockerfile index 05b1dff6ed041..db4fc430c70a4 100644 --- a/bitnami/apisix-dashboard/3/debian-12/Dockerfile +++ b/bitnami/apisix-dashboard/3/debian-12/Dockerfile @@ -3,15 +3,16 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:48:16Z" \ + org.opencontainers.image.created="2025-01-02T21:18:38Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/apisix-dashboard/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.0.1-debian-12-r33" \ + org.opencontainers.image.ref.name="3.0.1-debian-12-r52" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/apisix-dashboard" \ org.opencontainers.image.title="apisix-dashboard" \ org.opencontainers.image.vendor="Broadcom, Inc." \ @@ -28,14 +29,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-0-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-12-linux-${OS_ARCH}-debian-12" \ - "apisix-dashboard-3.0.1-19-linux-${OS_ARCH}-debian-12" \ + "yq-4.44.6-0-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "apisix-dashboard-3.0.1-31-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ diff --git a/bitnami/apisix-dashboard/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/apisix-dashboard/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index b559208b84ad0..172792dda3883 100644 --- a/bitnami/apisix-dashboard/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/apisix-dashboard/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.0.1-19" + "version": "3.0.1-31" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-12" + "version": "1.0.7-8" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-0" + "version": "4.44.6-0" } } \ No newline at end of file diff --git a/bitnami/apisix-dashboard/README.md b/bitnami/apisix-dashboard/README.md index d6931a5d6daf1..e18703012da53 100644 --- a/bitnami/apisix-dashboard/README.md +++ b/bitnami/apisix-dashboard/README.md @@ -22,11 +22,17 @@ docker run -it --name apisix-dashboard bitnami/apisix-dashboard:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Apache APISIX Dashboard in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Apache APISIX Dashboard in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/apisix-ingress-controller/1/debian-12/Dockerfile b/bitnami/apisix-ingress-controller/1/debian-12/Dockerfile index 0ffe4731c0514..d29ef76f3d59b 100644 --- a/bitnami/apisix-ingress-controller/1/debian-12/Dockerfile +++ b/bitnami/apisix-ingress-controller/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:47:49Z" \ + org.opencontainers.image.created="2025-01-02T19:54:49Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/apisix-ingress-controller/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.8.2-debian-12-r5" \ + org.opencontainers.image.ref.name="1.8.3-debian-12-r5" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/apisix-ingress-controller" \ org.opencontainers.image.title="apisix-ingress-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.8.2" + org.opencontainers.image.version="1.8.3" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,14 +29,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-0-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-12-linux-${OS_ARCH}-debian-12" \ - "apisix-ingress-controller-1.8.2-3-linux-${OS_ARCH}-debian-12" \ + "yq-4.44.6-0-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "apisix-ingress-controller-1.8.3-3-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root apisix-ingress-controller RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.8.2" \ +ENV APP_VERSION="1.8.3" \ BITNAMI_APP_NAME="apisix-ingress-controller" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/apisix-ingress-controller/bin:$PATH" diff --git a/bitnami/apisix-ingress-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/apisix-ingress-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 0ae4c9d42d19a..d971400b3ed99 100644 --- a/bitnami/apisix-ingress-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/apisix-ingress-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.8.2-3" + "version": "1.8.3-3" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-12" + "version": "1.0.7-8" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-0" + "version": "4.44.6-0" } } \ No newline at end of file diff --git a/bitnami/apisix-ingress-controller/1/debian-12/tags-info.yaml b/bitnami/apisix-ingress-controller/1/debian-12/tags-info.yaml index 8592fce963e48..01e2c3883ea89 100644 --- a/bitnami/apisix-ingress-controller/1/debian-12/tags-info.yaml +++ b/bitnami/apisix-ingress-controller/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.8.2 +- 1.8.3 - latest diff --git a/bitnami/apisix-ingress-controller/README.md b/bitnami/apisix-ingress-controller/README.md index a6cf693136ee9..e3e7d0a7a681b 100644 --- a/bitnami/apisix-ingress-controller/README.md +++ b/bitnami/apisix-ingress-controller/README.md @@ -22,11 +22,17 @@ docker run -it --name apisix-ingress-controller bitnami/apisix-ingress-controlle * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Apache APISIX Ingress Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Apache APISIX Ingress Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/apisix/3/debian-12/Dockerfile b/bitnami/apisix/3/debian-12/Dockerfile index 7a364daf19f26..af049554baf5e 100644 --- a/bitnami/apisix/3/debian-12/Dockerfile +++ b/bitnami/apisix/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:51:48Z" \ + org.opencontainers.image.created="2025-01-08T20:58:58Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/apisix/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.9.1-debian-12-r3" \ + org.opencontainers.image.ref.name="3.11.0-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/apisix" \ org.opencontainers.image.title="apisix" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.9.1" + org.opencontainers.image.version="3.11.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,17 +26,17 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl libcrypt1 libffi8 libgcc-s1 libgmp10 libgnutls30 libhogweed6 libidn2-0 libldap-2.5-0 libnettle8 libp11-kit0 libpcre3 libsasl2-2 libstdc++6 libtasn1-6 libunistring2 procps zlib1g +RUN install_packages ca-certificates curl libcrypt1 libffi8 libgcc-s1 libgmp10 libgnutls30 libhogweed6 libidn2-0 libldap-2.5-0 libnettle8 libp11-kit0 libpcre3 libsasl2-2 libstdc++6 libtasn1-6 libunistring2 libyaml-0-2 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-0-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-12-linux-${OS_ARCH}-debian-12" \ - "apisix-3.9.1-3-linux-${OS_ARCH}-debian-12" \ + "yq-4.44.6-0-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "apisix-3.11.0-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,8 +49,9 @@ RUN useradd -r -u 1001 -g root apisix RUN chmod g+rwX /opt/bitnami/apisix/conf && mkdir -p /usr/local/apisix/logs && chmod -R g+rwX /usr/local/apisix && ln -s /opt/bitnami/apisix/conf /usr/local/apisix && ln -s /opt/bitnami/apisix/deps /usr/local/apisix && ln -s /opt/bitnami/apisix/openresty/luajit/share/lua/*/apisix /usr/local/apisix RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="3.9.1" \ +ENV APP_VERSION="3.11.0" \ BITNAMI_APP_NAME="apisix" \ + LUA_PATH="/opt/bitnami/apisix/deps/share/lua/5.1/?/init.lua" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/apisix/bin:/opt/bitnami/apisix/openresty/bin:/opt/bitnami/apisix/openresty/luajit/bin:/opt/bitnami/apisix/openresty/luarocks/bin:/opt/bitnami/apisix/openresty/nginx/sbin:$PATH" USER 1001 diff --git a/bitnami/apisix/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/apisix/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 09a6acb3205fb..31e0085a2f5a4 100644 --- a/bitnami/apisix/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/apisix/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.9.1-3" + "version": "3.11.0-1" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-12" + "version": "1.0.7-8" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-0" + "version": "4.44.6-0" } } \ No newline at end of file diff --git a/bitnami/apisix/3/debian-12/tags-info.yaml b/bitnami/apisix/3/debian-12/tags-info.yaml index 052b4f32b13f4..fbd14df3601c0 100644 --- a/bitnami/apisix/3/debian-12/tags-info.yaml +++ b/bitnami/apisix/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.9.1 +- 3.11.0 - latest diff --git a/bitnami/apisix/README.md b/bitnami/apisix/README.md index b8addb96bfc81..e16ff3ede675a 100644 --- a/bitnami/apisix/README.md +++ b/bitnami/apisix/README.md @@ -22,11 +22,17 @@ docker run -it --name apisix bitnami/apisix:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Apache APISIX in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Apache APISIX in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/appsmith/1/debian-12/Dockerfile b/bitnami/appsmith/1/debian-12/Dockerfile index e63386a2cbde8..42a26fbcf26b2 100644 --- a/bitnami/appsmith/1/debian-12/Dockerfile +++ b/bitnami/appsmith/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-22T12:18:56Z" \ + org.opencontainers.image.created="2025-01-11T16:06:23Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/appsmith/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.26.0-debian-12-r0" \ + org.opencontainers.image.ref.name="1.56.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/appsmith" \ org.opencontainers.image.title="appsmith" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.26.0" + org.opencontainers.image.version="1.56.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,22 +26,22 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages acl ca-certificates curl gettext libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgeoip1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libpcre3 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 openssl procps zlib1g +RUN install_packages acl ca-certificates curl gettext libbz2-1.0 libcrypt1 libffi8 libgcc-s1 libgeoip1 liblzma5 libncursesw6 libpcre3 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 openssl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "node-20.13.1-1-linux-${OS_ARCH}-debian-12" \ - "nginx-1.26.0-1-linux-${OS_ARCH}-debian-12" \ - "mongodb-shell-2.2.6-0-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-12-0-linux-${OS_ARCH}-debian-12" \ - "appsmith-1.26.0-0-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "python-3.13.1-1-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "node-20.18.1-2-linux-${OS_ARCH}-debian-12" \ + "nginx-1.27.3-4-linux-${OS_ARCH}-debian-12" \ + "mongodb-shell-2.3.8-0-linux-${OS_ARCH}-debian-12" \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "appsmith-1.56.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -54,7 +55,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/nginx/postunpack.sh RUN /opt/bitnami/scripts/appsmith/postunpack.sh -ENV APP_VERSION="1.26.0" \ +ENV APP_VERSION="1.56.0" \ BITNAMI_APP_NAME="appsmith" \ NGINX_HTTPS_PORT_NUMBER="" \ NGINX_HTTP_PORT_NUMBER="" \ diff --git a/bitnami/appsmith/1/debian-12/docker-compose.yml b/bitnami/appsmith/1/debian-12/docker-compose.yml index b1de715d9c327..519abe035f404 100644 --- a/bitnami/appsmith/1/debian-12/docker-compose.yml +++ b/bitnami/appsmith/1/debian-12/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: mongodb: - image: docker.io/bitnami/mongodb:7.0 + image: docker.io/bitnami/mongodb:latest volumes: - 'mongodb_data:/bitnami/mongodb' environment: @@ -17,7 +16,7 @@ services: - MONGODB_REPLICA_SET_KEY=replicasetkey123 mongodb-secondary: - image: docker.io/bitnami/mongodb:7.0 + image: docker.io/bitnami/mongodb:latest depends_on: - mongodb volumes: @@ -29,7 +28,7 @@ services: - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=password123 - MONGODB_REPLICA_SET_KEY=replicasetkey123 redis: - image: docker.io/bitnami/redis:7.0 + image: docker.io/bitnami/redis:latest volumes: - 'redis_data:/bitnami/redis' environment: diff --git a/bitnami/appsmith/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/appsmith/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 10046445aefd4..1d2102ccfa398 100644 --- a/bitnami/appsmith/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/appsmith/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,48 +3,48 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.26.0-0" + "version": "1.56.0-0" }, "java": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "17.0.11-12-0" + "version": "17.0.13-12-1" }, "mongodb-shell": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.2.6-0" + "version": "2.3.8-0" }, "nginx": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.26.0-1" + "version": "1.27.3-4" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "20.13.1-1" + "version": "20.18.1-2" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.13.1-1" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/appsmith/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/appsmith/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/appsmith/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/appsmith/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/appsmith/1/debian-12/rootfs/opt/bitnami/scripts/libappsmith.sh b/bitnami/appsmith/1/debian-12/rootfs/opt/bitnami/scripts/libappsmith.sh index 42cddbeefd579..fd8520fc85f7c 100644 --- a/bitnami/appsmith/1/debian-12/rootfs/opt/bitnami/scripts/libappsmith.sh +++ b/bitnami/appsmith/1/debian-12/rootfs/opt/bitnami/scripts/libappsmith.sh @@ -323,7 +323,7 @@ appsmith_initialize() { # These parameters are common between RTS and Backend # https://github.com/appsmithorg/appsmith/blob/658e369f4fc2f12445af5b238bc4d4a1a34d9a8b/app/rts/.env.example#L1-L3 - appsmith_conf_set "APPSMITH_MONGODB_URI" "$connection_string" + appsmith_conf_set "APPSMITH_DB_URL" "$connection_string" appsmith_conf_set "APPSMITH_API_BASE_URL" "http://${APPSMITH_API_HOST}:${APPSMITH_API_PORT}/api/v1" if [[ "$APPSMITH_MODE" == "backend" ]]; then @@ -368,7 +368,13 @@ appsmith_initialize() { # any extra script. We just connect to the database info "Restoring persisted Appsmith $APPSMITH_MODE installation" restore_persisted_app "appsmith" "$APPSMITH_DATA_TO_PERSIST" - local -r connection_string="$(appsmith_conf_get APPSMITH_MONGODB_URI)" + local connection_string + connection_string="$(appsmith_conf_get APPSMITH_DB_URL)" + # If APPSMITH_DB_URL is not set, fall back to APPSMITH_MONGODB_URI + # https://github.com/appsmithorg/appsmith/commit/7e339d419dfffbb9d0178a9e5c54afb85600976f#diff-0359aa9032b425f4bd7785d82ab0684e159a38fcfb5a6036c31a070e21e5952a + if [[ -z "${connection_string}" ]]; then + connection_string="$(appsmith_conf_get APPSMITH_MONGODB_URI)" + fi appsmith_wait_for_mongodb_connection "$connection_string" fi fi diff --git a/bitnami/appsmith/1/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh b/bitnami/appsmith/1/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh index c36866212b9be..e7f0bfe83a0e1 100644 --- a/bitnami/appsmith/1/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh +++ b/bitnami/appsmith/1/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh @@ -208,6 +208,17 @@ nginx_initialize() { fi nginx_configure "absolute_redirect" "$(is_boolean_yes "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && echo "on" || echo "off" )" nginx_configure "port_in_redirect" "$(is_boolean_yes "$NGINX_ENABLE_PORT_IN_REDIRECT" && echo "on" || echo "off" )" + # Stream configuration + if is_boolean_yes "$NGINX_ENABLE_STREAM" && + is_file_writable "$NGINX_CONF_FILE" && + ! grep -q "include \"$NGINX_STREAM_SERVER_BLOCKS_DIR" "$NGINX_CONF_FILE"; then + cat >> "$NGINX_CONF_FILE" <&2 -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${NAMI_DEBUG:+${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")}${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - log "" - log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - log "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - log "" -} diff --git a/bitnami/aspnet-core/6/debian-12/prebuildfs/opt/bitnami/base/helpers b/bitnami/aspnet-core/6/debian-12/prebuildfs/opt/bitnami/base/helpers deleted file mode 100644 index a6d909869eca3..0000000000000 --- a/bitnami/aspnet-core/6/debian-12/prebuildfs/opt/bitnami/base/helpers +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -. /opt/bitnami/base/functions - -######################## -# Helper function to initialize a single nami module -# Arguments: -# Module to initialize -# Returns: -# None -# Description: -# Initialize an unpacked nami module with the `nami initialize` command. -# Command arguments can be specified as function argumnts after the module name. -# `--log-level trace` flag is added to the command if `NAMI_DEBUG` env variable exists. -# The log level can be overridden using the `NAMI_LOG_LEVEL` env variable. -######################### -nami_initialize_one() { - local module="${1:?module not specified}" - if nami inspect $module | grep -q '"lifecycle": "unpacked"'; then - local inputs= - if [[ -f "/${module}-inputs.json" ]]; then - inputs="--inputs-file=/${module}-inputs.json" - fi - nami ${NAMI_DEBUG:+--log-level ${NAMI_LOG_LEVEL:-trace}} initialize $module $inputs "${@:2}" - fi -} - -######################## -# Helper function to initialize one or more nami modules -# Arguments: -# Module to initialize -# Returns: -# None -######################### -nami_initialize() { - local module="${1:?module not specified}" - for module in "${@}"; do - nami_initialize_one $module - done -} diff --git a/bitnami/aspnet-core/6/debian-12/rootfs/opt/bitnami/scripts/aspnet-core/entrypoint.sh b/bitnami/aspnet-core/6/debian-12/rootfs/opt/bitnami/scripts/aspnet-core/entrypoint.sh deleted file mode 100755 index b9a949e6c0809..0000000000000 --- a/bitnami/aspnet-core/6/debian-12/rootfs/opt/bitnami/scripts/aspnet-core/entrypoint.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -e -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -. /opt/bitnami/base/functions -. /opt/bitnami/base/helpers - -print_welcome_page - -exec "$@" diff --git a/bitnami/aspnet-core/6/debian-12/rootfs/opt/bitnami/scripts/aspnet-core/postunpack.sh b/bitnami/aspnet-core/6/debian-12/rootfs/opt/bitnami/scripts/aspnet-core/postunpack.sh deleted file mode 100755 index 6f8dca6ae5650..0000000000000 --- a/bitnami/aspnet-core/6/debian-12/rootfs/opt/bitnami/scripts/aspnet-core/postunpack.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose -mkdir /app -chmod g+rwx /app -setcap CAP_NET_BIND_SERVICE=+eip /opt/bitnami/aspnet-core/bin/dotnet diff --git a/bitnami/aspnet-core/6/debian-12/tags-info.yaml b/bitnami/aspnet-core/6/debian-12/tags-info.yaml deleted file mode 100644 index 57488ee10de88..0000000000000 --- a/bitnami/aspnet-core/6/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "6" -- 6-debian-12 -- 6.0.31 diff --git a/bitnami/aspnet-core/8/debian-12/Dockerfile b/bitnami/aspnet-core/8/debian-12/Dockerfile index 26aeaf7ce9bde..cfd34f760a577 100644 --- a/bitnami/aspnet-core/8/debian-12/Dockerfile +++ b/bitnami/aspnet-core/8/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-28T23:05:22Z" \ + org.opencontainers.image.created="2025-01-11T18:41:59Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/aspnet-core/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="8.0.6-debian-12-r0" \ + org.opencontainers.image.ref.name="8.0.11-debian-12-r7" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/aspnet-core" \ org.opencontainers.image.title="aspnet-core" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="8.0.6" + org.opencontainers.image.version="8.0.11" ENV HOME="/app" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,15 +26,15 @@ ENV HOME="/app" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages build-essential ca-certificates curl git libcap2-bin libgcc-s1 libicu-dev liblttng-ust-dev libsqlite3-dev libssl-dev libstdc++6 pkg-config procps unzip wget zlib1g +RUN install_packages ca-certificates curl libcap2-bin libgcc-s1 libicu-dev liblttng-ust-dev libstdc++6 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "aspnet-core-8.0.6-0-linux-${OS_ARCH}-debian-12" \ + "aspnet-core-8.0.11-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ COPY rootfs / RUN /opt/bitnami/scripts/aspnet-core/postunpack.sh -ENV APP_VERSION="8.0.6" \ +ENV APP_VERSION="8.0.11" \ BITNAMI_APP_NAME="aspnet-core" \ DOTNET_CLI_HOME="/app" \ DOTNET_ROOT="/opt/bitnami/aspnet-core/bin" \ diff --git a/bitnami/aspnet-core/8/debian-12/docker-compose.yml b/bitnami/aspnet-core/8/debian-12/docker-compose.yml index 679f4a5391e16..1ecdf77ed4b12 100644 --- a/bitnami/aspnet-core/8/debian-12/docker-compose.yml +++ b/bitnami/aspnet-core/8/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: aspnet-core: image: docker.io/bitnami/aspnet-core:8 diff --git a/bitnami/aspnet-core/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/aspnet-core/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 7d9d2e27ff231..8829b223bc386 100644 --- a/bitnami/aspnet-core/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/aspnet-core/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.0.6-0" + "version": "8.0.11-0" } } \ No newline at end of file diff --git a/bitnami/aspnet-core/8/debian-12/prebuildfs/opt/bitnami/base/functions b/bitnami/aspnet-core/8/debian-12/prebuildfs/opt/bitnami/base/functions index b8b756d42617a..844d8ab3f3bbe 100644 --- a/bitnami/aspnet-core/8/debian-12/prebuildfs/opt/bitnami/base/functions +++ b/bitnami/aspnet-core/8/debian-12/prebuildfs/opt/bitnami/base/functions @@ -117,7 +117,6 @@ print_image_welcome_page() { log "" log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - log "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + log "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." log "" } diff --git a/bitnami/aspnet-core/8/debian-12/tags-info.yaml b/bitnami/aspnet-core/8/debian-12/tags-info.yaml index d9ac5a11d7e29..c677d54210858 100644 --- a/bitnami/aspnet-core/8/debian-12/tags-info.yaml +++ b/bitnami/aspnet-core/8/debian-12/tags-info.yaml @@ -1,5 +1,4 @@ rolling-tags: - "8" - 8-debian-12 -- 8.0.6 -- latest +- 8.0.11 diff --git a/bitnami/aspnet-core/9/README.md b/bitnami/aspnet-core/9/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/aspnet-core/9/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/aspnet-core/README.md b/bitnami/aspnet-core/README.md index 880a23da65133..935a5dee8d1b9 100644 --- a/bitnami/aspnet-core/README.md +++ b/bitnami/aspnet-core/README.md @@ -22,11 +22,17 @@ docker run --name aspnet-core bitnami/aspnet-core:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use ASP.NET Core in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use ASP.NET Core in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -162,7 +168,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/aspnet-core/docker-compose.yml b/bitnami/aspnet-core/docker-compose.yml index 679f4a5391e16..155ff07fd8a92 100644 --- a/bitnami/aspnet-core/docker-compose.yml +++ b/bitnami/aspnet-core/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: aspnet-core: - image: docker.io/bitnami/aspnet-core:8 + image: docker.io/bitnami/aspnet-core:9 command: ["tail", "-f", "/dev/null"] # To keep the container running volumes: - aspnet-core_data:/app diff --git a/bitnami/attu/2/debian-12/Dockerfile b/bitnami/attu/2/debian-12/Dockerfile index 2039816fcbebf..73e0287138733 100644 --- a/bitnami/attu/2/debian-12/Dockerfile +++ b/bitnami/attu/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-28T09:23:01Z" \ + org.opencontainers.image.created="2024-12-26T08:46:35Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/attu/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.4.0-debian-12-r0" \ + org.opencontainers.image.ref.name="2.5.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/attu" \ org.opencontainers.image.title="attu" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.4.0" + org.opencontainers.image.version="2.5.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,17 +26,17 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 procps zlib1g +RUN install_packages ca-certificates curl libbz2-1.0 libffi8 libgcc-s1 liblzma5 libncursesw6 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "node-18.20.3-0-linux-${OS_ARCH}-debian-12" \ - "attu-2.4.0-0-linux-${OS_ARCH}-debian-12" \ + "python-3.13.1-0-linux-${OS_ARCH}-debian-12" \ + "node-22.12.0-0-linux-${OS_ARCH}-debian-12" \ + "attu-2.5.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,9 +47,9 @@ RUN apt-get autoremove --purge -y curl && \ apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives RUN useradd -r -u 1001 -g root attu RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/attu /app && mkdir -p /.cache/yarn && chmod g+rwX /.cache/yarn && mkdir -p /.yarn && chmod g+rwX /.yarn && mkdir /.npm && chmod g+rwX /.npm +RUN ln -s /opt/bitnami/attu /app && mkdir -p /.cache/yarn && chmod g+rwX /.cache && mkdir -p /.yarn && chmod g+rwX /.yarn && mkdir /.npm && chmod g+rwX /.npm -ENV APP_VERSION="2.4.0" \ +ENV APP_VERSION="2.5.0" \ BITNAMI_APP_NAME="attu" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/node/bin:$PATH" diff --git a/bitnami/attu/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/attu/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index e1a377f1703b5..02bee87ce84a3 100644 --- a/bitnami/attu/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/attu/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.4.0-0" + "version": "2.5.0-0" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "18.20.3-0" + "version": "22.12.0-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.13.1-0" } } \ No newline at end of file diff --git a/bitnami/attu/2/debian-12/tags-info.yaml b/bitnami/attu/2/debian-12/tags-info.yaml index 65b87767e56b9..b5193bbe68811 100644 --- a/bitnami/attu/2/debian-12/tags-info.yaml +++ b/bitnami/attu/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.4.0 +- 2.5.0 - latest diff --git a/bitnami/attu/README.md b/bitnami/attu/README.md index 84e3cd23bb04a..b7ab4d83efc1c 100644 --- a/bitnami/attu/README.md +++ b/bitnami/attu/README.md @@ -22,11 +22,17 @@ docker run -it --name attu bitnami/attu * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Attu in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Attu in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/aws-cli/1/README.md b/bitnami/aws-cli/1/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/aws-cli/1/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/aws-cli/1/debian-12/Dockerfile b/bitnami/aws-cli/1/debian-12/Dockerfile deleted file mode 100644 index a6647d75ad1bf..0000000000000 --- a/bitnami/aws-cli/1/debian-12/Dockerfile +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-22T07:08:32Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/aws-cli/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.32.110-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/aws-cli" \ - org.opencontainers.image.title="aws-cli" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.32.110" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl groff-base libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libtinfo6 libtirpc3 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "aws-cli-1.32.110-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -ENV APP_VERSION="1.32.110" \ - AWS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt" \ - BITNAMI_APP_NAME="aws-cli" \ - PATH="/opt/bitnami/python/bin:/opt/bitnami/aws-cli/bin:/opt/bitnami/aws-cli/venv/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "aws" ] -CMD [ "--help" ] diff --git a/bitnami/aws-cli/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/aws-cli/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 2881b42242d23..0000000000000 --- a/bitnami/aws-cli/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "aws-cli": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.32.110-0" - }, - "python": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.11.9-10" - } -} \ No newline at end of file diff --git a/bitnami/aws-cli/1/debian-12/tags-info.yaml b/bitnami/aws-cli/1/debian-12/tags-info.yaml deleted file mode 100644 index 0b8b0d1f8d5e0..0000000000000 --- a/bitnami/aws-cli/1/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "1" -- 1-debian-12 -- 1.32.110 diff --git a/bitnami/aws-cli/2/debian-12/Dockerfile b/bitnami/aws-cli/2/debian-12/Dockerfile index bd76c2293474d..e52b2b0846548 100644 --- a/bitnami/aws-cli/2/debian-12/Dockerfile +++ b/bitnami/aws-cli/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T19:59:10Z" \ + org.opencontainers.image.created="2025-01-07T20:51:20Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/aws-cli/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.15.60-debian-12-r0" \ + org.opencontainers.image.ref.name="2.22.30-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/aws-cli" \ org.opencontainers.image.title="aws-cli" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.15.60" + org.opencontainers.image.version="2.22.30" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl groff-base libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libtinfo6 libtirpc3 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "aws-cli-2.15.60-0-linux-${OS_ARCH}-debian-12" \ + "python-3.11.11-1-linux-${OS_ARCH}-debian-12" \ + "aws-cli-2.22.30-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="2.15.60" \ +ENV APP_VERSION="2.22.30" \ AWS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt" \ BITNAMI_APP_NAME="aws-cli" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/aws-cli/bin:/opt/bitnami/aws-cli/venv/bin:$PATH" diff --git a/bitnami/aws-cli/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/aws-cli/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 8399762419710..f21316333de36 100644 --- a/bitnami/aws-cli/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/aws-cli/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.15.60-0" + "version": "2.22.30-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.11.11-1" } } \ No newline at end of file diff --git a/bitnami/aws-cli/2/debian-12/tags-info.yaml b/bitnami/aws-cli/2/debian-12/tags-info.yaml index bc9e5aae8ccd1..f9f40e11ff4a4 100644 --- a/bitnami/aws-cli/2/debian-12/tags-info.yaml +++ b/bitnami/aws-cli/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.15.60 +- 2.22.30 - latest diff --git a/bitnami/aws-cli/README.md b/bitnami/aws-cli/README.md index 353f6f81b3c26..a3e28369f6946 100644 --- a/bitnami/aws-cli/README.md +++ b/bitnami/aws-cli/README.md @@ -22,11 +22,17 @@ docker run --name aws-cli bitnami/aws-cli:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use AWS CLI in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use AWS CLI in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -90,7 +96,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/azure-cli/2/debian-12/Dockerfile b/bitnami/azure-cli/2/debian-12/Dockerfile index a2674d48f8317..4cffd2ce9ae25 100644 --- a/bitnami/azure-cli/2/debian-12/Dockerfile +++ b/bitnami/azure-cli/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-21T05:20:14Z" \ + org.opencontainers.image.created="2024-12-19T11:43:34Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/azure-cli/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.61.0-debian-12-r0" \ + org.opencontainers.image.ref.name="2.67.0-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/azure-cli" \ org.opencontainers.image.title="azure-cli" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.61.0" + org.opencontainers.image.version="2.67.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libtinfo6 libtirpc3 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "azure-cli-2.61.0-0-linux-${OS_ARCH}-debian-12" \ + "python-3.12.8-0-linux-${OS_ARCH}-debian-12" \ + "azure-cli-2.67.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir /.azure /.azcopy && chmod g+rwX /.azure /.azcopy /bin -ENV APP_VERSION="2.61.0" \ +ENV APP_VERSION="2.67.0" \ BITNAMI_APP_NAME="azure-cli" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/azure-cli/bin:/opt/bitnami/azure-cli/venv/bin:$PATH" diff --git a/bitnami/azure-cli/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/azure-cli/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 21fdad93f01c8..34df6c79b6988 100644 --- a/bitnami/azure-cli/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/azure-cli/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.61.0-0" + "version": "2.67.0-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.12.8-0" } } \ No newline at end of file diff --git a/bitnami/azure-cli/2/debian-12/tags-info.yaml b/bitnami/azure-cli/2/debian-12/tags-info.yaml index 03ec76a5157db..494948a8d01c0 100644 --- a/bitnami/azure-cli/2/debian-12/tags-info.yaml +++ b/bitnami/azure-cli/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.61.0 +- 2.67.0 - latest diff --git a/bitnami/azure-cli/README.md b/bitnami/azure-cli/README.md index 1a2965d48daf7..c974d05af5158 100644 --- a/bitnami/azure-cli/README.md +++ b/bitnami/azure-cli/README.md @@ -22,11 +22,17 @@ docker run --name azure-cli bitnami/azure-cli:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Azure CLI in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Azure CLI in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/blackbox-exporter/0/debian-12/Dockerfile b/bitnami/blackbox-exporter/0/debian-12/Dockerfile index 39c162939253d..4c5fc5f3a8f22 100644 --- a/bitnami/blackbox-exporter/0/debian-12/Dockerfile +++ b/bitnami/blackbox-exporter/0/debian-12/Dockerfile @@ -3,15 +3,16 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T20:21:32Z" \ + org.opencontainers.image.created="2025-01-02T20:32:14Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/blackbox-exporter/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.25.0-debian-12-r5" \ + org.opencontainers.image.ref.name="0.25.0-debian-12-r22" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/blackbox-exporter" \ org.opencontainers.image.title="blackbox-exporter" \ org.opencontainers.image.vendor="Broadcom, Inc." \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "blackbox-exporter-0.25.0-2-linux-${OS_ARCH}-debian-12" \ + "blackbox-exporter-0.25.0-12-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ diff --git a/bitnami/blackbox-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/blackbox-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 6997e620f87b2..5a32d601fc542 100644 --- a/bitnami/blackbox-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/blackbox-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.25.0-2" + "version": "0.25.0-12" } } \ No newline at end of file diff --git a/bitnami/blackbox-exporter/README.md b/bitnami/blackbox-exporter/README.md index d3dede79a9ed4..eb778ff6b494f 100644 --- a/bitnami/blackbox-exporter/README.md +++ b/bitnami/blackbox-exporter/README.md @@ -22,15 +22,21 @@ docker run --name blackbox-exporter bitnami/blackbox-exporter:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Blackbox Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Blackbox Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -195,7 +201,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/cainjector/1/debian-12/Dockerfile b/bitnami/cainjector/1/debian-12/Dockerfile index ca4306ccbd302..1f9925deee946 100644 --- a/bitnami/cainjector/1/debian-12/Dockerfile +++ b/bitnami/cainjector/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:56:17Z" \ + org.opencontainers.image.created="2025-01-02T20:00:43Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cainjector/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.14.5-debian-12-r3" \ + org.opencontainers.image.ref.name="1.16.2-debian-12-r2" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cainjector" \ org.opencontainers.image.title="cainjector" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.14.5" + org.opencontainers.image.version="1.16.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "cainjector-1.14.5-2-linux-${OS_ARCH}-debian-12" \ + "cainjector-1.16.2-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.14.5" \ +ENV APP_VERSION="1.16.2" \ BITNAMI_APP_NAME="cainjector" \ PATH="/opt/bitnami/cainjector/bin:$PATH" diff --git a/bitnami/cainjector/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cainjector/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index c083c33d4409c..1bbcb7b66aa1f 100644 --- a/bitnami/cainjector/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cainjector/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.14.5-2" + "version": "1.16.2-1" } } \ No newline at end of file diff --git a/bitnami/cainjector/1/debian-12/tags-info.yaml b/bitnami/cainjector/1/debian-12/tags-info.yaml index b046df4b98acc..c8a4b67475171 100644 --- a/bitnami/cainjector/1/debian-12/tags-info.yaml +++ b/bitnami/cainjector/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.14.5 +- 1.16.2 - latest diff --git a/bitnami/cainjector/README.md b/bitnami/cainjector/README.md index f905e9e49a31a..90ab86e0f2d23 100644 --- a/bitnami/cainjector/README.md +++ b/bitnami/cainjector/README.md @@ -16,7 +16,7 @@ docker run --name cainjector -e ALLOW_EMPTY_PASSWORD=yes bitnami/cainjector:late **Warning**: These quick setups are only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Configuration](#configuration) section for a more secure deployment. -## Pre-requisites +## Prerequisites Kubernetes cluster with `CustomResourceDefinition` or `ThirdPartyResource support` @@ -29,15 +29,21 @@ Kubernetes cluster with `CustomResourceDefinition` or `ThirdPartyResource suppor * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use CA Injector in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use CA Injector in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -65,7 +71,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/cassandra-exporter/2/debian-12/Dockerfile b/bitnami/cassandra-exporter/2/debian-12/Dockerfile index dc3b1b9e73331..d9b86e9f78fb9 100644 --- a/bitnami/cassandra-exporter/2/debian-12/Dockerfile +++ b/bitnami/cassandra-exporter/2/debian-12/Dockerfile @@ -3,15 +3,16 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:56:14Z" \ + org.opencontainers.image.created="2025-01-08T21:13:58Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cassandra-exporter/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.3.8-debian-12-r22" \ + org.opencontainers.image.ref.name="2.3.8-debian-12-r35" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cassandra-exporter" \ org.opencontainers.image.title="cassandra-exporter" \ org.opencontainers.image.vendor="Broadcom, Inc." \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "java-17.0.11-10-0-linux-${OS_ARCH}-debian-12" \ - "cassandra-exporter-2.3.8-3-linux-${OS_ARCH}-debian-12" \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "cassandra-exporter-2.3.8-5-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ diff --git a/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index f7514f3bccc4c..77993aff32f08 100644 --- a/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.3.8-3" + "version": "2.3.8-5" }, "java": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "17.0.11-10-0" + "version": "17.0.13-12-1" } } \ No newline at end of file diff --git a/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/cassandra-exporter/2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/cassandra-exporter/README.md b/bitnami/cassandra-exporter/README.md index 7cae0dcf3621f..7aeeebb2e2c9f 100644 --- a/bitnami/cassandra-exporter/README.md +++ b/bitnami/cassandra-exporter/README.md @@ -22,15 +22,21 @@ docker run --name cassandra-exporter bitnami/cassandra-exporter:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Cassandra Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Cassandra Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -148,7 +154,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/cassandra/4.0/README.md b/bitnami/cassandra/4.0/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/cassandra/4.0/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/cassandra/4.0/debian-12/Dockerfile b/bitnami/cassandra/4.0/debian-12/Dockerfile deleted file mode 100644 index e53bba8c0a665..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-20T18:11:36Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cassandra/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="4.0.13-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cassandra" \ - org.opencontainers.image.title="cassandra" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="4.0.13" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgssapi-krb5-2 libjemalloc2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libtinfo6 libtirpc3 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "java-11.0.23-12-0-linux-${OS_ARCH}-debian-12" \ - "cassandra-4.0.13-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN ln -s /opt/bitnami/scripts/cassandra/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/cassandra/run.sh /run.sh -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/cassandra/postunpack.sh -RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="4.0.13" \ - BITNAMI_APP_NAME="cassandra" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/python/bin:/opt/bitnami/java/bin:/opt/bitnami/cassandra/bin:$PATH" - -EXPOSE 7000 9042 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/cassandra/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/cassandra/run.sh" ] diff --git a/bitnami/cassandra/4.0/debian-12/docker-compose.yml b/bitnami/cassandra/4.0/debian-12/docker-compose.yml deleted file mode 100644 index d488b4b01644f..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - cassandra: - image: docker.io/bitnami/cassandra:4.0 - ports: - - '7000:7000' - - '9042:9042' - volumes: - - 'cassandra_data:/bitnami' - environment: - - CASSANDRA_SEEDS=cassandra - - CASSANDRA_PASSWORD_SEEDER=yes - - CASSANDRA_PASSWORD=cassandra -volumes: - cassandra_data: - driver: local diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index fbc0daac32529..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "cassandra": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "4.0.13-0" - }, - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.0.23-12-0" - }, - "python": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.11.9-10" - } -} \ No newline at end of file diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh b/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh deleted file mode 100644 index 0ea1fcad33515..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh +++ /dev/null @@ -1,234 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for cassandra - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-cassandra}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -cassandra_env_vars=( - CASSANDRA_MOUNTED_CONF_DIR - CASSANDRA_CLIENT_ENCRYPTION - CASSANDRA_CLUSTER_NAME - CASSANDRA_DATACENTER - CASSANDRA_ENABLE_REMOTE_CONNECTIONS - CASSANDRA_ENABLE_RPC - CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS - CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS - CASSANDRA_ENDPOINT_SNITCH - CASSANDRA_HOST - CASSANDRA_INTERNODE_ENCRYPTION - CASSANDRA_NUM_TOKENS - CASSANDRA_PASSWORD_SEEDER - CASSANDRA_SEEDS - CASSANDRA_PEERS - CASSANDRA_NODES - CASSANDRA_RACK - CASSANDRA_BROADCAST_ADDRESS - CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE - CASSANDRA_STARTUP_CQL - CASSANDRA_IGNORE_INITDB_SCRIPTS - CASSANDRA_CQL_PORT_NUMBER - CASSANDRA_JMX_PORT_NUMBER - CASSANDRA_TRANSPORT_PORT_NUMBER - CASSANDRA_CQL_MAX_RETRIES - CASSANDRA_CQL_SLEEP_TIME - CASSANDRA_INIT_MAX_RETRIES - CASSANDRA_INIT_SLEEP_TIME - CASSANDRA_PEER_CQL_MAX_RETRIES - CASSANDRA_PEER_CQL_SLEEP_TIME - CASSANDRA_DELAY_START_TIME - CASSANDRA_AUTO_SNAPSHOT_TTL - ALLOW_EMPTY_PASSWORD - CASSANDRA_AUTHORIZER - CASSANDRA_AUTHENTICATOR - CASSANDRA_USER - CASSANDRA_PASSWORD - CASSANDRA_KEYSTORE_PASSWORD - CASSANDRA_TRUSTSTORE_PASSWORD - CASSANDRA_KEYSTORE_LOCATION - CASSANDRA_TRUSTSTORE_LOCATION - CASSANDRA_TMP_P12_FILE - CASSANDRA_SSL_CERT_FILE - CASSANDRA_SSL_VALIDATE - SSL_VERSION -) -for env_var in "${cassandra_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset cassandra_env_vars -export DB_FLAVOR="cassandra" - -# Paths -export CASSANDRA_BASE_DIR="/opt/bitnami/cassandra" -export DB_BASE_DIR="$CASSANDRA_BASE_DIR" -export CASSANDRA_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_BIN_DIR="$CASSANDRA_BIN_DIR" -export CASSANDRA_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_CONF_DIR="$CASSANDRA_CONF_DIR" -export CASSANDRA_VOLUME_DIR="/bitnami/cassandra" -export DB_VOLUME_DIR="$CASSANDRA_VOLUME_DIR" -export CASSANDRA_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_DATA_DIR="$CASSANDRA_DATA_DIR" -export CASSANDRA_COMMITLOG_DIR="${DB_DATA_DIR}/commitlog" -export DB_COMMITLOG_DIR="$CASSANDRA_COMMITLOG_DIR" -export CASSANDRA_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_DEFAULT_CONF_DIR="$CASSANDRA_DEFAULT_CONF_DIR" -export CASSANDRA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export DB_INITSCRIPTS_DIR="$CASSANDRA_INITSCRIPTS_DIR" -export CASSANDRA_LOG_DIR="${DB_BASE_DIR}/logs" -export DB_LOG_DIR="$CASSANDRA_LOG_DIR" -export CASSANDRA_MOUNTED_CONF_DIR="${CASSANDRA_MOUNTED_CONF_DIR:-${DB_VOLUME_DIR}/conf}" -export DB_MOUNTED_CONF_DIR="$CASSANDRA_MOUNTED_CONF_DIR" -export CASSANDRA_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_TMP_DIR="$CASSANDRA_TMP_DIR" -export JAVA_BASE_DIR="${BITNAMI_ROOT_DIR}/java" -export JAVA_BIN_DIR="${JAVA_BASE_DIR}/bin" -export PYTHON_BASE_DIR="${BITNAMI_ROOT_DIR}/python" -export PYTHON_BIN_DIR="${PYTHON_BASE_DIR}/bin" -export CASSANDRA_CONF_FILE="${DB_CONF_DIR}/cassandra.yaml" -export DB_CONF_FILE="$CASSANDRA_CONF_FILE" -export CASSANDRA_LOG_FILE="${DB_LOG_DIR}/cassandra.log" -export DB_LOG_FILE="$CASSANDRA_LOG_FILE" -export CASSANDRA_FIRST_BOOT_LOG_FILE="${DB_LOG_DIR}/cassandra_first_boot.log" -export DB_FIRST_BOOT_LOG_FILE="$CASSANDRA_FIRST_BOOT_LOG_FILE" -export CASSANDRA_INITSCRIPTS_BOOT_LOG_FILE="${DB_LOG_DIR}/cassandra_init_scripts_boot.log" -export DB_INITSCRIPTS_BOOT_LOG_FILE="$CASSANDRA_INITSCRIPTS_BOOT_LOG_FILE" -export CASSANDRA_PID_FILE="${DB_TMP_DIR}/cassandra.pid" -export DB_PID_FILE="$CASSANDRA_PID_FILE" -export PATH="${DB_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${BITNAMI_ROOT_DIR}/python/bin:${BITNAMI_ROOT_DIR}/java/bin:$PATH" - -# System users (when running with a privileged user) -export CASSANDRA_DAEMON_USER="cassandra" -export DB_DAEMON_USER="$CASSANDRA_DAEMON_USER" -export CASSANDRA_DAEMON_GROUP="cassandra" -export DB_DAEMON_GROUP="$CASSANDRA_DAEMON_GROUP" - -# Cassandra cluster settings -export CASSANDRA_CLIENT_ENCRYPTION="${CASSANDRA_CLIENT_ENCRYPTION:-false}" -export DB_CLIENT_ENCRYPTION="$CASSANDRA_CLIENT_ENCRYPTION" -export CASSANDRA_CLUSTER_NAME="${CASSANDRA_CLUSTER_NAME:-My Cluster}" -export DB_CLUSTER_NAME="$CASSANDRA_CLUSTER_NAME" -export CASSANDRA_DATACENTER="${CASSANDRA_DATACENTER:-dc1}" -export DB_DATACENTER="$CASSANDRA_DATACENTER" -export CASSANDRA_ENABLE_REMOTE_CONNECTIONS="${CASSANDRA_ENABLE_REMOTE_CONNECTIONS:-true}" -export DB_ENABLE_REMOTE_CONNECTIONS="$CASSANDRA_ENABLE_REMOTE_CONNECTIONS" -export CASSANDRA_ENABLE_RPC="${CASSANDRA_ENABLE_RPC:-false}" -export DB_ENABLE_RPC="$CASSANDRA_ENABLE_RPC" -export CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS="${CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS:-false}" -export DB_ENABLE_USER_DEFINED_FUNCTIONS="$CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS" -export CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS="${CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS:-false}" -export DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS="$CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS" -export CASSANDRA_ENDPOINT_SNITCH="${CASSANDRA_ENDPOINT_SNITCH:-SimpleSnitch}" -export DB_ENDPOINT_SNITCH="$CASSANDRA_ENDPOINT_SNITCH" -export CASSANDRA_HOST="${CASSANDRA_HOST:-}" -export DB_HOST="$CASSANDRA_HOST" -export CASSANDRA_INTERNODE_ENCRYPTION="${CASSANDRA_INTERNODE_ENCRYPTION:-none}" -export DB_INTERNODE_ENCRYPTION="$CASSANDRA_INTERNODE_ENCRYPTION" -export CASSANDRA_NUM_TOKENS="${CASSANDRA_NUM_TOKENS:-256}" -export DB_NUM_TOKENS="$CASSANDRA_NUM_TOKENS" -export CASSANDRA_PASSWORD_SEEDER="${CASSANDRA_PASSWORD_SEEDER:-no}" -export DB_PASSWORD_SEEDER="$CASSANDRA_PASSWORD_SEEDER" -export CASSANDRA_SEEDS="${CASSANDRA_SEEDS:-$DB_HOST}" -export DB_SEEDS="$CASSANDRA_SEEDS" -export CASSANDRA_PEERS="${CASSANDRA_PEERS:-$DB_SEEDS}" -export DB_PEERS="$CASSANDRA_PEERS" -export CASSANDRA_NODES="${CASSANDRA_NODES:-}" -export DB_NODES="$CASSANDRA_NODES" -export CASSANDRA_RACK="${CASSANDRA_RACK:-rack1}" -export DB_RACK="$CASSANDRA_RACK" -export CASSANDRA_BROADCAST_ADDRESS="${CASSANDRA_BROADCAST_ADDRESS:-}" -export DB_BROADCAST_ADDRESS="$CASSANDRA_BROADCAST_ADDRESS" -export CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE="${CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE:-false}" -export DB_AUTOMATIC_SSTABLE_UPGRADE="$CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE" - -# Database initialization settings -export CASSANDRA_STARTUP_CQL="${CASSANDRA_STARTUP_CQL:-}" -export DB_STARTUP_CQL="$CASSANDRA_STARTUP_CQL" -export CASSANDRA_IGNORE_INITDB_SCRIPTS="${CASSANDRA_IGNORE_INITDB_SCRIPTS:-no}" -export DB_IGNORE_INITDB_SCRIPTS="$CASSANDRA_IGNORE_INITDB_SCRIPTS" - -# Port configuration -export CASSANDRA_CQL_PORT_NUMBER="${CASSANDRA_CQL_PORT_NUMBER:-9042}" -export DB_CQL_PORT_NUMBER="$CASSANDRA_CQL_PORT_NUMBER" -export CASSANDRA_JMX_PORT_NUMBER="${CASSANDRA_JMX_PORT_NUMBER:-7199}" -export DB_JMX_PORT_NUMBER="$CASSANDRA_JMX_PORT_NUMBER" -export CASSANDRA_TRANSPORT_PORT_NUMBER="${CASSANDRA_TRANSPORT_PORT_NUMBER:-7000}" -export DB_TRANSPORT_PORT_NUMBER="$CASSANDRA_TRANSPORT_PORT_NUMBER" - -# Retries and sleep time configuration -export CASSANDRA_CQL_MAX_RETRIES="${CASSANDRA_CQL_MAX_RETRIES:-20}" -export DB_CQL_MAX_RETRIES="$CASSANDRA_CQL_MAX_RETRIES" -export CASSANDRA_CQL_SLEEP_TIME="${CASSANDRA_CQL_SLEEP_TIME:-5}" -export DB_CQL_SLEEP_TIME="$CASSANDRA_CQL_SLEEP_TIME" -export CASSANDRA_INIT_MAX_RETRIES="${CASSANDRA_INIT_MAX_RETRIES:-100}" -export DB_INIT_MAX_RETRIES="$CASSANDRA_INIT_MAX_RETRIES" -export CASSANDRA_INIT_SLEEP_TIME="${CASSANDRA_INIT_SLEEP_TIME:-5}" -export DB_INIT_SLEEP_TIME="$CASSANDRA_INIT_SLEEP_TIME" -export CASSANDRA_PEER_CQL_MAX_RETRIES="${CASSANDRA_PEER_CQL_MAX_RETRIES:-100}" -export DB_PEER_CQL_MAX_RETRIES="$CASSANDRA_PEER_CQL_MAX_RETRIES" -export CASSANDRA_PEER_CQL_SLEEP_TIME="${CASSANDRA_PEER_CQL_SLEEP_TIME:-10}" -export DB_PEER_CQL_SLEEP_TIME="$CASSANDRA_PEER_CQL_SLEEP_TIME" -export CASSANDRA_DELAY_START_TIME="${CASSANDRA_DELAY_START_TIME:-10}" -export DB_DELAY_START_TIME="$CASSANDRA_DELAY_START_TIME" - -# Snapshot settings -export CASSANDRA_AUTO_SNAPSHOT_TTL="${CASSANDRA_AUTO_SNAPSHOT_TTL:-30d}" -export DB_AUTO_SNAPSHOT_TTL="$CASSANDRA_AUTO_SNAPSHOT_TTL" - -# Authentication, Authorization and Credentials -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export CASSANDRA_AUTHORIZER="${CASSANDRA_AUTHORIZER:-CassandraAuthorizer}" -export DB_AUTHORIZER="$CASSANDRA_AUTHORIZER" -export CASSANDRA_AUTHENTICATOR="${CASSANDRA_AUTHENTICATOR:-PasswordAuthenticator}" -export DB_AUTHENTICATOR="$CASSANDRA_AUTHENTICATOR" -export CASSANDRA_USER="${CASSANDRA_USER:-cassandra}" -export DB_USER="$CASSANDRA_USER" -export CASSANDRA_PASSWORD="${CASSANDRA_PASSWORD:-}" -export DB_PASSWORD="$CASSANDRA_PASSWORD" -export CASSANDRA_KEYSTORE_PASSWORD="${CASSANDRA_KEYSTORE_PASSWORD:-cassandra}" -export DB_KEYSTORE_PASSWORD="$CASSANDRA_KEYSTORE_PASSWORD" -export CASSANDRA_TRUSTSTORE_PASSWORD="${CASSANDRA_TRUSTSTORE_PASSWORD:-cassandra}" -export DB_TRUSTSTORE_PASSWORD="$CASSANDRA_TRUSTSTORE_PASSWORD" -export CASSANDRA_KEYSTORE_LOCATION="${CASSANDRA_KEYSTORE_LOCATION:-${DB_VOLUME_DIR}/secrets/keystore}" -export DB_KEYSTORE_LOCATION="$CASSANDRA_KEYSTORE_LOCATION" -export CASSANDRA_TRUSTSTORE_LOCATION="${CASSANDRA_TRUSTSTORE_LOCATION:-${DB_VOLUME_DIR}/secrets/truststore}" -export DB_TRUSTSTORE_LOCATION="$CASSANDRA_TRUSTSTORE_LOCATION" -export CASSANDRA_TMP_P12_FILE="${CASSANDRA_TMP_P12_FILE:-${DB_TMP_DIR}/keystore.p12}" -export DB_TMP_P12_FILE="$CASSANDRA_TMP_P12_FILE" -export CASSANDRA_SSL_CERT_FILE="${CASSANDRA_SSL_CERT_FILE:-${DB_VOLUME_DIR}/client.cer.pem}" -export DB_SSL_CERT_FILE="$CASSANDRA_SSL_CERT_FILE" -export SSL_CERTFILE="$CASSANDRA_SSL_CERT_FILE" -export CASSANDRA_SSL_VALIDATE="${CASSANDRA_SSL_VALIDATE:-false}" -export DB_SSL_VALIDATE="$CASSANDRA_SSL_VALIDATE" -export SSL_VALIDATE="$CASSANDRA_SSL_VALIDATE" - -# cqlsh settings -export SSL_VERSION="${SSL_VERSION:-TLSv1_2}" - -# Custom environment variables may be defined below diff --git a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh b/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh deleted file mode 100755 index d48e6fe856bd9..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libcassandra.sh - -# Load Cassandra environment variables -. /opt/bitnami/scripts/cassandra-env.sh - - -for dir in "$DB_INITSCRIPTS_DIR" "$DB_TMP_DIR" "$DB_LOG_DIR" "$DB_MOUNTED_CONF_DIR" "$DB_VOLUME_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Copy configuration files for the scripts to work -ensure_dir_exists "$DB_CONF_DIR" -cassandra_copy_default_config -chmod -R g+rwX "$DB_CONF_DIR" - -# Create wrapper for cqlsh -cat <"${DB_BIN_DIR}/cqlsh" -#!/bin/sh -exec "${PYTHON_BIN_DIR}/python" "${DB_BIN_DIR}/cqlsh.py" "\$@" -EOF - -chmod +x "${DB_BIN_DIR}/cqlsh" - -ensure_dir_exists "${HOME}/.cassandra" -chmod -R g+rwX "${HOME}/.cassandra" diff --git a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh b/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh deleted file mode 100755 index 5edebf92b8262..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Cassandra setup - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libcassandra.sh - -# Load Cassandra environment variables -. /opt/bitnami/scripts/cassandra-env.sh - -# Set default Cassandra host environment variable -cassandra_set_default_host -# Ensure Cassandra environment variables settings are valid -cassandra_validate -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" -# Ensure Cassandra is initialized -cassandra_initialize - -# Allow running custom initialization scripts -if ! is_boolean_yes "$DB_IGNORE_INITDB_SCRIPTS"; then - cassandra_custom_init_scripts -fi diff --git a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh b/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh deleted file mode 100644 index e73a45e46e3e4..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh +++ /dev/null @@ -1,1221 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Cassandra library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Change a Cassandra configuration yaml file by setting a property -# Globals: -# DB_* -# Arguments: -# $1 - property -# $2 - value -# $3 - Use quotes in value (default: yes) -# $4 - Path to configuration file (default: $DB_CONF_FILE) -# Returns: -# None -######################### -cassandra_yaml_set() { - local -r property="${1:?missing property}" - local -r value="${2:?missing value}" - local -r use_quotes="${3:-yes}" - local -r conf_file="${4:-$DB_CONF_FILE}" - - if is_boolean_yes "$use_quotes"; then - replace_in_file "$conf_file" "^(#\s)?(\s*)(\-\s*)?${property}:.*" "\2\3${property}: '${value}'" - else - replace_in_file "$conf_file" "^(#\s)?(\s*)(\-\s*)?${property}:.*" "\2\3${property}: ${value}" - fi -} - -######################### -# Set default Cassandra settings if not set -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_set_default_host() { - if [[ -z "${DB_HOST:-}" ]]; then - warn "DB_HOST not set, defaulting to system hostname" - local -r host="$(hostname)" - export DB_HOST="$host" - export DB_SEEDS="${DB_SEEDS:-$DB_HOST}" - export DB_PEERS="${DB_PEERS:-$DB_SEEDS}" - fi -} - -######################## -# Change a Cassandra configuration yaml file by setting a property as an array -# Globals: -# DB_* -# Arguments: -# $1 - property -# $2 - comma-separated string with the different values -# $3 - Use quotes in value (default: no) -# $4 - Path to configuration file (default: $DB_CONF_FILE) -# Returns: -# None -######################### -cassandra_yaml_set_as_array() { - local -r property="${1:?missing property}" - local -r array="${2:?missing value}" - local -r use_quotes="${3:-no}" - local -r conf_file="${4:-$DB_CONF_FILE}" - local substitution="\2${property}:" - - for value in "${array[@]}"; do - if is_boolean_yes "$use_quotes"; then - substitution+="\n\2 - '${value}'" - else - substitution+="\n\2 - ${value}" - fi - done - replace_in_file "$conf_file" "^(#\s)?(\s*)${property}:.*" "${substitution}" -} - -######################## -# Validate settings in DB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_validate() { - info "Validating settings in DB_* env vars.." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - - empty_password_warn() { - warn "You've not provided a password. Default password \"cassandra\" will be used. For safety reasons, please provide a secure password in a production environment." - } - - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - - check_default_password() { - if [[ "${!1}" = "cassandra" ]]; then - warn "You set the environment variable $1=cassandra. This is the default value when bootstrapping Cassandra and should not be used in production environments." - fi - } - - check_yes_no_value() { - if ! is_yes_no_value "${!1}"; then - print_validation_error "The allowed values for $1 are [yes, no]" - fi - } - - check_true_false_value() { - if ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for $1 are [true, false]" - fi - } - - check_conflicting_ports() { - local -r total="$#" - for i in $(seq 1 "$((total - 1))"); do - for j in $(seq "$((i + 1))" "$total"); do - if (("${!i}" == "${!j}")); then - print_validation_error "${!i} and ${!j} are bound to the same port" - fi - done - done - } - - check_allowed_port() { - local validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("${!1}") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port was specified in the environment variable $1: $err" - fi - } - - check_resolved_hostname() { - if ! is_hostname_resolved "$1"; then - warn "Hostname $1 could not be resolved. This could lead to connection issues" - fi - } - - check_positive_value() { - if ! is_positive_int "${!1}"; then - print_validation_error "The variable $1 must be positive integer" - fi - } - - check_empty_value() { - if is_empty_value "${!1}"; then - print_validation_error "The $1 environment variable is empty or not set." - fi - } - - check_password_file() { - if [[ -n "${!1:-}" ]] && ! [[ -f "${!1:-}" ]]; then - print_validation_error "The variable $1 is defined but the file ${!1} is not accessible or does not exist" - fi - } - - check_password_file DB_PASSWORD_FILE - check_password_file DB_TRUSTSTORE_PASSWORD_FILE - check_password_file DB_KEYSTORE_PASSWORD_FILE - - check_empty_value DB_RACK - check_empty_value DB_DATACENTER - - if [[ -z $DB_PASSWORD ]]; then - if ! is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_warn - export DB_PASSWORD="cassandra" - else - empty_password_enabled_warn - fi - fi - - check_default_password DB_PASSWORD - - if is_boolean_yes "$DB_CLIENT_ENCRYPTION" || is_boolean_yes "$DB_INTERNODE_ENCRYPTION"; then - check_empty_value DB_KEYSTORE_PASSWORD - check_empty_value DB_TRUSTSTORE_PASSWORD - check_default_password DB_KEYSTORE_PASSWORD - check_default_password DB_TRUSTSTORE_PASSWORD - fi - - check_yes_no_value DB_PASSWORD_SEEDER - check_true_false_value DB_ENABLE_REMOTE_CONNECTIONS - check_true_false_value DB_CLIENT_ENCRYPTION - check_true_false_value DB_ENABLE_USER_DEFINED_FUNCTIONS - check_true_false_value DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS - check_positive_value DB_NUM_TOKENS - check_positive_value DB_INIT_MAX_RETRIES - check_positive_value DB_CQL_MAX_RETRIES - check_positive_value DB_PEER_CQL_MAX_RETRIES - check_positive_value DB_INIT_SLEEP_TIME - check_positive_value DB_CQL_SLEEP_TIME - check_positive_value DB_PEER_CQL_SLEEP_TIME - check_positive_value DB_CQL_PORT_NUMBER - check_positive_value DB_JMX_PORT_NUMBER - check_positive_value DB_TRANSPORT_PORT_NUMBER - - check_conflicting_ports DB_CQL_PORT_NUMBER DB_JMX_PORT_NUMBER DB_TRANSPORT_PORT_NUMBER - - check_allowed_port DB_CQL_PORT_NUMBER - check_allowed_port DB_TRANSPORT_PORT_NUMBER - check_allowed_port DB_JMX_PORT_NUMBER - - check_resolved_hostname "$DB_HOST" - for peer in ${DB_PEERS//,/ }; do - check_resolved_hostname "$peer" - done - for seed in ${DB_SEEDS//,/ }; do - check_resolved_hostname "$seed" - done - - if [[ ! ${DB_AUTO_SNAPSHOT_TTL} =~ ([1-9]{1}[0-9]{0,}[d|h|m]) ]]; then - print_validation_error "DB_AUTO_SNAPSHOT_TTL accepted units: d (days), h (hours) or m (minutes)" - fi - - check_true_false_value DB_SSL_VALIDATE - check_true_false_value DB_AUTOMATIC_SSTABLE_UPGRADE - - if ((${#DB_PASSWORD} > 512)); then - print_validation_error "The password cannot be longer than 512 characters. Set the environment variable DB_PASSWORD with a shorter value" - fi - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Check if a given configuration file was mounted externally -# Globals: -# DB_* -# Arguments: -# $1 - Filename -# Returns: -# true if the file was mounted externally, false otherwise -######################### -cassandra_is_file_external() { - local -r filename="${1:?file_is_missing}" - if [[ -f "${DB_MOUNTED_CONF_DIR}/${filename}" ]]; then - true - else - false - fi -} - -######################## -# Copy mounted configuration files -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_copy_mounted_config() { - if ! is_dir_empty "$DB_MOUNTED_CONF_DIR"; then - cp -Lr "$DB_MOUNTED_CONF_DIR"/* "$DB_CONF_DIR" - fi -} - -######################## -# Copy default configuration files in case there are no mounted ones -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_copy_default_config() { - local -r tmp_file_list=/tmp/conf_file_list - find "$DB_DEFAULT_CONF_DIR" -type f >$tmp_file_list - while read -r f; do - filename="${f#"${DB_DEFAULT_CONF_DIR}/"}" # Get path with subfolder - dest="${f//$DB_DEFAULT_CONF_DIR/$DB_CONF_DIR}" - if [[ -f "$dest" ]]; then - debug "Found ${filename}. Skipping default" - else - debug "No injected ${filename} file found. Creating default ${filename} file" - # There are conf files in subfolders. We may need to create them - mkdir -p "$(dirname "$dest")" - cp "$f" "$dest" - fi - done <$tmp_file_list - rm "$tmp_file_list" -} - -######################## -# Configure the path to the different data directories (ignored if cassandra.yaml is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_data_dirs() { - if ! cassandra_is_file_external "cassandra.yaml"; then - cassandra_yaml_set_as_array data_file_directories "${DB_DATA_DIR}/data" "$DB_CONF_FILE" - - cassandra_yaml_set commitlog_directory "$DB_COMMITLOG_DIR" - cassandra_yaml_set hints_directory "${DB_DATA_DIR}/hints" - cassandra_yaml_set cdc_raw_directory "${DB_DATA_DIR}/cdc_raw" - cassandra_yaml_set saved_caches_directory "${DB_DATA_DIR}/saved_caches" - else - debug "cassandra.yaml mounted. Skipping data directory configuration" - fi -} - -######################## -# Enable password-based authentication (ignored if cassandra.yaml is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_enable_auth() { - if ! cassandra_is_file_external "cassandra.yaml"; then - if [[ "$ALLOW_EMPTY_PASSWORD" = "yes" ]] && [[ -z $DB_PASSWORD ]]; then - cassandra_yaml_set "authenticator" "AllowAllAuthenticator" - cassandra_yaml_set "authorizer" "AllowAllAuthorizer" - else - cassandra_yaml_set "authenticator" "${DB_AUTHENTICATOR}" - cassandra_yaml_set "authorizer" "${DB_AUTHORIZER}" - fi - else - debug "cassandra.yaml mounted. Skipping authentication method configuration" - fi -} - -######################## -# Configure logging settings (ignored if logback.xml is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_logging() { - if ! cassandra_is_file_external "logback.xml"; then - replace_in_file "${DB_CONF_DIR}/logback.xml" "system[.]log" "cassandra.log" - if [[ "$BITNAMI_DEBUG" = "false" ]]; then - replace_in_file "${DB_CONF_DIR}/logback.xml" "()" "" - fi - else - debug "logback.xml mounted. Skipping logging configuration" - fi -} - -######################## -# Configure cluster settings (modifies cassandra.yaml and cassandra-env.sh if not mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_cluster() { - local host="127.0.0.1" - local rpc_address="127.0.0.1" - local cassandra_config - - if [[ "$DB_ENABLE_REMOTE_CONNECTIONS" = "true" ]]; then - host="$DB_HOST" - rpc_address="0.0.0.0" - fi - # cassandra.yaml changes - if ! cassandra_is_file_external "cassandra.yaml"; then - cassandra_yaml_set "num_tokens" "$DB_NUM_TOKENS" "no" - cassandra_yaml_set "cluster_name" "$DB_CLUSTER_NAME" - cassandra_yaml_set "listen_address" "$host" - cassandra_yaml_set "seeds" "$DB_SEEDS" - cassandra_yaml_set "start_rpc" "$DB_ENABLE_RPC" "no" - cassandra_yaml_set "enable_user_defined_functions" "$DB_ENABLE_USER_DEFINED_FUNCTIONS" "no" - cassandra_yaml_set "enable_scripted_user_defined_functions" "$DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS" "no" - cassandra_yaml_set "rpc_address" "$rpc_address" - cassandra_yaml_set "broadcast_rpc_address" "$host" - cassandra_yaml_set "endpoint_snitch" "$DB_ENDPOINT_SNITCH" - cassandra_yaml_set "internode_encryption" "$DB_INTERNODE_ENCRYPTION" - cassandra_yaml_set "keystore" "$DB_KEYSTORE_LOCATION" - cassandra_yaml_set "keystore_password" "$DB_KEYSTORE_PASSWORD" - cassandra_yaml_set "truststore" "$DB_TRUSTSTORE_LOCATION" - cassandra_yaml_set "truststore_password" "$DB_TRUSTSTORE_PASSWORD" - cassandra_yaml_set "auto_snapshot_ttl" "$DB_AUTO_SNAPSHOT_TTL" - - if [[ -n "$DB_BROADCAST_ADDRESS" ]]; then - cassandra_yaml_set "broadcast_address" "$DB_BROADCAST_ADDRESS" - fi - - if [[ -n "$DB_AUTOMATIC_SSTABLE_UPGRADE" ]]; then - cassandra_yaml_set "automatic_sstable_upgrade" "$DB_AUTOMATIC_SSTABLE_UPGRADE" - fi - - cassandra_config="$(sed -E "/client_encryption_options:.*/ {N;N; s/client_encryption_options:[^\n]*(\n\s+#.*)?(\n\s+enabled:).*/client_encryption_options:\1\2 $DB_CLIENT_ENCRYPTION/g}" "$DB_CONF_FILE")" - echo "$cassandra_config" >"$DB_CONF_FILE" - else - debug "cassandra.yaml mounted. Skipping cluster configuration" - fi - - # cassandra-env.sh changes - if ! cassandra_is_file_external "cassandra-env.sh"; then - replace_in_file "${DB_CONF_DIR}/cassandra-env.sh" "#\s*JVM_OPTS=\"\$JVM_OPTS -Djava[.]rmi[.]server[.]hostname=[^\"]*" "JVM_OPTS=\"\$JVM_OPTS -Djava.rmi.server.hostname=${host}" - else - debug "cassandra-env.sh mounted. Skipping setting server hostname" - fi -} - -######################## -# Configure java path (ignored if cassandra-env.sh is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_java() { - if ! cassandra_is_file_external "cassandra-env.sh"; then - replace_in_file "${DB_CONF_DIR}/cassandra-env.sh" "(calculate_heap_sizes\(\))" "\nJAVA_HOME=$JAVA_BASE_DIR\nJAVA=$JAVA_BIN_DIR/java\n\n\1" - else - debug "cassandra-env.sh mounted. Skipping JAVA_HOME configuration" - fi -} - -######################## -# Configure jemalloc path (ignored if cassandra-env.sh is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_jemalloc() { - if ! cassandra_is_file_external "cassandra-env.sh"; then - if [[ -n "$(find_jemalloc_lib)" ]]; then - echo "JVM_OPTS=\"\$JVM_OPTS -Dcassandra.libjemalloc=$(find_jemalloc_lib)\"" >>"${DB_CONF_DIR}/cassandra-env.sh" - else - warn "Couldn't find jemalloc installed. Skipping jemalloc configuration." - fi - else - debug "cassandra-env.sh mounted. Skipping jemalloc configuration." - fi -} - -######################## -# Change the password for the cassandra user -# Globals: -# DB_* -# Arguments: -# 1 - Old password (default: cassandra) -# 2 - New Password (default: $DB_PASSWORD) -# 3 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) -# 4 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) -# Returns: -# None -######################### -cassandra_change_cassandra_password() { - local -r old_password="${1:-cassandra}" - local -r new_password="${2:-$DB_PASSWORD}" - local -r retries="${3:-$DB_CQL_MAX_RETRIES}" - local -r sleep_time="${4:-$DB_CQL_SLEEP_TIME}" - - info 'Updating the password for the "cassandra" user...' - local -r user="cassandra" - local -r escaped_password="${new_password//\'/\'\'}" - - if (echo "ALTER USER cassandra WITH PASSWORD \$\$${escaped_password}\$\$;" | cassandra_execute_with_retries "$retries" "$sleep_time" "$user" "$old_password"); then - debug "ALTER USER command executed. Trying to log in" - wait_for_cql_access "$user" "$new_password" "" "$retries" "$sleep_time" - info "Password updated successfully" - fi -} - -######################## -# Create a new admin user -# Globals: -# DB_* -# Arguments: -# 1 - New username (default: $DB_USER) -# 2 - New user password (default: $DB_PASSWORD) -# 3 - Admin username (which will create the new user) (default: cassandra) -# 4 - Admin password (default: cassandra) -# 5 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) -# 6 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) -# Returns: -# None -######################### -cassandra_create_admin_user() { - local -r new_user="${1:-$DB_USER}" - local -r password="${2:-$DB_PASSWORD}" - local -r admin_user="${3:-cassandra}" - local -r admin_user_password="${4:-cassandra}" - local -r retries="${5:-$DB_CQL_MAX_RETRIES}" - local -r sleep_time="${6:-$DB_CQL_SLEEP_TIME}" - - info "Creating super-user $new_user" - local -r escaped_password="${password//\'/\'\'}" - - echo "CREATE USER '${new_user}' WITH PASSWORD \$\$${escaped_password}\$\$ SUPERUSER;" | cassandra_execute_with_retries "$retries" "$sleep_time" "$admin_user" "$admin_user_password" -} - -######################## -# Configure port binding (modifies cassandra.yaml and cassandra-env.sh if not mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_ports() { - if ! cassandra_is_file_external "cassandra.yaml"; then - cassandra_yaml_set "native_transport_port" "$DB_CQL_PORT_NUMBER" "no" - cassandra_yaml_set "storage_port" "$DB_TRANSPORT_PORT_NUMBER" "no" - else - debug "cassandra.yaml mounted. Skipping native and storage ports configuration" - fi - - if ! cassandra_is_file_external "cassandra-env.sh"; then - replace_in_file "${DB_CONF_DIR}/cassandra-env.sh" "JMX_PORT=.*" "JMX_PORT=$DB_JMX_PORT_NUMBER" - else - debug "cassandra-env.sh mounted. Skipping JMX port configuration" - fi -} - -######################## -# Configure rack and datacenter (ignored if cassandra-rackdc.properties is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_rack_dc() { - if ! cassandra_is_file_external "cassandra-rackdc.properties"; then - replace_in_file "${DB_CONF_DIR}/cassandra-rackdc.properties" "dc=.*" "dc=${DB_DATACENTER}" - replace_in_file "${DB_CONF_DIR}/cassandra-rackdc.properties" "rack=.*" "rack=${DB_RACK}" - else - debug "cassandra-rackdc.properties mounted. Skipping rack and datacenter configuration" - fi -} - -######################## -# Remove PIDs, log files and conf files from a previous run (case of container restart) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_clean_from_restart() { - rm -f "$DB_PID_FILE" - rm -f "$DB_FIRST_BOOT_LOG_FILE" "$DB_INITSCRIPTS_BOOT_LOG_FILE" - if ! is_dir_empty "$DB_CONF_DIR"; then - rm -rf "${DB_CONF_DIR:?}"/* - fi -} - -######################## -# Generate the client configurartion if ssl is configured in the server -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_client_ssl() { - info "Configuring client for SSL" - - # The key is store in a jks keystore and needs to be converted to pks12 to be extracted - keytool -importkeystore -srckeystore "${DB_KEYSTORE_LOCATION}" \ - -destkeystore "${DB_TMP_P12_FILE}" \ - -deststoretype PKCS12 \ - -srcstorepass "${DB_KEYSTORE_PASSWORD}" \ - -deststorepass "${DB_KEYSTORE_PASSWORD}" - - openssl pkcs12 -in "${DB_TMP_P12_FILE}" -nokeys \ - -out "${DB_SSL_CERT_FILE}" -passin pass:"${DB_KEYSTORE_PASSWORD}" - rm "${DB_TMP_P12_FILE}" -} - -######################## -# Ensure Cassandra is initialized -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_initialize() { - info "Initializing Cassandra database..." - - cassandra_clean_from_restart - cassandra_copy_mounted_config - cassandra_copy_default_config - cassandra_enable_auth - cassandra_setup_java - cassandra_setup_jemalloc - cassandra_setup_logging - cassandra_setup_ports - cassandra_setup_rack_dc - cassandra_setup_data_dirs - cassandra_setup_cluster - cassandra_setup_from_environment_variables # Give priority to users configuration - - is_boolean_yes "$DB_CLIENT_ENCRYPTION" && cassandra_setup_client_ssl - - debug "Ensuring expected directories/files exist..." - for dir in "$DB_DATA_DIR" "$DB_TMP_DIR" "$DB_LOG_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir" - done - - if ! is_dir_empty "$DB_DATA_DIR"; then - info "Deploying Cassandra with persisted data" - else - info "Deploying Cassandra from scratch" - cassandra_start_bg "$DB_FIRST_BOOT_LOG_FILE" - if is_boolean_yes "$DB_PASSWORD_SEEDER"; then - info "Password seeder node" - # Check that all peers are ready - for peer in ${DB_PEERS//,/ }; do - wait_for_cql_access "cassandra" "cassandra" "$peer" "$DB_PEER_CQL_MAX_RETRIES" "$DB_PEER_CQL_SLEEP_TIME" - done - # Setup user - if [[ "$DB_USER" = "cassandra" ]]; then - cassandra_change_cassandra_password "cassandra" "$DB_PASSWORD" "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" - else - cassandra_create_admin_user "$DB_USER" "$DB_PASSWORD" "cassandra" "cassandra" "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" - fi - - cassandra_execute_startup_cql - else - info "Non-seeder node. Waiting for synchronization" - wait_for_cql_access "$DB_USER" "$DB_PASSWORD" "" "$DB_PEER_CQL_MAX_RETRIES" "$DB_PEER_CQL_SLEEP_TIME" - fi - fi -} - -######################## -# Execute Cassandra startup cql (defined in DB_STARTUP_CQL) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_execute_startup_cql() { - if [[ -n "$DB_STARTUP_CQL" ]]; then - info "Executing Startup CQL" - if ! (echo "$DB_STARTUP_CQL" | cassandra_execute_with_retries "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" "$DB_USER" "$DB_PASSWORD"); then - error "Failed executing startup CQL command" - exit 1 - fi - info "Startup CQL commands executed successfully" - fi -} - -######################## -# Run custom initialization scripts -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_custom_init_scripts() { - if [[ -n "$(find "$DB_INITSCRIPTS_DIR/" \( -type f -o -type l \) -regex ".*\.\(sh\|cql\|cql.gz\)" ! -path "*/.*/*")" ]] && [[ ! -f "$DB_VOLUME_DIR/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $DB_INITSCRIPTS_DIR ..." - local -r tmp_file="/tmp/filelist" - if ! is_cassandra_running; then - cassandra_start_bg "$DB_INITSCRIPTS_BOOT_LOG_FILE" - wait_for_cql_access - fi - find "${DB_INITSCRIPTS_DIR}/" \( -type f -o -type l \) -regex ".*\.\(sh\|cql\|cql.gz\)" ! -path "*/.*/*" | sort >"$tmp_file" - while read -r f; do - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - debug "Executing $f" - "$f" - else - debug "Sourcing $f" - . "$f" - fi - ;; - *.cql) - debug "Executing $f" - cassandra_execute "$DB_USER" "$DB_PASSWORD" <"$f" - ;; - *.cql.gz) - debug "Executing $f" - gunzip -c "$f" | cassandra_execute "$DB_USER" "$DB_PASSWORD" - ;; - *) debug "Ignoring $f" ;; - esac - done <$tmp_file - rm -f "$tmp_file" - touch "$DB_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Execute an arbitrary query/queries against the running Cassandra service -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - User to run queries -# $2 - Password -# $3 - Keyspace -# $4 - Host (default: localhost) -# $5 - Extra flags -# Returns: -# None -####################### -cassandra_execute() { - local -r user="${1:-$DB_USER}" - local -r pass="${2:-$DB_PASSWORD}" - local -r keyspace="${3:-}" - local -r host="${4:-localhost}" - local -r extra_args="${5:-}" - local -r port="${DB_CQL_PORT_NUMBER}" - local -r cmd=("${DB_BIN_DIR}/cqlsh") - local args=("-u" "$user" "-p" "$pass") - - is_boolean_yes "$DB_CLIENT_ENCRYPTION" && args+=("--ssl") - [[ -n "$keyspace" ]] && args+=("-k" "$keyspace") - if [[ -n "$extra_args" ]]; then - local extra_args_array=() - read -r -a extra_args_array <<<"$extra_args" - [[ "${#extra_args[@]}" -gt 0 ]] && args+=("${extra_args_array[@]}") - fi - args+=("$host") - args+=("$port") - if [[ "${BITNAMI_DEBUG}" = true ]]; then - local -r command="$(cat)" - debug "Executing CQL \"$command\"" - echo "$command" | "${cmd[@]}" "${args[@]}" - else - "${cmd[@]}" "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Execute an arbitrary query/queries against the running Cassandra service with retries (in case Cassandra is still initializing or performing consistency operations) -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) -# $2 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) -# $3 - User to run queries -# $4 - Password -# $5 - Keyspace -# $6 - Host (default: localhost) -# $7 - Extra flags -# Returns: -# None -####################### -cassandra_execute_with_retries() { - local -r retries="${1:-$DB_CQL_MAX_RETRIES}" - local -r sleep_time="${2:-$DB_CQL_SLEEP_TIME}" - local -r user="${3:-$DB_USER}" - local -r pass="${4:-$DB_PASSWORD}" - local -r keyspace="${5:-}" - local -r host="${6:-localhost}" - local -r extra_args="${7:-}" - - local success=no - - # Get command from stdin as we will retry it several times - local -r command="$(cat)" - - for i in $(seq 1 "$retries"); do - if (echo "$command" | cassandra_execute "$user" "$pass" "$keyspace" "$host" "$extra_args"); then - success=yes - break - fi - sleep "$sleep_time" - done - if is_boolean_yes "$success"; then - true - else - error "CQL command failed $retries times" - false - fi -} - -######################## -# Wait until nodetool checks the node is ready -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) -# $2 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) -# Returns: -# None -######################### -wait_for_nodetool_up() { - local -r retries="${1:-$DB_INIT_MAX_RETRIES}" - local -r sleep_time="${2:-$DB_INIT_SLEEP_TIME}" - - debug "Checking status with nodetool" - - check_function_nodetool_node_ip() { - # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error - # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html - local -r check_cmd=("${DB_BIN_DIR}/nodetool" "-Dcom.sun.jndi.rmiURLParsing=legacy") - local -r check_args=("status" "--port" "$DB_JMX_PORT_NUMBER") - local -r machine_ip="$(dns_lookup "${DB_BROADCAST_ADDRESS:-$DB_HOST}" "v4")" - local -r check_regex="UN\s*(${DB_HOST}|${machine_ip}|127.0.0.1)" - - local output="/dev/null" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - output="/dev/stdout" - fi - - "${check_cmd[@]}" "${check_args[@]}" | grep -E "${check_regex}" >"${output}" - } - - check_function_nodetool_node_count() { - # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error - # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html - local -r check_cmd=("${DB_BIN_DIR}/nodetool" "-Dcom.sun.jndi.rmiURLParsing=legacy") - local -r check_args=("status" "--port" "$DB_JMX_PORT_NUMBER") - local -r machine_ip="$(dns_lookup "${DB_BROADCAST_ADDRESS:-$DB_HOST}" "v4")" - local -r check_regex="UN\s*" - read -r -a host_list <<<"$(tr ',;' ' ' <<<"$DB_NODES")" - local -r expected_node_count="${#host_list[@]}" - local actual_node_count - - local output="/dev/null" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - output="/dev/stdout" - fi - - actual_node_count=$("${check_cmd[@]}" "${check_args[@]}" | grep -c "${check_regex}" || true) - if [[ "$expected_node_count" != "$actual_node_count" ]]; then - false - fi - } - - if retry_while check_function_nodetool_node_ip "$retries" "$sleep_time"; then - info "Nodetool reported the successful startup of Cassandra" - true - else - error "Cassandra failed to start up" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - error "Nodetool output" - "${check_cmd[@]}" "${check_args[@]}" - fi - exit 1 - fi - - if [[ -n "$DB_NODES" ]]; then - if retry_while check_function_nodetool_node_count "$retries" "$sleep_time"; then - info "All nodes reached the UN status (Up/Normal)" - true - else - error "Some nodes did not reach the UN status (Up/Normal)" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - error "Nodetool output" - "${check_cmd[@]}" "${check_args[@]}" - fi - exit 1 - fi - fi -} - -######################## -# Wait until the log file shows that CQL is ready -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Log file to check -# $1 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) -# $2 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) -# Returns: -# None -######################### -wait_for_cql_log_entry() { - local -r logger="${1:-/dev/stdout}" - local -r retries="${2:-$DB_INIT_MAX_RETRIES}" - local -r sleep_time="${3:-$DB_INIT_SLEEP_TIME}" - - debug "Checking that log $logger contains entry \"Starting listening for CQL clients\"" - - check_function_log_entry() { - local -r check_cmd=("cat") - local -r check_args=("$logger") - local -r check_regex="Starting listening for CQL clients" - - local output="/dev/null" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - output="/dev/stdout" - fi - "${check_cmd[@]}" "${check_args[@]}" | grep -E "${check_regex}" >"${output}" - } - - if retry_while check_function_log_entry "$retries" "$sleep_time"; then - info "Found CQL startup log line" - else - error "Cassandra failed to start up" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - error "Log content" - cat "$logger" - fi - exit 1 - fi -} - -######################## -# Poll until the CQL command DESCRIBE KEYSPACES works successfully -# Globals: -# DB_* -# Arguments: -# 1 - Username (default: $DB_USER) -# 2 - Password (default: $DB_PASSWORD) -# 3 - Hostname (default: $DB_HOST) -# 4 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) -# 5 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) -# Returns: -# None -######################### -wait_for_cql_access() { - local -r user="${1:-$DB_USER}" - local -r password="${2:-$DB_PASSWORD}" - local -r host="${3:-$DB_HOST}" - local -r max_retries="${4:-$DB_CQL_MAX_RETRIES}" - local -r sleep_time="${5:-$DB_CQL_SLEEP_TIME}" - - info "Trying to access CQL server @ $host" - if (echo "DESCRIBE KEYSPACES" | cassandra_execute_with_retries "$max_retries" "$sleep_time" "$user" "$password" "" "$host"); then - info "Accessed CQL server successfully" - else - error "Could not access CQL server" - exit 1 - fi -} - -######################## -# Start Cassandra and wait until it is ready -# Globals: -# DB_* -# Arguments: -# $1 - Log file to write (default /dev/stdout) -# $2 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) -# $3 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) -# Returns: -# None -######################### -cassandra_start_bg() { - local -r logger="${1:-/dev/stdout}" - local -r retries="${2:-$DB_INIT_MAX_RETRIES}" - local -r sleep_time="${3:-$DB_INIT_SLEEP_TIME}" - - info "Starting Cassandra" - local -r cmd=("$DB_BIN_DIR/cassandra") - local -r args=("-p" "$DB_PID_FILE" "-R" "-f") - - if am_i_root; then - run_as_user "$DB_DAEMON_USER" "${cmd[@]}" "${args[@]}" >"$logger" 2>&1 & - else - "${cmd[@]}" "${args[@]}" >"$logger" 2>&1 & - fi - - # Even though we set the pid, cassandra is not creating the proper file, so we create it manually - echo $! >"$DB_PID_FILE" - - info "Checking that it started up correctly" - - if [[ "$logger" != "/dev/stdout" ]]; then - am_i_root && chown "$DB_DAEMON_USER":"$DB_DAEMON_GROUP" "$logger" - wait_for_cql_log_entry "$logger" "$retries" "$sleep_time" - fi - wait_for_nodetool_up "$retries" "$sleep_time" -} - -######################## -# Stop Cassandra -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_stop() { - ! is_cassandra_running && return - info "Stopping Cassandra..." - stop_cassandra() { - # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error - # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html - "${DB_BIN_DIR}/nodetool" "-Dcom.sun.jndi.rmiURLParsing=legacy" stopdaemon - is_cassandra_not_running - } - - if ! retry_while "stop_cassandra" "$DB_INIT_MAX_RETRIES" "$DB_INIT_SLEEP_TIME"; then - error "Cassandra failed to stop" - exit 1 - fi - # Manually remove PID file - rm -f "$DB_PID_FILE" -} - -######################## -# Check if Cassandra is running -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Boolean -######################### -is_cassandra_running() { - local -r pid="$(get_pid_from_file "$DB_PID_FILE")" - - if [[ -z "$pid" ]]; then - false - else - is_service_running "$pid" - fi -} - -######################## -# Return true if cassandra is not running -# Globals: -# KONG_* -# Arguments: -# None -# Returns: -# None -######################### -is_cassandra_not_running() { - ! is_cassandra_running -} - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -cassandra_common_conf_set() { - local -r file="${1:?missing file}" - local -r key="${2:?missing key}" - shift 2 - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - cassandra_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Set a configuration setting value to cassandra-env.sh -# Globals: -# DB_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -cassandra_env_conf_set() { - cassandra_common_conf_set "${DB_CONF_DIR}/cassandra-env.sh" "$@" -} - -######################## -# Set a configuration setting value to cassandra-rackdc.properties -# Globals: -# DB_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -cassandra_rackdc_conf_set() { - cassandra_common_conf_set "${DB_CONF_DIR}/cassandra-rackdc.properties" "$@" -} - -######################## -# Set a configuration setting value to commitlog_archiving.properties -# Globals: -# DB_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -cassandra_commitlog_conf_set() { - cassandra_common_conf_set "${DB_CONF_DIR}/commitlog_archiving.properties" "$@" -} - -######################## -# Configure Cassandra configuration files from environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_from_environment_variables() { - # Map environment variables to config properties for cassandra-env.sh - for var in "${!DB_CFG_ENV_@}"; do - # shellcheck disable=SC2001 - key="$(echo "$var" | sed -e 's/^DB_CFG_ENV_//g')" - value="${!var}" - cassandra_env_conf_set "$key" "$value" - done - # Map environment variables to config properties for cassandra-rackdc.properties - for var in "${!DB_CFG_RACKDC_@}"; do - key="$(echo "$var" | sed -e 's/^DB_CFG_RACKDC_//g' | tr '[:upper:]' '[:lower:]')" - value="${!var}" - cassandra_rackdc_conf_set "$key" "$value" - done - # Map environment variables to config properties for commitlog_archiving.properties - for var in "${!DB_CFG_COMMITLOG_@}"; do - key="$(echo "$var" | sed -e 's/^DB_CFG_COMMITLOG_//g' | tr '[:upper:]' '[:lower:]')" - value="${!var}" - cassandra_commitlog_conf_set "$key" "$value" - done - if ! cassandra_is_file_external "cassandra.yaml"; then - # Map environment variables to config properties for cassandra.yaml - for var in "${!DB_CFG_YAML_@}"; do - # shellcheck disable=SC2001 - key="$(echo "$var" | sed -e 's/^DB_CFG_YAML_//g' | tr '[:upper:]' '[:lower:]')" - value="${!var}" - cassandra_yaml_set "$key" "$value" - done - else - debug "cassandra.yaml mounted. Skipping data directory configuration" - fi -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=("/usr/lib" "/usr/lib64") - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} diff --git a/bitnami/cassandra/4.0/debian-12/tags-info.yaml b/bitnami/cassandra/4.0/debian-12/tags-info.yaml deleted file mode 100644 index f9fc75aeb8fa5..0000000000000 --- a/bitnami/cassandra/4.0/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "4.0" -- 4.0-debian-12 -- 4.0.13 diff --git a/bitnami/cassandra/4.1/README.md b/bitnami/cassandra/4.1/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/cassandra/4.1/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/cassandra/4.1/debian-12/Dockerfile b/bitnami/cassandra/4.1/debian-12/Dockerfile deleted file mode 100644 index 7d67a7af4bd4b..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-20T18:26:42Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cassandra/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="4.1.5-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cassandra" \ - org.opencontainers.image.title="cassandra" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="4.1.5" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgssapi-krb5-2 libjemalloc2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libtinfo6 libtirpc3 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "java-11.0.23-12-0-linux-${OS_ARCH}-debian-12" \ - "cassandra-4.1.5-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN ln -s /opt/bitnami/scripts/cassandra/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/cassandra/run.sh /run.sh -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/cassandra/postunpack.sh -RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="4.1.5" \ - BITNAMI_APP_NAME="cassandra" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/python/bin:/opt/bitnami/java/bin:/opt/bitnami/cassandra/bin:$PATH" - -EXPOSE 7000 9042 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/cassandra/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/cassandra/run.sh" ] diff --git a/bitnami/cassandra/4.1/debian-12/docker-compose.yml b/bitnami/cassandra/4.1/debian-12/docker-compose.yml deleted file mode 100644 index 134ec313c186f..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - cassandra: - image: docker.io/bitnami/cassandra:4.1 - ports: - - '7000:7000' - - '9042:9042' - volumes: - - 'cassandra_data:/bitnami' - environment: - - CASSANDRA_SEEDS=cassandra - - CASSANDRA_PASSWORD_SEEDER=yes - - CASSANDRA_PASSWORD=cassandra -volumes: - cassandra_data: - driver: local diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index a853a52bece96..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "cassandra": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "4.1.5-0" - }, - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.0.23-12-0" - }, - "python": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.11.9-10" - } -} \ No newline at end of file diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh b/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh deleted file mode 100644 index 0ea1fcad33515..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh +++ /dev/null @@ -1,234 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for cassandra - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-cassandra}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -cassandra_env_vars=( - CASSANDRA_MOUNTED_CONF_DIR - CASSANDRA_CLIENT_ENCRYPTION - CASSANDRA_CLUSTER_NAME - CASSANDRA_DATACENTER - CASSANDRA_ENABLE_REMOTE_CONNECTIONS - CASSANDRA_ENABLE_RPC - CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS - CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS - CASSANDRA_ENDPOINT_SNITCH - CASSANDRA_HOST - CASSANDRA_INTERNODE_ENCRYPTION - CASSANDRA_NUM_TOKENS - CASSANDRA_PASSWORD_SEEDER - CASSANDRA_SEEDS - CASSANDRA_PEERS - CASSANDRA_NODES - CASSANDRA_RACK - CASSANDRA_BROADCAST_ADDRESS - CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE - CASSANDRA_STARTUP_CQL - CASSANDRA_IGNORE_INITDB_SCRIPTS - CASSANDRA_CQL_PORT_NUMBER - CASSANDRA_JMX_PORT_NUMBER - CASSANDRA_TRANSPORT_PORT_NUMBER - CASSANDRA_CQL_MAX_RETRIES - CASSANDRA_CQL_SLEEP_TIME - CASSANDRA_INIT_MAX_RETRIES - CASSANDRA_INIT_SLEEP_TIME - CASSANDRA_PEER_CQL_MAX_RETRIES - CASSANDRA_PEER_CQL_SLEEP_TIME - CASSANDRA_DELAY_START_TIME - CASSANDRA_AUTO_SNAPSHOT_TTL - ALLOW_EMPTY_PASSWORD - CASSANDRA_AUTHORIZER - CASSANDRA_AUTHENTICATOR - CASSANDRA_USER - CASSANDRA_PASSWORD - CASSANDRA_KEYSTORE_PASSWORD - CASSANDRA_TRUSTSTORE_PASSWORD - CASSANDRA_KEYSTORE_LOCATION - CASSANDRA_TRUSTSTORE_LOCATION - CASSANDRA_TMP_P12_FILE - CASSANDRA_SSL_CERT_FILE - CASSANDRA_SSL_VALIDATE - SSL_VERSION -) -for env_var in "${cassandra_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset cassandra_env_vars -export DB_FLAVOR="cassandra" - -# Paths -export CASSANDRA_BASE_DIR="/opt/bitnami/cassandra" -export DB_BASE_DIR="$CASSANDRA_BASE_DIR" -export CASSANDRA_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_BIN_DIR="$CASSANDRA_BIN_DIR" -export CASSANDRA_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_CONF_DIR="$CASSANDRA_CONF_DIR" -export CASSANDRA_VOLUME_DIR="/bitnami/cassandra" -export DB_VOLUME_DIR="$CASSANDRA_VOLUME_DIR" -export CASSANDRA_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_DATA_DIR="$CASSANDRA_DATA_DIR" -export CASSANDRA_COMMITLOG_DIR="${DB_DATA_DIR}/commitlog" -export DB_COMMITLOG_DIR="$CASSANDRA_COMMITLOG_DIR" -export CASSANDRA_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_DEFAULT_CONF_DIR="$CASSANDRA_DEFAULT_CONF_DIR" -export CASSANDRA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export DB_INITSCRIPTS_DIR="$CASSANDRA_INITSCRIPTS_DIR" -export CASSANDRA_LOG_DIR="${DB_BASE_DIR}/logs" -export DB_LOG_DIR="$CASSANDRA_LOG_DIR" -export CASSANDRA_MOUNTED_CONF_DIR="${CASSANDRA_MOUNTED_CONF_DIR:-${DB_VOLUME_DIR}/conf}" -export DB_MOUNTED_CONF_DIR="$CASSANDRA_MOUNTED_CONF_DIR" -export CASSANDRA_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_TMP_DIR="$CASSANDRA_TMP_DIR" -export JAVA_BASE_DIR="${BITNAMI_ROOT_DIR}/java" -export JAVA_BIN_DIR="${JAVA_BASE_DIR}/bin" -export PYTHON_BASE_DIR="${BITNAMI_ROOT_DIR}/python" -export PYTHON_BIN_DIR="${PYTHON_BASE_DIR}/bin" -export CASSANDRA_CONF_FILE="${DB_CONF_DIR}/cassandra.yaml" -export DB_CONF_FILE="$CASSANDRA_CONF_FILE" -export CASSANDRA_LOG_FILE="${DB_LOG_DIR}/cassandra.log" -export DB_LOG_FILE="$CASSANDRA_LOG_FILE" -export CASSANDRA_FIRST_BOOT_LOG_FILE="${DB_LOG_DIR}/cassandra_first_boot.log" -export DB_FIRST_BOOT_LOG_FILE="$CASSANDRA_FIRST_BOOT_LOG_FILE" -export CASSANDRA_INITSCRIPTS_BOOT_LOG_FILE="${DB_LOG_DIR}/cassandra_init_scripts_boot.log" -export DB_INITSCRIPTS_BOOT_LOG_FILE="$CASSANDRA_INITSCRIPTS_BOOT_LOG_FILE" -export CASSANDRA_PID_FILE="${DB_TMP_DIR}/cassandra.pid" -export DB_PID_FILE="$CASSANDRA_PID_FILE" -export PATH="${DB_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${BITNAMI_ROOT_DIR}/python/bin:${BITNAMI_ROOT_DIR}/java/bin:$PATH" - -# System users (when running with a privileged user) -export CASSANDRA_DAEMON_USER="cassandra" -export DB_DAEMON_USER="$CASSANDRA_DAEMON_USER" -export CASSANDRA_DAEMON_GROUP="cassandra" -export DB_DAEMON_GROUP="$CASSANDRA_DAEMON_GROUP" - -# Cassandra cluster settings -export CASSANDRA_CLIENT_ENCRYPTION="${CASSANDRA_CLIENT_ENCRYPTION:-false}" -export DB_CLIENT_ENCRYPTION="$CASSANDRA_CLIENT_ENCRYPTION" -export CASSANDRA_CLUSTER_NAME="${CASSANDRA_CLUSTER_NAME:-My Cluster}" -export DB_CLUSTER_NAME="$CASSANDRA_CLUSTER_NAME" -export CASSANDRA_DATACENTER="${CASSANDRA_DATACENTER:-dc1}" -export DB_DATACENTER="$CASSANDRA_DATACENTER" -export CASSANDRA_ENABLE_REMOTE_CONNECTIONS="${CASSANDRA_ENABLE_REMOTE_CONNECTIONS:-true}" -export DB_ENABLE_REMOTE_CONNECTIONS="$CASSANDRA_ENABLE_REMOTE_CONNECTIONS" -export CASSANDRA_ENABLE_RPC="${CASSANDRA_ENABLE_RPC:-false}" -export DB_ENABLE_RPC="$CASSANDRA_ENABLE_RPC" -export CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS="${CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS:-false}" -export DB_ENABLE_USER_DEFINED_FUNCTIONS="$CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS" -export CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS="${CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS:-false}" -export DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS="$CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS" -export CASSANDRA_ENDPOINT_SNITCH="${CASSANDRA_ENDPOINT_SNITCH:-SimpleSnitch}" -export DB_ENDPOINT_SNITCH="$CASSANDRA_ENDPOINT_SNITCH" -export CASSANDRA_HOST="${CASSANDRA_HOST:-}" -export DB_HOST="$CASSANDRA_HOST" -export CASSANDRA_INTERNODE_ENCRYPTION="${CASSANDRA_INTERNODE_ENCRYPTION:-none}" -export DB_INTERNODE_ENCRYPTION="$CASSANDRA_INTERNODE_ENCRYPTION" -export CASSANDRA_NUM_TOKENS="${CASSANDRA_NUM_TOKENS:-256}" -export DB_NUM_TOKENS="$CASSANDRA_NUM_TOKENS" -export CASSANDRA_PASSWORD_SEEDER="${CASSANDRA_PASSWORD_SEEDER:-no}" -export DB_PASSWORD_SEEDER="$CASSANDRA_PASSWORD_SEEDER" -export CASSANDRA_SEEDS="${CASSANDRA_SEEDS:-$DB_HOST}" -export DB_SEEDS="$CASSANDRA_SEEDS" -export CASSANDRA_PEERS="${CASSANDRA_PEERS:-$DB_SEEDS}" -export DB_PEERS="$CASSANDRA_PEERS" -export CASSANDRA_NODES="${CASSANDRA_NODES:-}" -export DB_NODES="$CASSANDRA_NODES" -export CASSANDRA_RACK="${CASSANDRA_RACK:-rack1}" -export DB_RACK="$CASSANDRA_RACK" -export CASSANDRA_BROADCAST_ADDRESS="${CASSANDRA_BROADCAST_ADDRESS:-}" -export DB_BROADCAST_ADDRESS="$CASSANDRA_BROADCAST_ADDRESS" -export CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE="${CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE:-false}" -export DB_AUTOMATIC_SSTABLE_UPGRADE="$CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE" - -# Database initialization settings -export CASSANDRA_STARTUP_CQL="${CASSANDRA_STARTUP_CQL:-}" -export DB_STARTUP_CQL="$CASSANDRA_STARTUP_CQL" -export CASSANDRA_IGNORE_INITDB_SCRIPTS="${CASSANDRA_IGNORE_INITDB_SCRIPTS:-no}" -export DB_IGNORE_INITDB_SCRIPTS="$CASSANDRA_IGNORE_INITDB_SCRIPTS" - -# Port configuration -export CASSANDRA_CQL_PORT_NUMBER="${CASSANDRA_CQL_PORT_NUMBER:-9042}" -export DB_CQL_PORT_NUMBER="$CASSANDRA_CQL_PORT_NUMBER" -export CASSANDRA_JMX_PORT_NUMBER="${CASSANDRA_JMX_PORT_NUMBER:-7199}" -export DB_JMX_PORT_NUMBER="$CASSANDRA_JMX_PORT_NUMBER" -export CASSANDRA_TRANSPORT_PORT_NUMBER="${CASSANDRA_TRANSPORT_PORT_NUMBER:-7000}" -export DB_TRANSPORT_PORT_NUMBER="$CASSANDRA_TRANSPORT_PORT_NUMBER" - -# Retries and sleep time configuration -export CASSANDRA_CQL_MAX_RETRIES="${CASSANDRA_CQL_MAX_RETRIES:-20}" -export DB_CQL_MAX_RETRIES="$CASSANDRA_CQL_MAX_RETRIES" -export CASSANDRA_CQL_SLEEP_TIME="${CASSANDRA_CQL_SLEEP_TIME:-5}" -export DB_CQL_SLEEP_TIME="$CASSANDRA_CQL_SLEEP_TIME" -export CASSANDRA_INIT_MAX_RETRIES="${CASSANDRA_INIT_MAX_RETRIES:-100}" -export DB_INIT_MAX_RETRIES="$CASSANDRA_INIT_MAX_RETRIES" -export CASSANDRA_INIT_SLEEP_TIME="${CASSANDRA_INIT_SLEEP_TIME:-5}" -export DB_INIT_SLEEP_TIME="$CASSANDRA_INIT_SLEEP_TIME" -export CASSANDRA_PEER_CQL_MAX_RETRIES="${CASSANDRA_PEER_CQL_MAX_RETRIES:-100}" -export DB_PEER_CQL_MAX_RETRIES="$CASSANDRA_PEER_CQL_MAX_RETRIES" -export CASSANDRA_PEER_CQL_SLEEP_TIME="${CASSANDRA_PEER_CQL_SLEEP_TIME:-10}" -export DB_PEER_CQL_SLEEP_TIME="$CASSANDRA_PEER_CQL_SLEEP_TIME" -export CASSANDRA_DELAY_START_TIME="${CASSANDRA_DELAY_START_TIME:-10}" -export DB_DELAY_START_TIME="$CASSANDRA_DELAY_START_TIME" - -# Snapshot settings -export CASSANDRA_AUTO_SNAPSHOT_TTL="${CASSANDRA_AUTO_SNAPSHOT_TTL:-30d}" -export DB_AUTO_SNAPSHOT_TTL="$CASSANDRA_AUTO_SNAPSHOT_TTL" - -# Authentication, Authorization and Credentials -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export CASSANDRA_AUTHORIZER="${CASSANDRA_AUTHORIZER:-CassandraAuthorizer}" -export DB_AUTHORIZER="$CASSANDRA_AUTHORIZER" -export CASSANDRA_AUTHENTICATOR="${CASSANDRA_AUTHENTICATOR:-PasswordAuthenticator}" -export DB_AUTHENTICATOR="$CASSANDRA_AUTHENTICATOR" -export CASSANDRA_USER="${CASSANDRA_USER:-cassandra}" -export DB_USER="$CASSANDRA_USER" -export CASSANDRA_PASSWORD="${CASSANDRA_PASSWORD:-}" -export DB_PASSWORD="$CASSANDRA_PASSWORD" -export CASSANDRA_KEYSTORE_PASSWORD="${CASSANDRA_KEYSTORE_PASSWORD:-cassandra}" -export DB_KEYSTORE_PASSWORD="$CASSANDRA_KEYSTORE_PASSWORD" -export CASSANDRA_TRUSTSTORE_PASSWORD="${CASSANDRA_TRUSTSTORE_PASSWORD:-cassandra}" -export DB_TRUSTSTORE_PASSWORD="$CASSANDRA_TRUSTSTORE_PASSWORD" -export CASSANDRA_KEYSTORE_LOCATION="${CASSANDRA_KEYSTORE_LOCATION:-${DB_VOLUME_DIR}/secrets/keystore}" -export DB_KEYSTORE_LOCATION="$CASSANDRA_KEYSTORE_LOCATION" -export CASSANDRA_TRUSTSTORE_LOCATION="${CASSANDRA_TRUSTSTORE_LOCATION:-${DB_VOLUME_DIR}/secrets/truststore}" -export DB_TRUSTSTORE_LOCATION="$CASSANDRA_TRUSTSTORE_LOCATION" -export CASSANDRA_TMP_P12_FILE="${CASSANDRA_TMP_P12_FILE:-${DB_TMP_DIR}/keystore.p12}" -export DB_TMP_P12_FILE="$CASSANDRA_TMP_P12_FILE" -export CASSANDRA_SSL_CERT_FILE="${CASSANDRA_SSL_CERT_FILE:-${DB_VOLUME_DIR}/client.cer.pem}" -export DB_SSL_CERT_FILE="$CASSANDRA_SSL_CERT_FILE" -export SSL_CERTFILE="$CASSANDRA_SSL_CERT_FILE" -export CASSANDRA_SSL_VALIDATE="${CASSANDRA_SSL_VALIDATE:-false}" -export DB_SSL_VALIDATE="$CASSANDRA_SSL_VALIDATE" -export SSL_VALIDATE="$CASSANDRA_SSL_VALIDATE" - -# cqlsh settings -export SSL_VERSION="${SSL_VERSION:-TLSv1_2}" - -# Custom environment variables may be defined below diff --git a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/entrypoint.sh b/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/entrypoint.sh deleted file mode 100755 index da37e4e4dd153..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/entrypoint.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -#set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libcassandra.sh - -# Load Cassandra environment variables -. /opt/bitnami/scripts/cassandra-env.sh - -print_welcome_page - -if is_positive_int "$DB_DELAY_START_TIME" && [[ "$DB_DELAY_START_TIME" -gt 0 ]]; then - info "** Delaying Cassandra start by ${DB_DELAY_START_TIME} seconds **" - sleep "$DB_DELAY_START_TIME" -fi - -if [[ "$*" = *"/opt/bitnami/scripts/cassandra/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Cassandra setup **" - /opt/bitnami/scripts/cassandra/setup.sh - info "** Cassandra setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh b/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh deleted file mode 100755 index d48e6fe856bd9..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libcassandra.sh - -# Load Cassandra environment variables -. /opt/bitnami/scripts/cassandra-env.sh - - -for dir in "$DB_INITSCRIPTS_DIR" "$DB_TMP_DIR" "$DB_LOG_DIR" "$DB_MOUNTED_CONF_DIR" "$DB_VOLUME_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Copy configuration files for the scripts to work -ensure_dir_exists "$DB_CONF_DIR" -cassandra_copy_default_config -chmod -R g+rwX "$DB_CONF_DIR" - -# Create wrapper for cqlsh -cat <"${DB_BIN_DIR}/cqlsh" -#!/bin/sh -exec "${PYTHON_BIN_DIR}/python" "${DB_BIN_DIR}/cqlsh.py" "\$@" -EOF - -chmod +x "${DB_BIN_DIR}/cqlsh" - -ensure_dir_exists "${HOME}/.cassandra" -chmod -R g+rwX "${HOME}/.cassandra" diff --git a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/run.sh b/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/run.sh deleted file mode 100755 index b3f222c3661c5..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/run.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libcassandra.sh -. /opt/bitnami/scripts/libos.sh - -# Load Cassandra environment variables -. /opt/bitnami/scripts/cassandra-env.sh - -# As we cannot use "local" we will use "readonly" for read-only variables. -# The scope of "readonly" is global, so we attach "__run_" to avoid conflicts -# with other variables in libcassandra.sh - -info "** Starting Cassandra **" - -# During the startup logic, we bootstap Cassandra. This is because Cassandra seeder nodes -# need to be able to connect to each other, and after that authentication can be configured. -# However, some applications may detect at this point that the database is ready. -# While in other bitnami containers we would stop the database and run it in foreground, -# we prefer keeping it running in this case. -# So, in this run.sh script, we first check if Cassandra was already running in -# one of the two cases: -# -# 1) Initial cluster initialization -# 2) Init scripts -# -# If none of the two cases apply, we assume it is an error and exit -if is_cassandra_running; then - __run_pid="$(get_pid_from_file "$DB_PID_FILE")" - running_log_file="" - - if [[ -f "$DB_FIRST_BOOT_LOG_FILE" ]]; then - running_log_file="$DB_FIRST_BOOT_LOG_FILE" - info "Cassandra already running with PID $__run_pid because of the initial cluster setup" - elif [[ -f "$DB_INITSCRIPTS_BOOT_LOG_FILE" ]]; then - running_log_file="$DB_INITSCRIPTS_BOOT_LOG_FILE" - info "Cassandra already running PID $__run_pid because of the init scripts execution" - else - error "Cassandra is already running for an unexpected reason. Exiting" - exit 1 - fi - - info "Tailing $running_log_file" - __run_tail_cmd="$(which tail)" - readonly __run_tail_flags=("--pid=${__run_pid}" "-n" "1000" "-f" "$running_log_file") - - if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "${__run_tail_cmd}" "${__run_tail_flags[@]}" - else - exec "${__run_tail_cmd}" "${__run_tail_flags[@]}" - fi -else - readonly __run_cmd="${DB_BIN_DIR}/cassandra" - readonly __run_flags=("-p $DB_PID_FILE" "-R" "-f") - if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "${__run_cmd}" "${__run_flags[@]}" - else - exec "${__run_cmd}" "${__run_flags[@]}" - fi -fi diff --git a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh b/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh deleted file mode 100755 index 5edebf92b8262..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Cassandra setup - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libcassandra.sh - -# Load Cassandra environment variables -. /opt/bitnami/scripts/cassandra-env.sh - -# Set default Cassandra host environment variable -cassandra_set_default_host -# Ensure Cassandra environment variables settings are valid -cassandra_validate -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" -# Ensure Cassandra is initialized -cassandra_initialize - -# Allow running custom initialization scripts -if ! is_boolean_yes "$DB_IGNORE_INITDB_SCRIPTS"; then - cassandra_custom_init_scripts -fi diff --git a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh b/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh deleted file mode 100644 index e73a45e46e3e4..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh +++ /dev/null @@ -1,1221 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Cassandra library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Change a Cassandra configuration yaml file by setting a property -# Globals: -# DB_* -# Arguments: -# $1 - property -# $2 - value -# $3 - Use quotes in value (default: yes) -# $4 - Path to configuration file (default: $DB_CONF_FILE) -# Returns: -# None -######################### -cassandra_yaml_set() { - local -r property="${1:?missing property}" - local -r value="${2:?missing value}" - local -r use_quotes="${3:-yes}" - local -r conf_file="${4:-$DB_CONF_FILE}" - - if is_boolean_yes "$use_quotes"; then - replace_in_file "$conf_file" "^(#\s)?(\s*)(\-\s*)?${property}:.*" "\2\3${property}: '${value}'" - else - replace_in_file "$conf_file" "^(#\s)?(\s*)(\-\s*)?${property}:.*" "\2\3${property}: ${value}" - fi -} - -######################### -# Set default Cassandra settings if not set -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_set_default_host() { - if [[ -z "${DB_HOST:-}" ]]; then - warn "DB_HOST not set, defaulting to system hostname" - local -r host="$(hostname)" - export DB_HOST="$host" - export DB_SEEDS="${DB_SEEDS:-$DB_HOST}" - export DB_PEERS="${DB_PEERS:-$DB_SEEDS}" - fi -} - -######################## -# Change a Cassandra configuration yaml file by setting a property as an array -# Globals: -# DB_* -# Arguments: -# $1 - property -# $2 - comma-separated string with the different values -# $3 - Use quotes in value (default: no) -# $4 - Path to configuration file (default: $DB_CONF_FILE) -# Returns: -# None -######################### -cassandra_yaml_set_as_array() { - local -r property="${1:?missing property}" - local -r array="${2:?missing value}" - local -r use_quotes="${3:-no}" - local -r conf_file="${4:-$DB_CONF_FILE}" - local substitution="\2${property}:" - - for value in "${array[@]}"; do - if is_boolean_yes "$use_quotes"; then - substitution+="\n\2 - '${value}'" - else - substitution+="\n\2 - ${value}" - fi - done - replace_in_file "$conf_file" "^(#\s)?(\s*)${property}:.*" "${substitution}" -} - -######################## -# Validate settings in DB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_validate() { - info "Validating settings in DB_* env vars.." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - - empty_password_warn() { - warn "You've not provided a password. Default password \"cassandra\" will be used. For safety reasons, please provide a secure password in a production environment." - } - - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - - check_default_password() { - if [[ "${!1}" = "cassandra" ]]; then - warn "You set the environment variable $1=cassandra. This is the default value when bootstrapping Cassandra and should not be used in production environments." - fi - } - - check_yes_no_value() { - if ! is_yes_no_value "${!1}"; then - print_validation_error "The allowed values for $1 are [yes, no]" - fi - } - - check_true_false_value() { - if ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for $1 are [true, false]" - fi - } - - check_conflicting_ports() { - local -r total="$#" - for i in $(seq 1 "$((total - 1))"); do - for j in $(seq "$((i + 1))" "$total"); do - if (("${!i}" == "${!j}")); then - print_validation_error "${!i} and ${!j} are bound to the same port" - fi - done - done - } - - check_allowed_port() { - local validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("${!1}") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port was specified in the environment variable $1: $err" - fi - } - - check_resolved_hostname() { - if ! is_hostname_resolved "$1"; then - warn "Hostname $1 could not be resolved. This could lead to connection issues" - fi - } - - check_positive_value() { - if ! is_positive_int "${!1}"; then - print_validation_error "The variable $1 must be positive integer" - fi - } - - check_empty_value() { - if is_empty_value "${!1}"; then - print_validation_error "The $1 environment variable is empty or not set." - fi - } - - check_password_file() { - if [[ -n "${!1:-}" ]] && ! [[ -f "${!1:-}" ]]; then - print_validation_error "The variable $1 is defined but the file ${!1} is not accessible or does not exist" - fi - } - - check_password_file DB_PASSWORD_FILE - check_password_file DB_TRUSTSTORE_PASSWORD_FILE - check_password_file DB_KEYSTORE_PASSWORD_FILE - - check_empty_value DB_RACK - check_empty_value DB_DATACENTER - - if [[ -z $DB_PASSWORD ]]; then - if ! is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_warn - export DB_PASSWORD="cassandra" - else - empty_password_enabled_warn - fi - fi - - check_default_password DB_PASSWORD - - if is_boolean_yes "$DB_CLIENT_ENCRYPTION" || is_boolean_yes "$DB_INTERNODE_ENCRYPTION"; then - check_empty_value DB_KEYSTORE_PASSWORD - check_empty_value DB_TRUSTSTORE_PASSWORD - check_default_password DB_KEYSTORE_PASSWORD - check_default_password DB_TRUSTSTORE_PASSWORD - fi - - check_yes_no_value DB_PASSWORD_SEEDER - check_true_false_value DB_ENABLE_REMOTE_CONNECTIONS - check_true_false_value DB_CLIENT_ENCRYPTION - check_true_false_value DB_ENABLE_USER_DEFINED_FUNCTIONS - check_true_false_value DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS - check_positive_value DB_NUM_TOKENS - check_positive_value DB_INIT_MAX_RETRIES - check_positive_value DB_CQL_MAX_RETRIES - check_positive_value DB_PEER_CQL_MAX_RETRIES - check_positive_value DB_INIT_SLEEP_TIME - check_positive_value DB_CQL_SLEEP_TIME - check_positive_value DB_PEER_CQL_SLEEP_TIME - check_positive_value DB_CQL_PORT_NUMBER - check_positive_value DB_JMX_PORT_NUMBER - check_positive_value DB_TRANSPORT_PORT_NUMBER - - check_conflicting_ports DB_CQL_PORT_NUMBER DB_JMX_PORT_NUMBER DB_TRANSPORT_PORT_NUMBER - - check_allowed_port DB_CQL_PORT_NUMBER - check_allowed_port DB_TRANSPORT_PORT_NUMBER - check_allowed_port DB_JMX_PORT_NUMBER - - check_resolved_hostname "$DB_HOST" - for peer in ${DB_PEERS//,/ }; do - check_resolved_hostname "$peer" - done - for seed in ${DB_SEEDS//,/ }; do - check_resolved_hostname "$seed" - done - - if [[ ! ${DB_AUTO_SNAPSHOT_TTL} =~ ([1-9]{1}[0-9]{0,}[d|h|m]) ]]; then - print_validation_error "DB_AUTO_SNAPSHOT_TTL accepted units: d (days), h (hours) or m (minutes)" - fi - - check_true_false_value DB_SSL_VALIDATE - check_true_false_value DB_AUTOMATIC_SSTABLE_UPGRADE - - if ((${#DB_PASSWORD} > 512)); then - print_validation_error "The password cannot be longer than 512 characters. Set the environment variable DB_PASSWORD with a shorter value" - fi - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Check if a given configuration file was mounted externally -# Globals: -# DB_* -# Arguments: -# $1 - Filename -# Returns: -# true if the file was mounted externally, false otherwise -######################### -cassandra_is_file_external() { - local -r filename="${1:?file_is_missing}" - if [[ -f "${DB_MOUNTED_CONF_DIR}/${filename}" ]]; then - true - else - false - fi -} - -######################## -# Copy mounted configuration files -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_copy_mounted_config() { - if ! is_dir_empty "$DB_MOUNTED_CONF_DIR"; then - cp -Lr "$DB_MOUNTED_CONF_DIR"/* "$DB_CONF_DIR" - fi -} - -######################## -# Copy default configuration files in case there are no mounted ones -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_copy_default_config() { - local -r tmp_file_list=/tmp/conf_file_list - find "$DB_DEFAULT_CONF_DIR" -type f >$tmp_file_list - while read -r f; do - filename="${f#"${DB_DEFAULT_CONF_DIR}/"}" # Get path with subfolder - dest="${f//$DB_DEFAULT_CONF_DIR/$DB_CONF_DIR}" - if [[ -f "$dest" ]]; then - debug "Found ${filename}. Skipping default" - else - debug "No injected ${filename} file found. Creating default ${filename} file" - # There are conf files in subfolders. We may need to create them - mkdir -p "$(dirname "$dest")" - cp "$f" "$dest" - fi - done <$tmp_file_list - rm "$tmp_file_list" -} - -######################## -# Configure the path to the different data directories (ignored if cassandra.yaml is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_data_dirs() { - if ! cassandra_is_file_external "cassandra.yaml"; then - cassandra_yaml_set_as_array data_file_directories "${DB_DATA_DIR}/data" "$DB_CONF_FILE" - - cassandra_yaml_set commitlog_directory "$DB_COMMITLOG_DIR" - cassandra_yaml_set hints_directory "${DB_DATA_DIR}/hints" - cassandra_yaml_set cdc_raw_directory "${DB_DATA_DIR}/cdc_raw" - cassandra_yaml_set saved_caches_directory "${DB_DATA_DIR}/saved_caches" - else - debug "cassandra.yaml mounted. Skipping data directory configuration" - fi -} - -######################## -# Enable password-based authentication (ignored if cassandra.yaml is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_enable_auth() { - if ! cassandra_is_file_external "cassandra.yaml"; then - if [[ "$ALLOW_EMPTY_PASSWORD" = "yes" ]] && [[ -z $DB_PASSWORD ]]; then - cassandra_yaml_set "authenticator" "AllowAllAuthenticator" - cassandra_yaml_set "authorizer" "AllowAllAuthorizer" - else - cassandra_yaml_set "authenticator" "${DB_AUTHENTICATOR}" - cassandra_yaml_set "authorizer" "${DB_AUTHORIZER}" - fi - else - debug "cassandra.yaml mounted. Skipping authentication method configuration" - fi -} - -######################## -# Configure logging settings (ignored if logback.xml is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_logging() { - if ! cassandra_is_file_external "logback.xml"; then - replace_in_file "${DB_CONF_DIR}/logback.xml" "system[.]log" "cassandra.log" - if [[ "$BITNAMI_DEBUG" = "false" ]]; then - replace_in_file "${DB_CONF_DIR}/logback.xml" "()" "" - fi - else - debug "logback.xml mounted. Skipping logging configuration" - fi -} - -######################## -# Configure cluster settings (modifies cassandra.yaml and cassandra-env.sh if not mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_cluster() { - local host="127.0.0.1" - local rpc_address="127.0.0.1" - local cassandra_config - - if [[ "$DB_ENABLE_REMOTE_CONNECTIONS" = "true" ]]; then - host="$DB_HOST" - rpc_address="0.0.0.0" - fi - # cassandra.yaml changes - if ! cassandra_is_file_external "cassandra.yaml"; then - cassandra_yaml_set "num_tokens" "$DB_NUM_TOKENS" "no" - cassandra_yaml_set "cluster_name" "$DB_CLUSTER_NAME" - cassandra_yaml_set "listen_address" "$host" - cassandra_yaml_set "seeds" "$DB_SEEDS" - cassandra_yaml_set "start_rpc" "$DB_ENABLE_RPC" "no" - cassandra_yaml_set "enable_user_defined_functions" "$DB_ENABLE_USER_DEFINED_FUNCTIONS" "no" - cassandra_yaml_set "enable_scripted_user_defined_functions" "$DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS" "no" - cassandra_yaml_set "rpc_address" "$rpc_address" - cassandra_yaml_set "broadcast_rpc_address" "$host" - cassandra_yaml_set "endpoint_snitch" "$DB_ENDPOINT_SNITCH" - cassandra_yaml_set "internode_encryption" "$DB_INTERNODE_ENCRYPTION" - cassandra_yaml_set "keystore" "$DB_KEYSTORE_LOCATION" - cassandra_yaml_set "keystore_password" "$DB_KEYSTORE_PASSWORD" - cassandra_yaml_set "truststore" "$DB_TRUSTSTORE_LOCATION" - cassandra_yaml_set "truststore_password" "$DB_TRUSTSTORE_PASSWORD" - cassandra_yaml_set "auto_snapshot_ttl" "$DB_AUTO_SNAPSHOT_TTL" - - if [[ -n "$DB_BROADCAST_ADDRESS" ]]; then - cassandra_yaml_set "broadcast_address" "$DB_BROADCAST_ADDRESS" - fi - - if [[ -n "$DB_AUTOMATIC_SSTABLE_UPGRADE" ]]; then - cassandra_yaml_set "automatic_sstable_upgrade" "$DB_AUTOMATIC_SSTABLE_UPGRADE" - fi - - cassandra_config="$(sed -E "/client_encryption_options:.*/ {N;N; s/client_encryption_options:[^\n]*(\n\s+#.*)?(\n\s+enabled:).*/client_encryption_options:\1\2 $DB_CLIENT_ENCRYPTION/g}" "$DB_CONF_FILE")" - echo "$cassandra_config" >"$DB_CONF_FILE" - else - debug "cassandra.yaml mounted. Skipping cluster configuration" - fi - - # cassandra-env.sh changes - if ! cassandra_is_file_external "cassandra-env.sh"; then - replace_in_file "${DB_CONF_DIR}/cassandra-env.sh" "#\s*JVM_OPTS=\"\$JVM_OPTS -Djava[.]rmi[.]server[.]hostname=[^\"]*" "JVM_OPTS=\"\$JVM_OPTS -Djava.rmi.server.hostname=${host}" - else - debug "cassandra-env.sh mounted. Skipping setting server hostname" - fi -} - -######################## -# Configure java path (ignored if cassandra-env.sh is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_java() { - if ! cassandra_is_file_external "cassandra-env.sh"; then - replace_in_file "${DB_CONF_DIR}/cassandra-env.sh" "(calculate_heap_sizes\(\))" "\nJAVA_HOME=$JAVA_BASE_DIR\nJAVA=$JAVA_BIN_DIR/java\n\n\1" - else - debug "cassandra-env.sh mounted. Skipping JAVA_HOME configuration" - fi -} - -######################## -# Configure jemalloc path (ignored if cassandra-env.sh is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_jemalloc() { - if ! cassandra_is_file_external "cassandra-env.sh"; then - if [[ -n "$(find_jemalloc_lib)" ]]; then - echo "JVM_OPTS=\"\$JVM_OPTS -Dcassandra.libjemalloc=$(find_jemalloc_lib)\"" >>"${DB_CONF_DIR}/cassandra-env.sh" - else - warn "Couldn't find jemalloc installed. Skipping jemalloc configuration." - fi - else - debug "cassandra-env.sh mounted. Skipping jemalloc configuration." - fi -} - -######################## -# Change the password for the cassandra user -# Globals: -# DB_* -# Arguments: -# 1 - Old password (default: cassandra) -# 2 - New Password (default: $DB_PASSWORD) -# 3 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) -# 4 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) -# Returns: -# None -######################### -cassandra_change_cassandra_password() { - local -r old_password="${1:-cassandra}" - local -r new_password="${2:-$DB_PASSWORD}" - local -r retries="${3:-$DB_CQL_MAX_RETRIES}" - local -r sleep_time="${4:-$DB_CQL_SLEEP_TIME}" - - info 'Updating the password for the "cassandra" user...' - local -r user="cassandra" - local -r escaped_password="${new_password//\'/\'\'}" - - if (echo "ALTER USER cassandra WITH PASSWORD \$\$${escaped_password}\$\$;" | cassandra_execute_with_retries "$retries" "$sleep_time" "$user" "$old_password"); then - debug "ALTER USER command executed. Trying to log in" - wait_for_cql_access "$user" "$new_password" "" "$retries" "$sleep_time" - info "Password updated successfully" - fi -} - -######################## -# Create a new admin user -# Globals: -# DB_* -# Arguments: -# 1 - New username (default: $DB_USER) -# 2 - New user password (default: $DB_PASSWORD) -# 3 - Admin username (which will create the new user) (default: cassandra) -# 4 - Admin password (default: cassandra) -# 5 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) -# 6 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) -# Returns: -# None -######################### -cassandra_create_admin_user() { - local -r new_user="${1:-$DB_USER}" - local -r password="${2:-$DB_PASSWORD}" - local -r admin_user="${3:-cassandra}" - local -r admin_user_password="${4:-cassandra}" - local -r retries="${5:-$DB_CQL_MAX_RETRIES}" - local -r sleep_time="${6:-$DB_CQL_SLEEP_TIME}" - - info "Creating super-user $new_user" - local -r escaped_password="${password//\'/\'\'}" - - echo "CREATE USER '${new_user}' WITH PASSWORD \$\$${escaped_password}\$\$ SUPERUSER;" | cassandra_execute_with_retries "$retries" "$sleep_time" "$admin_user" "$admin_user_password" -} - -######################## -# Configure port binding (modifies cassandra.yaml and cassandra-env.sh if not mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_ports() { - if ! cassandra_is_file_external "cassandra.yaml"; then - cassandra_yaml_set "native_transport_port" "$DB_CQL_PORT_NUMBER" "no" - cassandra_yaml_set "storage_port" "$DB_TRANSPORT_PORT_NUMBER" "no" - else - debug "cassandra.yaml mounted. Skipping native and storage ports configuration" - fi - - if ! cassandra_is_file_external "cassandra-env.sh"; then - replace_in_file "${DB_CONF_DIR}/cassandra-env.sh" "JMX_PORT=.*" "JMX_PORT=$DB_JMX_PORT_NUMBER" - else - debug "cassandra-env.sh mounted. Skipping JMX port configuration" - fi -} - -######################## -# Configure rack and datacenter (ignored if cassandra-rackdc.properties is mounted) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_rack_dc() { - if ! cassandra_is_file_external "cassandra-rackdc.properties"; then - replace_in_file "${DB_CONF_DIR}/cassandra-rackdc.properties" "dc=.*" "dc=${DB_DATACENTER}" - replace_in_file "${DB_CONF_DIR}/cassandra-rackdc.properties" "rack=.*" "rack=${DB_RACK}" - else - debug "cassandra-rackdc.properties mounted. Skipping rack and datacenter configuration" - fi -} - -######################## -# Remove PIDs, log files and conf files from a previous run (case of container restart) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_clean_from_restart() { - rm -f "$DB_PID_FILE" - rm -f "$DB_FIRST_BOOT_LOG_FILE" "$DB_INITSCRIPTS_BOOT_LOG_FILE" - if ! is_dir_empty "$DB_CONF_DIR"; then - rm -rf "${DB_CONF_DIR:?}"/* - fi -} - -######################## -# Generate the client configurartion if ssl is configured in the server -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_client_ssl() { - info "Configuring client for SSL" - - # The key is store in a jks keystore and needs to be converted to pks12 to be extracted - keytool -importkeystore -srckeystore "${DB_KEYSTORE_LOCATION}" \ - -destkeystore "${DB_TMP_P12_FILE}" \ - -deststoretype PKCS12 \ - -srcstorepass "${DB_KEYSTORE_PASSWORD}" \ - -deststorepass "${DB_KEYSTORE_PASSWORD}" - - openssl pkcs12 -in "${DB_TMP_P12_FILE}" -nokeys \ - -out "${DB_SSL_CERT_FILE}" -passin pass:"${DB_KEYSTORE_PASSWORD}" - rm "${DB_TMP_P12_FILE}" -} - -######################## -# Ensure Cassandra is initialized -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_initialize() { - info "Initializing Cassandra database..." - - cassandra_clean_from_restart - cassandra_copy_mounted_config - cassandra_copy_default_config - cassandra_enable_auth - cassandra_setup_java - cassandra_setup_jemalloc - cassandra_setup_logging - cassandra_setup_ports - cassandra_setup_rack_dc - cassandra_setup_data_dirs - cassandra_setup_cluster - cassandra_setup_from_environment_variables # Give priority to users configuration - - is_boolean_yes "$DB_CLIENT_ENCRYPTION" && cassandra_setup_client_ssl - - debug "Ensuring expected directories/files exist..." - for dir in "$DB_DATA_DIR" "$DB_TMP_DIR" "$DB_LOG_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir" - done - - if ! is_dir_empty "$DB_DATA_DIR"; then - info "Deploying Cassandra with persisted data" - else - info "Deploying Cassandra from scratch" - cassandra_start_bg "$DB_FIRST_BOOT_LOG_FILE" - if is_boolean_yes "$DB_PASSWORD_SEEDER"; then - info "Password seeder node" - # Check that all peers are ready - for peer in ${DB_PEERS//,/ }; do - wait_for_cql_access "cassandra" "cassandra" "$peer" "$DB_PEER_CQL_MAX_RETRIES" "$DB_PEER_CQL_SLEEP_TIME" - done - # Setup user - if [[ "$DB_USER" = "cassandra" ]]; then - cassandra_change_cassandra_password "cassandra" "$DB_PASSWORD" "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" - else - cassandra_create_admin_user "$DB_USER" "$DB_PASSWORD" "cassandra" "cassandra" "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" - fi - - cassandra_execute_startup_cql - else - info "Non-seeder node. Waiting for synchronization" - wait_for_cql_access "$DB_USER" "$DB_PASSWORD" "" "$DB_PEER_CQL_MAX_RETRIES" "$DB_PEER_CQL_SLEEP_TIME" - fi - fi -} - -######################## -# Execute Cassandra startup cql (defined in DB_STARTUP_CQL) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_execute_startup_cql() { - if [[ -n "$DB_STARTUP_CQL" ]]; then - info "Executing Startup CQL" - if ! (echo "$DB_STARTUP_CQL" | cassandra_execute_with_retries "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" "$DB_USER" "$DB_PASSWORD"); then - error "Failed executing startup CQL command" - exit 1 - fi - info "Startup CQL commands executed successfully" - fi -} - -######################## -# Run custom initialization scripts -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_custom_init_scripts() { - if [[ -n "$(find "$DB_INITSCRIPTS_DIR/" \( -type f -o -type l \) -regex ".*\.\(sh\|cql\|cql.gz\)" ! -path "*/.*/*")" ]] && [[ ! -f "$DB_VOLUME_DIR/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $DB_INITSCRIPTS_DIR ..." - local -r tmp_file="/tmp/filelist" - if ! is_cassandra_running; then - cassandra_start_bg "$DB_INITSCRIPTS_BOOT_LOG_FILE" - wait_for_cql_access - fi - find "${DB_INITSCRIPTS_DIR}/" \( -type f -o -type l \) -regex ".*\.\(sh\|cql\|cql.gz\)" ! -path "*/.*/*" | sort >"$tmp_file" - while read -r f; do - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - debug "Executing $f" - "$f" - else - debug "Sourcing $f" - . "$f" - fi - ;; - *.cql) - debug "Executing $f" - cassandra_execute "$DB_USER" "$DB_PASSWORD" <"$f" - ;; - *.cql.gz) - debug "Executing $f" - gunzip -c "$f" | cassandra_execute "$DB_USER" "$DB_PASSWORD" - ;; - *) debug "Ignoring $f" ;; - esac - done <$tmp_file - rm -f "$tmp_file" - touch "$DB_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Execute an arbitrary query/queries against the running Cassandra service -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - User to run queries -# $2 - Password -# $3 - Keyspace -# $4 - Host (default: localhost) -# $5 - Extra flags -# Returns: -# None -####################### -cassandra_execute() { - local -r user="${1:-$DB_USER}" - local -r pass="${2:-$DB_PASSWORD}" - local -r keyspace="${3:-}" - local -r host="${4:-localhost}" - local -r extra_args="${5:-}" - local -r port="${DB_CQL_PORT_NUMBER}" - local -r cmd=("${DB_BIN_DIR}/cqlsh") - local args=("-u" "$user" "-p" "$pass") - - is_boolean_yes "$DB_CLIENT_ENCRYPTION" && args+=("--ssl") - [[ -n "$keyspace" ]] && args+=("-k" "$keyspace") - if [[ -n "$extra_args" ]]; then - local extra_args_array=() - read -r -a extra_args_array <<<"$extra_args" - [[ "${#extra_args[@]}" -gt 0 ]] && args+=("${extra_args_array[@]}") - fi - args+=("$host") - args+=("$port") - if [[ "${BITNAMI_DEBUG}" = true ]]; then - local -r command="$(cat)" - debug "Executing CQL \"$command\"" - echo "$command" | "${cmd[@]}" "${args[@]}" - else - "${cmd[@]}" "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Execute an arbitrary query/queries against the running Cassandra service with retries (in case Cassandra is still initializing or performing consistency operations) -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) -# $2 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) -# $3 - User to run queries -# $4 - Password -# $5 - Keyspace -# $6 - Host (default: localhost) -# $7 - Extra flags -# Returns: -# None -####################### -cassandra_execute_with_retries() { - local -r retries="${1:-$DB_CQL_MAX_RETRIES}" - local -r sleep_time="${2:-$DB_CQL_SLEEP_TIME}" - local -r user="${3:-$DB_USER}" - local -r pass="${4:-$DB_PASSWORD}" - local -r keyspace="${5:-}" - local -r host="${6:-localhost}" - local -r extra_args="${7:-}" - - local success=no - - # Get command from stdin as we will retry it several times - local -r command="$(cat)" - - for i in $(seq 1 "$retries"); do - if (echo "$command" | cassandra_execute "$user" "$pass" "$keyspace" "$host" "$extra_args"); then - success=yes - break - fi - sleep "$sleep_time" - done - if is_boolean_yes "$success"; then - true - else - error "CQL command failed $retries times" - false - fi -} - -######################## -# Wait until nodetool checks the node is ready -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) -# $2 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) -# Returns: -# None -######################### -wait_for_nodetool_up() { - local -r retries="${1:-$DB_INIT_MAX_RETRIES}" - local -r sleep_time="${2:-$DB_INIT_SLEEP_TIME}" - - debug "Checking status with nodetool" - - check_function_nodetool_node_ip() { - # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error - # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html - local -r check_cmd=("${DB_BIN_DIR}/nodetool" "-Dcom.sun.jndi.rmiURLParsing=legacy") - local -r check_args=("status" "--port" "$DB_JMX_PORT_NUMBER") - local -r machine_ip="$(dns_lookup "${DB_BROADCAST_ADDRESS:-$DB_HOST}" "v4")" - local -r check_regex="UN\s*(${DB_HOST}|${machine_ip}|127.0.0.1)" - - local output="/dev/null" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - output="/dev/stdout" - fi - - "${check_cmd[@]}" "${check_args[@]}" | grep -E "${check_regex}" >"${output}" - } - - check_function_nodetool_node_count() { - # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error - # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html - local -r check_cmd=("${DB_BIN_DIR}/nodetool" "-Dcom.sun.jndi.rmiURLParsing=legacy") - local -r check_args=("status" "--port" "$DB_JMX_PORT_NUMBER") - local -r machine_ip="$(dns_lookup "${DB_BROADCAST_ADDRESS:-$DB_HOST}" "v4")" - local -r check_regex="UN\s*" - read -r -a host_list <<<"$(tr ',;' ' ' <<<"$DB_NODES")" - local -r expected_node_count="${#host_list[@]}" - local actual_node_count - - local output="/dev/null" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - output="/dev/stdout" - fi - - actual_node_count=$("${check_cmd[@]}" "${check_args[@]}" | grep -c "${check_regex}" || true) - if [[ "$expected_node_count" != "$actual_node_count" ]]; then - false - fi - } - - if retry_while check_function_nodetool_node_ip "$retries" "$sleep_time"; then - info "Nodetool reported the successful startup of Cassandra" - true - else - error "Cassandra failed to start up" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - error "Nodetool output" - "${check_cmd[@]}" "${check_args[@]}" - fi - exit 1 - fi - - if [[ -n "$DB_NODES" ]]; then - if retry_while check_function_nodetool_node_count "$retries" "$sleep_time"; then - info "All nodes reached the UN status (Up/Normal)" - true - else - error "Some nodes did not reach the UN status (Up/Normal)" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - error "Nodetool output" - "${check_cmd[@]}" "${check_args[@]}" - fi - exit 1 - fi - fi -} - -######################## -# Wait until the log file shows that CQL is ready -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Log file to check -# $1 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) -# $2 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) -# Returns: -# None -######################### -wait_for_cql_log_entry() { - local -r logger="${1:-/dev/stdout}" - local -r retries="${2:-$DB_INIT_MAX_RETRIES}" - local -r sleep_time="${3:-$DB_INIT_SLEEP_TIME}" - - debug "Checking that log $logger contains entry \"Starting listening for CQL clients\"" - - check_function_log_entry() { - local -r check_cmd=("cat") - local -r check_args=("$logger") - local -r check_regex="Starting listening for CQL clients" - - local output="/dev/null" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - output="/dev/stdout" - fi - "${check_cmd[@]}" "${check_args[@]}" | grep -E "${check_regex}" >"${output}" - } - - if retry_while check_function_log_entry "$retries" "$sleep_time"; then - info "Found CQL startup log line" - else - error "Cassandra failed to start up" - if [[ "$BITNAMI_DEBUG" = "true" ]]; then - error "Log content" - cat "$logger" - fi - exit 1 - fi -} - -######################## -# Poll until the CQL command DESCRIBE KEYSPACES works successfully -# Globals: -# DB_* -# Arguments: -# 1 - Username (default: $DB_USER) -# 2 - Password (default: $DB_PASSWORD) -# 3 - Hostname (default: $DB_HOST) -# 4 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) -# 5 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) -# Returns: -# None -######################### -wait_for_cql_access() { - local -r user="${1:-$DB_USER}" - local -r password="${2:-$DB_PASSWORD}" - local -r host="${3:-$DB_HOST}" - local -r max_retries="${4:-$DB_CQL_MAX_RETRIES}" - local -r sleep_time="${5:-$DB_CQL_SLEEP_TIME}" - - info "Trying to access CQL server @ $host" - if (echo "DESCRIBE KEYSPACES" | cassandra_execute_with_retries "$max_retries" "$sleep_time" "$user" "$password" "" "$host"); then - info "Accessed CQL server successfully" - else - error "Could not access CQL server" - exit 1 - fi -} - -######################## -# Start Cassandra and wait until it is ready -# Globals: -# DB_* -# Arguments: -# $1 - Log file to write (default /dev/stdout) -# $2 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) -# $3 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) -# Returns: -# None -######################### -cassandra_start_bg() { - local -r logger="${1:-/dev/stdout}" - local -r retries="${2:-$DB_INIT_MAX_RETRIES}" - local -r sleep_time="${3:-$DB_INIT_SLEEP_TIME}" - - info "Starting Cassandra" - local -r cmd=("$DB_BIN_DIR/cassandra") - local -r args=("-p" "$DB_PID_FILE" "-R" "-f") - - if am_i_root; then - run_as_user "$DB_DAEMON_USER" "${cmd[@]}" "${args[@]}" >"$logger" 2>&1 & - else - "${cmd[@]}" "${args[@]}" >"$logger" 2>&1 & - fi - - # Even though we set the pid, cassandra is not creating the proper file, so we create it manually - echo $! >"$DB_PID_FILE" - - info "Checking that it started up correctly" - - if [[ "$logger" != "/dev/stdout" ]]; then - am_i_root && chown "$DB_DAEMON_USER":"$DB_DAEMON_GROUP" "$logger" - wait_for_cql_log_entry "$logger" "$retries" "$sleep_time" - fi - wait_for_nodetool_up "$retries" "$sleep_time" -} - -######################## -# Stop Cassandra -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_stop() { - ! is_cassandra_running && return - info "Stopping Cassandra..." - stop_cassandra() { - # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error - # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html - "${DB_BIN_DIR}/nodetool" "-Dcom.sun.jndi.rmiURLParsing=legacy" stopdaemon - is_cassandra_not_running - } - - if ! retry_while "stop_cassandra" "$DB_INIT_MAX_RETRIES" "$DB_INIT_SLEEP_TIME"; then - error "Cassandra failed to stop" - exit 1 - fi - # Manually remove PID file - rm -f "$DB_PID_FILE" -} - -######################## -# Check if Cassandra is running -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Boolean -######################### -is_cassandra_running() { - local -r pid="$(get_pid_from_file "$DB_PID_FILE")" - - if [[ -z "$pid" ]]; then - false - else - is_service_running "$pid" - fi -} - -######################## -# Return true if cassandra is not running -# Globals: -# KONG_* -# Arguments: -# None -# Returns: -# None -######################### -is_cassandra_not_running() { - ! is_cassandra_running -} - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -cassandra_common_conf_set() { - local -r file="${1:?missing file}" - local -r key="${2:?missing key}" - shift 2 - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - cassandra_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Set a configuration setting value to cassandra-env.sh -# Globals: -# DB_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -cassandra_env_conf_set() { - cassandra_common_conf_set "${DB_CONF_DIR}/cassandra-env.sh" "$@" -} - -######################## -# Set a configuration setting value to cassandra-rackdc.properties -# Globals: -# DB_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -cassandra_rackdc_conf_set() { - cassandra_common_conf_set "${DB_CONF_DIR}/cassandra-rackdc.properties" "$@" -} - -######################## -# Set a configuration setting value to commitlog_archiving.properties -# Globals: -# DB_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -cassandra_commitlog_conf_set() { - cassandra_common_conf_set "${DB_CONF_DIR}/commitlog_archiving.properties" "$@" -} - -######################## -# Configure Cassandra configuration files from environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -cassandra_setup_from_environment_variables() { - # Map environment variables to config properties for cassandra-env.sh - for var in "${!DB_CFG_ENV_@}"; do - # shellcheck disable=SC2001 - key="$(echo "$var" | sed -e 's/^DB_CFG_ENV_//g')" - value="${!var}" - cassandra_env_conf_set "$key" "$value" - done - # Map environment variables to config properties for cassandra-rackdc.properties - for var in "${!DB_CFG_RACKDC_@}"; do - key="$(echo "$var" | sed -e 's/^DB_CFG_RACKDC_//g' | tr '[:upper:]' '[:lower:]')" - value="${!var}" - cassandra_rackdc_conf_set "$key" "$value" - done - # Map environment variables to config properties for commitlog_archiving.properties - for var in "${!DB_CFG_COMMITLOG_@}"; do - key="$(echo "$var" | sed -e 's/^DB_CFG_COMMITLOG_//g' | tr '[:upper:]' '[:lower:]')" - value="${!var}" - cassandra_commitlog_conf_set "$key" "$value" - done - if ! cassandra_is_file_external "cassandra.yaml"; then - # Map environment variables to config properties for cassandra.yaml - for var in "${!DB_CFG_YAML_@}"; do - # shellcheck disable=SC2001 - key="$(echo "$var" | sed -e 's/^DB_CFG_YAML_//g' | tr '[:upper:]' '[:lower:]')" - value="${!var}" - cassandra_yaml_set "$key" "$value" - done - else - debug "cassandra.yaml mounted. Skipping data directory configuration" - fi -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=("/usr/lib" "/usr/lib64") - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} diff --git a/bitnami/cassandra/4.1/debian-12/tags-info.yaml b/bitnami/cassandra/4.1/debian-12/tags-info.yaml deleted file mode 100644 index c7d3b63ea122a..0000000000000 --- a/bitnami/cassandra/4.1/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "4.1" -- 4.1-debian-12 -- 4.1.5 -- latest diff --git a/bitnami/cassandra/5.0/debian-12/Dockerfile b/bitnami/cassandra/5.0/debian-12/Dockerfile new file mode 100644 index 0000000000000..bab12a6c7e9c6 --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/Dockerfile @@ -0,0 +1,66 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-08T21:30:13Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cassandra/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="5.0.2-debian-12-r5" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cassandra" \ + org.opencontainers.image.title="cassandra" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="5.0.2" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgssapi-krb5-2 libjemalloc2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libtinfo6 libtirpc3 procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "python-3.11.11-1-linux-${OS_ARCH}-debian-12" \ + "java-11.0.25-11-1-linux-${OS_ARCH}-debian-12" \ + "cassandra-5.0.2-1-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN ln -s /opt/bitnami/scripts/cassandra/entrypoint.sh /entrypoint.sh +RUN ln -s /opt/bitnami/scripts/cassandra/run.sh /run.sh +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN /opt/bitnami/scripts/cassandra/postunpack.sh +RUN /opt/bitnami/scripts/java/postunpack.sh +ENV APP_VERSION="5.0.2" \ + BITNAMI_APP_NAME="cassandra" \ + JAVA_HOME="/opt/bitnami/java" \ + PATH="/opt/bitnami/python/bin:/opt/bitnami/java/bin:/opt/bitnami/cassandra/bin:$PATH" + +EXPOSE 7000 9042 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/cassandra/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/cassandra/run.sh" ] diff --git a/bitnami/cassandra/5.0/debian-12/docker-compose.yml b/bitnami/cassandra/5.0/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..0ce09ba5d9b31 --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/docker-compose.yml @@ -0,0 +1,18 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + cassandra: + image: docker.io/bitnami/cassandra:5.0 + ports: + - '7000:7000' + - '9042:9042' + volumes: + - 'cassandra_data:/bitnami' + environment: + - CASSANDRA_SEEDS=cassandra + - CASSANDRA_PASSWORD_SEEDER=yes + - CASSANDRA_PASSWORD=cassandra +volumes: + cassandra_data: + driver: local diff --git a/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..6089e5b0dd7cb --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,20 @@ +{ + "cassandra": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "5.0.2-1" + }, + "java": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.0.25-11-1" + }, + "python": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "3.11.11-1" + } +} \ No newline at end of file diff --git a/bitnami/airflow-exporter/0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/airflow-exporter/0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/joomla/5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/joomla/5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/cassandra/5.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/airflow-exporter/0/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/cassandra/5.0/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/airflow-exporter/0/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/cassandra/5.0/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/airflow-exporter/0/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/cassandra/5.0/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/airflow-exporter/0/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/cassandra/5.0/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh new file mode 100644 index 0000000000000..49b06142e461f --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra-env.sh @@ -0,0 +1,264 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for cassandra + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-cassandra}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +cassandra_env_vars=( + CASSANDRA_CLIENT_ENCRYPTION + CASSANDRA_CLUSTER_NAME + CASSANDRA_DATACENTER + CASSANDRA_ENABLE_REMOTE_CONNECTIONS + CASSANDRA_ENABLE_RPC + CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS + CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS + CASSANDRA_ENDPOINT_SNITCH + CASSANDRA_HOST + CASSANDRA_INTERNODE_ENCRYPTION + CASSANDRA_NUM_TOKENS + CASSANDRA_PASSWORD_SEEDER + CASSANDRA_SEEDS + CASSANDRA_PEERS + CASSANDRA_NODES + CASSANDRA_RACK + CASSANDRA_BROADCAST_ADDRESS + CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE + CASSANDRA_STARTUP_CQL + CASSANDRA_IGNORE_INITDB_SCRIPTS + CASSANDRA_CQL_PORT_NUMBER + CASSANDRA_JMX_PORT_NUMBER + CASSANDRA_TRANSPORT_PORT_NUMBER + CASSANDRA_CQL_MAX_RETRIES + CASSANDRA_CQL_SLEEP_TIME + CASSANDRA_INIT_MAX_RETRIES + CASSANDRA_INIT_SLEEP_TIME + CASSANDRA_PEER_CQL_MAX_RETRIES + CASSANDRA_PEER_CQL_SLEEP_TIME + CASSANDRA_DELAY_START_TIME + CASSANDRA_AUTO_SNAPSHOT_TTL + ALLOW_EMPTY_PASSWORD + CASSANDRA_AUTHORIZER + CASSANDRA_AUTHENTICATOR + CASSANDRA_USER + CASSANDRA_PASSWORD + CASSANDRA_KEYSTORE_PASSWORD + CASSANDRA_TRUSTSTORE_PASSWORD + CASSANDRA_KEYSTORE_LOCATION + CASSANDRA_TRUSTSTORE_LOCATION + CASSANDRA_TMP_P12_FILE + CASSANDRA_SSL_CERT_FILE + CASSANDRA_SSL_KEY_FILE + CASSANDRA_SSL_CA_FILE + CASSANDRA_SSL_VALIDATE + SSL_VERSION + CASSANDRA_MOUNTED_CONF_DIR + JAVA_TOOL_OPTIONS +) +for env_var in "${cassandra_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset cassandra_env_vars +export DB_FLAVOR="cassandra" + +# Paths +export CASSANDRA_BASE_DIR="/opt/bitnami/cassandra" +export DB_BASE_DIR="$CASSANDRA_BASE_DIR" +export CASSANDRA_BIN_DIR="${DB_BASE_DIR}/bin" +export DB_BIN_DIR="$CASSANDRA_BIN_DIR" +export CASSANDRA_VOLUME_DIR="/bitnami/cassandra" +export DB_VOLUME_DIR="$CASSANDRA_VOLUME_DIR" +export CASSANDRA_DATA_DIR="${DB_VOLUME_DIR}/data" +export DB_DATA_DIR="$CASSANDRA_DATA_DIR" +export CASSANDRA_COMMITLOG_DIR="${DB_DATA_DIR}/commitlog" +export DB_COMMITLOG_DIR="$CASSANDRA_COMMITLOG_DIR" +export CASSANDRA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" +export DB_INITSCRIPTS_DIR="$CASSANDRA_INITSCRIPTS_DIR" +export CASSANDRA_LOG_DIR="${DB_BASE_DIR}/logs" +export DB_LOG_DIR="$CASSANDRA_LOG_DIR" +export CASSANDRA_TMP_DIR="${DB_BASE_DIR}/tmp" +export DB_TMP_DIR="$CASSANDRA_TMP_DIR" +export JAVA_BASE_DIR="${BITNAMI_ROOT_DIR}/java" +export JAVA_BIN_DIR="${JAVA_BASE_DIR}/bin" +export PYTHON_BASE_DIR="${BITNAMI_ROOT_DIR}/python" +export PYTHON_BIN_DIR="${PYTHON_BASE_DIR}/bin" +export CASSANDRA_LOG_FILE="${DB_LOG_DIR}/cassandra.log" +export DB_LOG_FILE="$CASSANDRA_LOG_FILE" +export CASSANDRA_FIRST_BOOT_LOG_FILE="${DB_LOG_DIR}/cassandra_first_boot.log" +export DB_FIRST_BOOT_LOG_FILE="$CASSANDRA_FIRST_BOOT_LOG_FILE" +export CASSANDRA_INITSCRIPTS_BOOT_LOG_FILE="${DB_LOG_DIR}/cassandra_init_scripts_boot.log" +export DB_INITSCRIPTS_BOOT_LOG_FILE="$CASSANDRA_INITSCRIPTS_BOOT_LOG_FILE" +export CASSANDRA_PID_FILE="${DB_TMP_DIR}/cassandra.pid" +export DB_PID_FILE="$CASSANDRA_PID_FILE" +export PATH="${DB_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${BITNAMI_ROOT_DIR}/python/bin:${BITNAMI_ROOT_DIR}/java/bin:$PATH" + +# System users (when running with a privileged user) +export CASSANDRA_DAEMON_USER="cassandra" +export DB_DAEMON_USER="$CASSANDRA_DAEMON_USER" +export CASSANDRA_DAEMON_GROUP="cassandra" +export DB_DAEMON_GROUP="$CASSANDRA_DAEMON_GROUP" + +# Cassandra cluster settings +export CASSANDRA_CLIENT_ENCRYPTION="${CASSANDRA_CLIENT_ENCRYPTION:-false}" +export DB_CLIENT_ENCRYPTION="$CASSANDRA_CLIENT_ENCRYPTION" +export CASSANDRA_CLUSTER_NAME="${CASSANDRA_CLUSTER_NAME:-My Cluster}" +export DB_CLUSTER_NAME="$CASSANDRA_CLUSTER_NAME" +export CASSANDRA_DATACENTER="${CASSANDRA_DATACENTER:-dc1}" +export DB_DATACENTER="$CASSANDRA_DATACENTER" +export CASSANDRA_ENABLE_REMOTE_CONNECTIONS="${CASSANDRA_ENABLE_REMOTE_CONNECTIONS:-true}" +export DB_ENABLE_REMOTE_CONNECTIONS="$CASSANDRA_ENABLE_REMOTE_CONNECTIONS" +export CASSANDRA_ENABLE_RPC="${CASSANDRA_ENABLE_RPC:-false}" +export DB_ENABLE_RPC="$CASSANDRA_ENABLE_RPC" +export CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS="${CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS:-false}" +export DB_ENABLE_USER_DEFINED_FUNCTIONS="$CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS" +export CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS="${CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS:-false}" +export DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS="$CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS" +export CASSANDRA_ENDPOINT_SNITCH="${CASSANDRA_ENDPOINT_SNITCH:-SimpleSnitch}" +export DB_ENDPOINT_SNITCH="$CASSANDRA_ENDPOINT_SNITCH" +export CASSANDRA_HOST="${CASSANDRA_HOST:-}" +export DB_HOST="$CASSANDRA_HOST" +export CASSANDRA_INTERNODE_ENCRYPTION="${CASSANDRA_INTERNODE_ENCRYPTION:-none}" +export DB_INTERNODE_ENCRYPTION="$CASSANDRA_INTERNODE_ENCRYPTION" +export CASSANDRA_NUM_TOKENS="${CASSANDRA_NUM_TOKENS:-256}" +export DB_NUM_TOKENS="$CASSANDRA_NUM_TOKENS" +export CASSANDRA_PASSWORD_SEEDER="${CASSANDRA_PASSWORD_SEEDER:-no}" +export DB_PASSWORD_SEEDER="$CASSANDRA_PASSWORD_SEEDER" +export CASSANDRA_SEEDS="${CASSANDRA_SEEDS:-$DB_HOST}" +export DB_SEEDS="$CASSANDRA_SEEDS" +export CASSANDRA_PEERS="${CASSANDRA_PEERS:-$DB_SEEDS}" +export DB_PEERS="$CASSANDRA_PEERS" +export CASSANDRA_NODES="${CASSANDRA_NODES:-}" +export DB_NODES="$CASSANDRA_NODES" +export CASSANDRA_RACK="${CASSANDRA_RACK:-rack1}" +export DB_RACK="$CASSANDRA_RACK" +export CASSANDRA_BROADCAST_ADDRESS="${CASSANDRA_BROADCAST_ADDRESS:-}" +export DB_BROADCAST_ADDRESS="$CASSANDRA_BROADCAST_ADDRESS" +export CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE="${CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE:-false}" +export DB_AUTOMATIC_SSTABLE_UPGRADE="$CASSANDRA_AUTOMATIC_SSTABLE_UPGRADE" + +# Database initialization settings +export CASSANDRA_STARTUP_CQL="${CASSANDRA_STARTUP_CQL:-}" +export DB_STARTUP_CQL="$CASSANDRA_STARTUP_CQL" +export CASSANDRA_IGNORE_INITDB_SCRIPTS="${CASSANDRA_IGNORE_INITDB_SCRIPTS:-no}" +export DB_IGNORE_INITDB_SCRIPTS="$CASSANDRA_IGNORE_INITDB_SCRIPTS" + +# Port configuration +export CASSANDRA_CQL_PORT_NUMBER="${CASSANDRA_CQL_PORT_NUMBER:-9042}" +export DB_CQL_PORT_NUMBER="$CASSANDRA_CQL_PORT_NUMBER" +export CASSANDRA_JMX_PORT_NUMBER="${CASSANDRA_JMX_PORT_NUMBER:-7199}" +export DB_JMX_PORT_NUMBER="$CASSANDRA_JMX_PORT_NUMBER" +export CASSANDRA_TRANSPORT_PORT_NUMBER="${CASSANDRA_TRANSPORT_PORT_NUMBER:-7000}" +export DB_TRANSPORT_PORT_NUMBER="$CASSANDRA_TRANSPORT_PORT_NUMBER" + +# Retries and sleep time configuration +export CASSANDRA_CQL_MAX_RETRIES="${CASSANDRA_CQL_MAX_RETRIES:-20}" +export DB_CQL_MAX_RETRIES="$CASSANDRA_CQL_MAX_RETRIES" +export CASSANDRA_CQL_SLEEP_TIME="${CASSANDRA_CQL_SLEEP_TIME:-5}" +export DB_CQL_SLEEP_TIME="$CASSANDRA_CQL_SLEEP_TIME" +export CASSANDRA_INIT_MAX_RETRIES="${CASSANDRA_INIT_MAX_RETRIES:-100}" +export DB_INIT_MAX_RETRIES="$CASSANDRA_INIT_MAX_RETRIES" +export CASSANDRA_INIT_SLEEP_TIME="${CASSANDRA_INIT_SLEEP_TIME:-5}" +export DB_INIT_SLEEP_TIME="$CASSANDRA_INIT_SLEEP_TIME" +export CASSANDRA_PEER_CQL_MAX_RETRIES="${CASSANDRA_PEER_CQL_MAX_RETRIES:-100}" +export DB_PEER_CQL_MAX_RETRIES="$CASSANDRA_PEER_CQL_MAX_RETRIES" +export CASSANDRA_PEER_CQL_SLEEP_TIME="${CASSANDRA_PEER_CQL_SLEEP_TIME:-10}" +export DB_PEER_CQL_SLEEP_TIME="$CASSANDRA_PEER_CQL_SLEEP_TIME" +export CASSANDRA_DELAY_START_TIME="${CASSANDRA_DELAY_START_TIME:-10}" +export DB_DELAY_START_TIME="$CASSANDRA_DELAY_START_TIME" + +# Snapshot settings +export CASSANDRA_AUTO_SNAPSHOT_TTL="${CASSANDRA_AUTO_SNAPSHOT_TTL:-30d}" +export DB_AUTO_SNAPSHOT_TTL="$CASSANDRA_AUTO_SNAPSHOT_TTL" + +# Authentication, Authorization and Credentials +export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" +export CASSANDRA_AUTHORIZER="${CASSANDRA_AUTHORIZER:-CassandraAuthorizer}" +export DB_AUTHORIZER="$CASSANDRA_AUTHORIZER" +export CASSANDRA_AUTHENTICATOR="${CASSANDRA_AUTHENTICATOR:-PasswordAuthenticator}" +export DB_AUTHENTICATOR="$CASSANDRA_AUTHENTICATOR" +export CASSANDRA_USER="${CASSANDRA_USER:-cassandra}" +export DB_USER="$CASSANDRA_USER" +export CASSANDRA_PASSWORD="${CASSANDRA_PASSWORD:-}" +export DB_PASSWORD="$CASSANDRA_PASSWORD" +export CASSANDRA_KEYSTORE_PASSWORD="${CASSANDRA_KEYSTORE_PASSWORD:-cassandra}" +export DB_KEYSTORE_PASSWORD="$CASSANDRA_KEYSTORE_PASSWORD" +export CASSANDRA_TRUSTSTORE_PASSWORD="${CASSANDRA_TRUSTSTORE_PASSWORD:-cassandra}" +export DB_TRUSTSTORE_PASSWORD="$CASSANDRA_TRUSTSTORE_PASSWORD" +export CASSANDRA_KEYSTORE_LOCATION="${CASSANDRA_KEYSTORE_LOCATION:-${DB_VOLUME_DIR}/secrets/keystore}" +export DB_KEYSTORE_LOCATION="$CASSANDRA_KEYSTORE_LOCATION" +export CASSANDRA_TRUSTSTORE_LOCATION="${CASSANDRA_TRUSTSTORE_LOCATION:-${DB_VOLUME_DIR}/secrets/truststore}" +export DB_TRUSTSTORE_LOCATION="$CASSANDRA_TRUSTSTORE_LOCATION" +export CASSANDRA_TMP_P12_FILE="${CASSANDRA_TMP_P12_FILE:-${DB_TMP_DIR}/keystore.p12}" +export DB_TMP_P12_FILE="$CASSANDRA_TMP_P12_FILE" +export CASSANDRA_SSL_CERT_FILE="${CASSANDRA_SSL_CERT_FILE:-${DB_VOLUME_DIR}/certs/tls.crt}" +export DB_SSL_CERT_FILE="$CASSANDRA_SSL_CERT_FILE" +export SSL_CERTFILE="$CASSANDRA_SSL_CERT_FILE" +export CASSANDRA_SSL_KEY_FILE="${CASSANDRA_SSL_KEY_FILE:-${DB_VOLUME_DIR}/certs/tls.key}" +export DB_SSL_KEY_FILE="$CASSANDRA_SSL_KEY_FILE" +export SSL_KEYFILE="$CASSANDRA_SSL_KEY_FILE" +export CASSANDRA_SSL_CA_FILE="${CASSANDRA_SSL_CA_FILE:-}" +export DB_SSL_CA_FILE="$CASSANDRA_SSL_CA_FILE" +export SSL_CAFILE="$CASSANDRA_SSL_CA_FILE" +export CASSANDRA_SSL_VALIDATE="${CASSANDRA_SSL_VALIDATE:-false}" +export DB_SSL_VALIDATE="$CASSANDRA_SSL_VALIDATE" +export SSL_VALIDATE="$CASSANDRA_SSL_VALIDATE" + +# cqlsh settings +export SSL_VERSION="${SSL_VERSION:-TLSv1_2}" + +# Configuration paths +export CASSANDRA_CONF_DIR="${DB_BASE_DIR}/conf" +export DB_CONF_DIR="$CASSANDRA_CONF_DIR" +export CASSANDRA_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" +export DB_DEFAULT_CONF_DIR="$CASSANDRA_DEFAULT_CONF_DIR" +export CASSANDRA_CONF_FILE="${DB_CONF_DIR}/cassandra.yaml" +export DB_CONF_FILE="$CASSANDRA_CONF_FILE" +export CASSANDRA_RACKDC_FILE="${DB_CONF_DIR}/cassandra-rackdc.properties" +export DB_RACKDC_FILE="$CASSANDRA_RACKDC_FILE" +export CASSANDRA_LOGBACK_FILE="${DB_CONF_DIR}/logback.xml" +export DB_LOGBACK_FILE="$CASSANDRA_LOGBACK_FILE" +export CASSANDRA_COMMITLOG_ARCHIVING_FILE="${DB_CONF_DIR}/commitlog_archiving.properties" +export DB_COMMITLOG_ARCHIVING_FILE="$CASSANDRA_COMMITLOG_ARCHIVING_FILE" +export CASSANDRA_ENV_FILE="${DB_CONF_DIR}/cassandra-env.sh" +export DB_ENV_FILE="$CASSANDRA_ENV_FILE" +export CASSANDRA_MOUNTED_CONF_DIR="${CASSANDRA_MOUNTED_CONF_DIR:-${DB_VOLUME_DIR}/conf}" +export DB_MOUNTED_CONF_DIR="$CASSANDRA_MOUNTED_CONF_DIR" +export CASSANDRA_MOUNTED_CONF_PATH="cassandra.yaml" +export DB_MOUNTED_CONF_PATH="$CASSANDRA_MOUNTED_CONF_PATH" +export CASSANDRA_MOUNTED_RACKDC_PATH="cassandra-rackdc.properties" +export DB_MOUNTED_RACKDC_PATH="$CASSANDRA_MOUNTED_RACKDC_PATH" +export CASSANDRA_MOUNTED_ENV_PATH="cassandra-env.sh" +export DB_MOUNTED_ENV_PATH="$CASSANDRA_MOUNTED_ENV_PATH" +export CASSANDRA_MOUNTED_LOGBACK_PATH="logback.xml" +export DB_MOUNTED_LOGBACK_PATH="$CASSANDRA_MOUNTED_LOGBACK_PATH" + +# Java settings +export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS:-}" + +# Custom environment variables may be defined below diff --git a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/entrypoint.sh b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/entrypoint.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/entrypoint.sh rename to bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/entrypoint.sh diff --git a/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh new file mode 100755 index 0000000000000..3acce795b328e --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/postunpack.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +# Load libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libcassandra.sh + +# Load Cassandra environment variables +. /opt/bitnami/scripts/cassandra-env.sh + +# Starting with version 5.0.2, we found that the Cassandra official configuration +# was in a file called cassandra_latest.yaml. We copy that file to ensure that it is using +# the latest settings +if [[ -f "${DB_DEFAULT_CONF_DIR}/cassandra_latest.yaml" ]]; then + cp "${DB_DEFAULT_CONF_DIR}/cassandra_latest.yaml" "${DB_DEFAULT_CONF_DIR}/cassandra.yaml" +fi + +for dir in "$DB_INITSCRIPTS_DIR" "$DB_TMP_DIR" "$DB_LOG_DIR" "$DB_MOUNTED_CONF_DIR" "$DB_VOLUME_DIR"; do + ensure_dir_exists "$dir" + chmod -R g+rwX "$dir" +done + +# Copy configuration files for the scripts to work +ensure_dir_exists "$DB_CONF_DIR" +cassandra_copy_default_config +chmod -R g+rwX "$DB_CONF_DIR" + +# Create wrapper for cqlsh +cat <"${DB_BIN_DIR}/cqlsh" +#!/bin/sh +exec "${PYTHON_BIN_DIR}/python" "${DB_BIN_DIR}/cqlsh.py" "\$@" +EOF + +chmod +x "${DB_BIN_DIR}/cqlsh" + +ensure_dir_exists "${HOME}/.cassandra" +chmod -R g+rwX "${HOME}/.cassandra" diff --git a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/run.sh b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/run.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/run.sh rename to bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/run.sh diff --git a/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh new file mode 100755 index 0000000000000..24096cc6cda4e --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/cassandra/setup.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami Cassandra setup + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail + +# Load Generic Libraries +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libcassandra.sh + +# Load Cassandra environment variables +. /opt/bitnami/scripts/cassandra-env.sh + +# Set default Cassandra host environment variable +cassandra_set_default_host +# Ensure Cassandra environment variables settings are valid +cassandra_validate +cassandra_validate_tls +# Ensure 'daemon' user exists when running as 'root' +am_i_root && ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" +# Ensure Cassandra is initialized +cassandra_initialize + +# Allow running custom initialization scripts +if ! is_boolean_yes "$DB_IGNORE_INITDB_SCRIPTS"; then + cassandra_custom_init_scripts +fi diff --git a/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh new file mode 100755 index 0000000000000..38802fc0bfe91 --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + +print_welcome_page + +echo "" +exec "$@" diff --git a/bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh rename to bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh diff --git a/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh new file mode 100644 index 0000000000000..48d3d50450641 --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/rootfs/opt/bitnami/scripts/libcassandra.sh @@ -0,0 +1,1319 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for Cassandra + +cassandra_validate_tls() { + info "Validating TLS settings in DB_* env vars.." + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + check_empty_value() { + if is_empty_value "${!1}"; then + print_validation_error "The $1 environment variable is empty or not set." + fi + } + + check_default_password() { + if [[ "${!1}" = "cassandra" ]]; then + warn "You set the environment variable $1=cassandra. This is the default value when bootstrapping Cassandra and should not be used in production environments." + fi + } + if is_boolean_yes "$DB_CLIENT_ENCRYPTION" || is_boolean_yes "$DB_INTERNODE_ENCRYPTION"; then + check_empty_value DB_KEYSTORE_PASSWORD + check_empty_value DB_TRUSTSTORE_PASSWORD + check_default_password DB_KEYSTORE_PASSWORD + check_default_password DB_TRUSTSTORE_PASSWORD + fi + + [[ "$error_code" -eq 0 ]] || exit "$error_code" + +} + +######################## +# Configure port binding (modifies cassandra.yaml and cassandra-env.sh if not mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_ports() { + cassandra_setup_common_ports +} + +######################## +# Generate the client configurartion if ssl is configured in the server +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_client_ssl() { + info "Configuring client for SSL" + + # The key is store in a jks keystore and needs to be converted to pks12 to be extracted + keytool -importkeystore -srckeystore "${DB_KEYSTORE_LOCATION}" \ + -destkeystore "${DB_TMP_P12_FILE}" \ + -deststoretype PKCS12 \ + -srcstorepass "${DB_KEYSTORE_PASSWORD}" \ + -deststorepass "${DB_KEYSTORE_PASSWORD}" + + mkdir -p "$(dirname "${DB_SSL_CERT_FILE}")" + + openssl pkcs12 -in "${DB_TMP_P12_FILE}" -nokeys \ + -out "${DB_SSL_CERT_FILE}" -passin pass:"${DB_KEYSTORE_PASSWORD}" + rm "${DB_TMP_P12_FILE}" +} + +######################## +# Enable client encryption in configuration +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_enable_client_encryption() { + local cassandra_config + cassandra_config="$(sed -E "/client_encryption_options:.*/ {N;N; s/client_encryption_options:[^\n]*(\n\s+#.*)?(\n\s+enabled:).*/client_encryption_options:\1\2 $DB_CLIENT_ENCRYPTION/g}" "$DB_CONF_FILE")" + echo "$cassandra_config" >"$DB_CONF_FILE" +} + +######################## +# Configure TLS certificates in configuration file +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_configure_certificates() { + cassandra_yaml_set "keystore" "$DB_KEYSTORE_LOCATION" + cassandra_yaml_set "keystore_password" "$DB_KEYSTORE_PASSWORD" + cassandra_yaml_set "truststore" "$DB_TRUSTSTORE_LOCATION" + cassandra_yaml_set "truststore_password" "$DB_TRUSTSTORE_PASSWORD" +} + +######################## +# Configure Cassandra configuration files from environment variables +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_from_environment_variables() { + # Map environment variables to config properties for cassandra-env.sh + for var in "${!CASSANDRA_CFG_ENV_@}"; do + # shellcheck disable=SC2001 + key="$(echo "$var" | sed -e 's/^CASSANDRA_CFG_ENV_//g')" + value="${!var}" + cassandra_env_conf_set "$key" "$value" + done + # Map environment variables to config properties for cassandra-rackdc.properties + for var in "${!CASSANDRA_CFG_RACKDC_@}"; do + key="$(echo "$var" | sed -e 's/^CASSANDRA_CFG_RACKDC_//g' | tr '[:upper:]' '[:lower:]')" + value="${!var}" + cassandra_rackdc_conf_set "$key" "$value" + done + # Map environment variables to config properties for commitlog_archiving.properties + for var in "${!CASSANDRA_CFG_COMMITLOG_@}"; do + key="$(echo "$var" | sed -e 's/^CASSANDRA_CFG_COMMITLOG_//g' | tr '[:upper:]' '[:lower:]')" + value="${!var}" + cassandra_commitlog_conf_set "$key" "$value" + done + if ! cassandra_is_file_external "$DB_MOUNTED_CONF_PATH"; then + # Map environment variables to config properties for configuration file + for var in "${!CASSANDRA_CFG_YAML_@}"; do + # shellcheck disable=SC2001 + key="$(echo "$var" | sed -e 's/^CASSANDRA_CFG_YAML_//g' | tr '[:upper:]' '[:lower:]')" + value="${!var}" + cassandra_yaml_set "$key" "$value" + done + else + debug "$DB_MOUNTED_CONF_PATH mounted. Skipping data directory configuration" + fi +} + +######################## +# Start Cassandra and wait until it is ready +# Globals: +# DB_* +# Arguments: +# $1 - Log file to write (default /dev/stdout) +# $2 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) +# $3 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) +# Returns: +# None +######################### +cassandra_start_bg() { + local -r logger="${1:-/dev/stdout}" + local -r retries="${2:-$DB_INIT_MAX_RETRIES}" + local -r sleep_time="${3:-$DB_INIT_SLEEP_TIME}" + + info "Starting $DB_FLAVOR" + local -r cmd=("$DB_BIN_DIR/cassandra") + local -r args=("-p" "$DB_PID_FILE" "-R" "-f") + + if am_i_root; then + run_as_user "$DB_DAEMON_USER" "${cmd[@]}" "${args[@]}" >"$logger" 2>&1 & + else + "${cmd[@]}" "${args[@]}" >"$logger" 2>&1 & + fi + + # Even though we set the pid, cassandra is not creating the proper file, so we create it manually + echo $! >"$DB_PID_FILE" + + info "Checking that it started up correctly" + + if [[ "$logger" != "/dev/stdout" ]]; then + am_i_root && chown "$DB_DAEMON_USER":"$DB_DAEMON_GROUP" "$logger" + wait_for_cql_log_entry "$logger" "$retries" "$sleep_time" + fi + wait_for_nodetool_up "$retries" "$sleep_time" +} + +######################## +# Stop Cassandra +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_stop() { + ! is_cassandra_running && return + info "Stopping Cassandra..." + stop_cassandra() { + # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error + # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html + nodetool "-Dcom.sun.jndi.rmiURLParsing=legacy" stopdaemon + is_cassandra_not_running + } + + if ! retry_while "stop_cassandra" "$DB_INIT_MAX_RETRIES" "$DB_INIT_SLEEP_TIME"; then + error "Cassandra failed to stop" + exit 1 + fi + # Manually remove PID file + rm -f "$DB_PID_FILE" +} + +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for Cassandra common + +# shellcheck disable=SC1090,SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libnet.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh + +######################## +# Returns cassandra major version +# Globals: +# CASSANDRA_BASE_DIR +# Arguments: +# None +# Returns: +# None +######################### +cassandra_get_major_version() { + cassandra_version="$("${CASSANDRA_BASE_DIR}/bin/cassandra" -v)" + major_version="$(get_sematic_version "$cassandra_version" 1)" + echo "${major_version:-0}" +} + +######################## +# Change a Cassandra configuration yaml file by setting a property +# Globals: +# DB_* +# Arguments: +# $1 - property +# $2 - value +# $3 - Use quotes in value (default: yes) +# $4 - Path to configuration file (default: $DB_CONF_FILE) +# Returns: +# None +######################### +cassandra_yaml_set() { + local -r property="${1:?missing property}" + local -r value="${2:?missing value}" + local -r use_quotes="${3:-yes}" + local -r conf_file="${4:-$DB_CONF_FILE}" + + if is_boolean_yes "$use_quotes"; then + replace_in_file "$conf_file" "^(\s*)(#\s*)?(\s*)(\-\s*)?${property}:.*" "\1\3\4${property}: '${value}'" + else + replace_in_file "$conf_file" "^(\s*)(#\s*)?(\s*)(\-\s*)?${property}:.*" "\1\3\4${property}: ${value}" + fi +} + +######################### +# Set default Cassandra settings if not set +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_set_default_host() { + if [[ -z "${DB_HOST:-}" ]]; then + warn "DB_HOST not set, defaulting to system hostname" + local -r host="$(hostname)" + export DB_HOST="$host" + export DB_SEEDS="${DB_SEEDS:-$DB_HOST}" + export DB_PEERS="${DB_PEERS:-$DB_SEEDS}" + fi +} + +######################## +# Change a Cassandra configuration yaml file by setting a property as an array +# Globals: +# DB_* +# Arguments: +# $1 - property +# $2 - comma-separated string with the different values +# $3 - Use quotes in value (default: no) +# $4 - Path to configuration file (default: $DB_CONF_FILE) +# Returns: +# None +######################### +cassandra_yaml_set_as_array() { + local -r property="${1:?missing property}" + local -r array="${2:?missing value}" + local -r use_quotes="${3:-no}" + local -r conf_file="${4:-$DB_CONF_FILE}" + local substitution="\2${property}:" + + for value in "${array[@]}"; do + if is_boolean_yes "$use_quotes"; then + substitution+="\n\2 - '${value}'" + else + substitution+="\n\2 - ${value}" + fi + done + replace_in_file "$conf_file" "^(#\s)?(\s*)${property}:.*" "${substitution}" +} + +######################## +# Validate settings in DB_* environment variables +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_validate() { + info "Validating settings in DB_* env vars.." + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + empty_password_enabled_warn() { + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + } + + empty_password_warn() { + warn "You've not provided a password. Default password \"cassandra\" will be used. For safety reasons, please provide a secure password in a production environment." + } + + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + + check_default_password() { + if [[ "${!1}" = "cassandra" ]]; then + warn "You set the environment variable $1=cassandra. This is the default value when bootstrapping $DB_FLAVOR and should not be used in production environments." + fi + } + + check_yes_no_value() { + if ! is_yes_no_value "${!1}"; then + print_validation_error "The allowed values for $1 are [yes, no]" + fi + } + + check_true_false_value() { + if ! is_true_false_value "${!1}"; then + print_validation_error "The allowed values for $1 are [true, false]" + fi + } + + check_conflicting_ports() { + local -r total="$#" + for i in $(seq 1 "$((total - 1))"); do + for j in $(seq "$((i + 1))" "$total"); do + if (("${!i}" == "${!j}")); then + print_validation_error "${!i} and ${!j} are bound to the same port" + fi + done + done + } + + check_allowed_port() { + local validate_port_args=() + ! am_i_root && validate_port_args+=("-unprivileged") + validate_port_args+=("${!1}") + if ! err=$(validate_port "${validate_port_args[@]}"); then + print_validation_error "An invalid port was specified in the environment variable $1: $err" + fi + } + + check_resolved_hostname() { + if ! is_hostname_resolved "$1"; then + warn "Hostname $1 could not be resolved. This could lead to connection issues" + fi + } + + check_positive_value() { + if ! is_positive_int "${!1}"; then + print_validation_error "The variable $1 must be positive integer" + fi + } + + check_empty_value() { + if is_empty_value "${!1}"; then + print_validation_error "The $1 environment variable is empty or not set." + fi + } + + check_password_file() { + if [[ -n "${!1:-}" ]] && ! [[ -f "${!1:-}" ]]; then + print_validation_error "The variable $1 is defined but the file ${!1} is not accessible or does not exist" + fi + } + + check_password_file DB_PASSWORD_FILE + check_password_file DB_TRUSTSTORE_PASSWORD_FILE + check_password_file DB_KEYSTORE_PASSWORD_FILE + + check_empty_value DB_RACK + check_empty_value DB_DATACENTER + + if [[ -z $DB_PASSWORD ]]; then + if ! is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_warn + export DB_PASSWORD="cassandra" + else + empty_password_enabled_warn + fi + fi + + check_default_password DB_PASSWORD + check_yes_no_value DB_PASSWORD_SEEDER + check_true_false_value DB_ENABLE_REMOTE_CONNECTIONS + check_true_false_value DB_CLIENT_ENCRYPTION + check_true_false_value DB_ENABLE_USER_DEFINED_FUNCTIONS + check_true_false_value DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS + check_positive_value DB_NUM_TOKENS + check_positive_value DB_INIT_MAX_RETRIES + check_positive_value DB_CQL_MAX_RETRIES + check_positive_value DB_PEER_CQL_MAX_RETRIES + check_positive_value DB_INIT_SLEEP_TIME + check_positive_value DB_CQL_SLEEP_TIME + check_positive_value DB_PEER_CQL_SLEEP_TIME + check_positive_value DB_CQL_PORT_NUMBER + check_positive_value DB_JMX_PORT_NUMBER + check_positive_value DB_TRANSPORT_PORT_NUMBER + + check_conflicting_ports DB_CQL_PORT_NUMBER DB_JMX_PORT_NUMBER DB_TRANSPORT_PORT_NUMBER + + check_allowed_port DB_CQL_PORT_NUMBER + check_allowed_port DB_TRANSPORT_PORT_NUMBER + check_allowed_port DB_JMX_PORT_NUMBER + + check_resolved_hostname "$DB_HOST" + for peer in ${DB_PEERS//,/ }; do + check_resolved_hostname "$peer" + done + for seed in ${DB_SEEDS//,/ }; do + check_resolved_hostname "$seed" + done + + if [[ ! ${DB_AUTO_SNAPSHOT_TTL} =~ ([1-9]{1}[0-9]{0,}[d|h|m]) ]]; then + print_validation_error "DB_AUTO_SNAPSHOT_TTL accepted units: d (days), h (hours) or m (minutes)" + fi + + check_true_false_value DB_SSL_VALIDATE + check_true_false_value DB_AUTOMATIC_SSTABLE_UPGRADE + + if ((${#DB_PASSWORD} > 512)); then + print_validation_error "The password cannot be longer than 512 characters. Set the environment variable DB_PASSWORD with a shorter value" + fi + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Check if a given configuration file was mounted externally +# Globals: +# DB_* +# Arguments: +# $1 - Filename +# Returns: +# true if the file was mounted externally, false otherwise +######################### +cassandra_is_file_external() { + local -r filename="${1:?file_is_missing}" + if [[ -f "${DB_MOUNTED_CONF_DIR}/${filename}" ]]; then + true + else + false + fi +} + +######################## +# Copy mounted configuration files +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_copy_mounted_config() { + if ! is_dir_empty "$DB_MOUNTED_CONF_DIR"; then + cp -Lr "$DB_MOUNTED_CONF_DIR"/* "$DB_CONF_DIR" + fi +} + +######################## +# Copy default configuration files in case there are no mounted ones +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_copy_default_config() { + local -r tmp_file_list=/tmp/conf_file_list + find "$DB_DEFAULT_CONF_DIR" -type f >$tmp_file_list + while read -r f; do + filename="${f#"${DB_DEFAULT_CONF_DIR}/"}" # Get path with subfolder + dest="${f//$DB_DEFAULT_CONF_DIR/$DB_CONF_DIR}" + if [[ -f "$dest" ]]; then + debug "Found ${filename}. Skipping default" + else + debug "No injected ${filename} file found. Creating default ${filename} file" + # There are conf files in subfolders. We may need to create them + mkdir -p "$(dirname "$dest")" + cp "$f" "$dest" + fi + done <$tmp_file_list + rm "$tmp_file_list" +} + +######################## +# Configure the path to the different data directories (ignored if cassandra.yaml is mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_data_dirs() { + if ! cassandra_is_file_external "${DB_MOUNTED_CONF_PATH}"; then + cassandra_yaml_set_as_array data_file_directories "${DB_DATA_DIR}/data" "$DB_CONF_FILE" + + cassandra_yaml_set commitlog_directory "$DB_COMMITLOG_DIR" + cassandra_yaml_set hints_directory "${DB_DATA_DIR}/hints" + cassandra_yaml_set cdc_raw_directory "${DB_DATA_DIR}/cdc_raw" + cassandra_yaml_set saved_caches_directory "${DB_DATA_DIR}/saved_caches" + else + debug "${DB_MOUNTED_CONF_PATH} mounted. Skipping data directory configuration" + fi +} + +######################## +# Enable password-based authentication (ignored if cassandra.yaml is mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_enable_auth() { + if ! cassandra_is_file_external "${DB_MOUNTED_CONF_PATH}"; then + if [[ "$ALLOW_EMPTY_PASSWORD" = "yes" ]] && [[ -z $DB_PASSWORD ]]; then + if [[ "$DB_FLAVOR" = "scylladb" ]] || [ "$(cassandra_get_major_version)" -lt 5 ]; then + cassandra_yaml_set "authenticator" "AllowAllAuthenticator" + fi + cassandra_yaml_set "authorizer" "AllowAllAuthorizer" + else + if [[ "$DB_FLAVOR" = "cassandra" ]] && [ "$(cassandra_get_major_version)" -ge 5 ]; then + replace_in_file "${DB_CONF_FILE}" "class_name.* AllowAllAuthenticator" "class_name: ${DB_AUTHENTICATOR}" + replace_in_file "${DB_CONF_FILE}" "class_name.* AllowAllAuthorizer" "class_name: ${DB_AUTHORIZER}" + else + cassandra_yaml_set "authenticator" "${DB_AUTHENTICATOR}" + cassandra_yaml_set "authorizer" "${DB_AUTHORIZER}" + fi + fi + else + debug "${DB_MOUNTED_CONF_PATH} mounted. Skipping authentication method configuration" + fi +} + +######################## +# Configure logging settings (ignored if logback.xml is mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_logging() { + if ! cassandra_is_file_external "${DB_MOUNTED_LOGBACK_PATH}"; then + replace_in_file "${DB_LOGBACK_FILE}" "system[.]log" "${DB_FLAVOR}.log" + if [[ "$BITNAMI_DEBUG" = "false" ]]; then + replace_in_file "${DB_LOGBACK_FILE}" "()" "" + fi + else + debug "${DB_MOUNTED_LOGBACK_PATH} mounted. Skipping logging configuration" + fi +} + +######################## +# Configure cluster settings (modifies cassandra.yaml and cassandra-env.sh if not mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_cluster() { + local host="127.0.0.1" + local rpc_address="127.0.0.1" + + if [[ "$DB_ENABLE_REMOTE_CONNECTIONS" = "true" ]]; then + host="$DB_HOST" + rpc_address="0.0.0.0" + fi + # cassandra.yaml changes + if ! cassandra_is_file_external "${DB_MOUNTED_CONF_PATH}"; then + cassandra_yaml_set "num_tokens" "$DB_NUM_TOKENS" "no" + cassandra_yaml_set "cluster_name" "$DB_CLUSTER_NAME" + cassandra_yaml_set "listen_address" "$host" + cassandra_yaml_set "seeds" "$DB_SEEDS" + cassandra_yaml_set "start_rpc" "$DB_ENABLE_RPC" "no" + if [[ "$DB_FLAVOR" = "scylladb" ]]; then + # Ref: https://opensource.docs.scylladb.com/stable/cql/functions.html + cassandra_yaml_set "enable_user_defined_functions" "$DB_ENABLE_USER_DEFINED_FUNCTIONS" "no" + else + # Ref: https://cassandra.apache.org/doc/stable/cassandra/configuration/cass_yaml_file.html#user_defined_functions_enabled + cassandra_yaml_set "user_defined_functions_enabled" "$DB_ENABLE_USER_DEFINED_FUNCTIONS" "no" + cassandra_yaml_set "scripted_user_defined_functions_enabled" "$DB_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS" "no" + fi + cassandra_yaml_set "rpc_address" "$rpc_address" + cassandra_yaml_set "broadcast_rpc_address" "$host" + cassandra_yaml_set "endpoint_snitch" "$DB_ENDPOINT_SNITCH" + cassandra_yaml_set "internode_encryption" "$DB_INTERNODE_ENCRYPTION" + cassandra_configure_certificates + cassandra_yaml_set "auto_snapshot_ttl" "$DB_AUTO_SNAPSHOT_TTL" + + if [[ -n "$DB_BROADCAST_ADDRESS" ]]; then + cassandra_yaml_set "broadcast_address" "$DB_BROADCAST_ADDRESS" + fi + + if [[ -n "$DB_AUTOMATIC_SSTABLE_UPGRADE" ]]; then + cassandra_yaml_set "automatic_sstable_upgrade" "$DB_AUTOMATIC_SSTABLE_UPGRADE" + fi + + cassandra_enable_client_encryption + else + debug "${DB_MOUNTED_CONF_PATH} mounted. Skipping cluster configuration" + fi + + # cassandra-env.sh changes + if ! cassandra_is_file_external "${DB_MOUNTED_ENV_PATH}"; then + replace_in_file "${DB_ENV_FILE}" "#\s*JVM_OPTS=\"\$JVM_OPTS -Djava[.]rmi[.]server[.]hostname=[^\"]*" "JVM_OPTS=\"\$JVM_OPTS -Djava.rmi.server.hostname=${host}" + else + debug "${DB_MOUNTED_ENV_PATH} mounted. Skipping setting server hostname" + fi +} + +######################## +# Configure java path (ignored if cassandra-env.sh is mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_java() { + if ! cassandra_is_file_external "${DB_MOUNTED_ENV_PATH}"; then + replace_in_file "${DB_ENV_FILE}" "(calculate_heap_sizes\(\))" "\nJAVA_HOME=$JAVA_BASE_DIR\nJAVA=$JAVA_BIN_DIR/java\n\n\1" + else + debug "${DB_MOUNTED_ENV_PATH} mounted. Skipping JAVA_HOME configuration" + fi +} + +######################## +# Configure jemalloc path (ignored if cassandra-env.sh is mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_jemalloc() { + if ! cassandra_is_file_external "${DB_MOUNTED_ENV_PATH}"; then + if [[ -n "$(find_jemalloc_lib)" ]]; then + echo "JVM_OPTS=\"\$JVM_OPTS -Dcassandra.libjemalloc=$(find_jemalloc_lib)\"" >>"${DB_CONF_DIR}/cassandra-env.sh" + else + warn "Couldn't find jemalloc installed. Skipping jemalloc configuration." + fi + else + debug "${DB_MOUNTED_ENV_PATH} mounted. Skipping jemalloc configuration." + fi +} + +######################## +# Change the password for the cassandra user +# Globals: +# DB_* +# Arguments: +# 1 - Old password (default: cassandra) +# 2 - New Password (default: $DB_PASSWORD) +# 3 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) +# 4 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) +# Returns: +# None +######################### +cassandra_change_cassandra_password() { + local -r old_password="${1:-cassandra}" + local -r new_password="${2:-$DB_PASSWORD}" + local -r retries="${3:-$DB_CQL_MAX_RETRIES}" + local -r sleep_time="${4:-$DB_CQL_SLEEP_TIME}" + + info 'Updating the password for the "cassandra" user...' + local -r user="cassandra" + local -r escaped_password="${new_password//\'/\'\'}" + + if (echo "ALTER USER cassandra WITH PASSWORD \$\$${escaped_password}\$\$;" | cassandra_execute_with_retries "$retries" "$sleep_time" "$user" "$old_password"); then + debug "ALTER USER command executed. Trying to log in" + wait_for_cql_access "$user" "$new_password" "" "$retries" "$sleep_time" + info "Password updated successfully" + fi +} + +######################## +# Create a new admin user +# Globals: +# DB_* +# Arguments: +# 1 - New username (default: $DB_USER) +# 2 - New user password (default: $DB_PASSWORD) +# 3 - Admin username (which will create the new user) (default: cassandra) +# 4 - Admin password (default: cassandra) +# 5 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) +# 6 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) +# Returns: +# None +######################### +cassandra_create_admin_user() { + local -r new_user="${1:-$DB_USER}" + local -r password="${2:-$DB_PASSWORD}" + local -r admin_user="${3:-cassandra}" + local -r admin_user_password="${4:-cassandra}" + local -r retries="${5:-$DB_CQL_MAX_RETRIES}" + local -r sleep_time="${6:-$DB_CQL_SLEEP_TIME}" + + info "Creating super-user $new_user" + local -r escaped_password="${password//\'/\'\'}" + + echo "CREATE USER '${new_user}' WITH PASSWORD \$\$${escaped_password}\$\$ SUPERUSER;" | cassandra_execute_with_retries "$retries" "$sleep_time" "$admin_user" "$admin_user_password" +} + +######################## +# Configure common port binding (modifies cassandra.yaml and cassandra-env.sh if not mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_common_ports() { + if ! cassandra_is_file_external "${DB_MOUNTED_CONF_PATH}"; then + cassandra_yaml_set "native_transport_port" "$DB_CQL_PORT_NUMBER" "no" + cassandra_yaml_set "storage_port" "$DB_TRANSPORT_PORT_NUMBER" "no" + else + debug "${DB_MOUNTED_CONF_PATH} mounted. Skipping native and storage ports configuration" + fi + + if ! cassandra_is_file_external "${DB_MOUNTED_ENV_PATH}"; then + replace_in_file "${DB_ENV_FILE}" "JMX_PORT=.*" "JMX_PORT=$DB_JMX_PORT_NUMBER" + else + debug "${DB_MOUNTED_ENV_PATH} mounted. Skipping JMX port configuration" + fi +} + +######################## +# Configure rack and datacenter (ignored if cassandra-rackdc.properties is mounted) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_setup_rack_dc() { + if ! cassandra_is_file_external "${DB_MOUNTED_RACKDC_PATH}"; then + replace_in_file "${DB_RACKDC_FILE}" "^[#\s]*dc=.*" "dc=${DB_DATACENTER}" + replace_in_file "${DB_RACKDC_FILE}" "^[#\s]*rack=.*" "rack=${DB_RACK}" + else + debug "${DB_MOUNTED_RACKDC_PATH} mounted. Skipping rack and datacenter configuration" + fi +} + +######################## +# Remove PIDs, log files and conf files from a previous run (case of container restart) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_clean_from_restart() { + rm -f "$DB_PID_FILE" + rm -f "$DB_FIRST_BOOT_LOG_FILE" "$DB_INITSCRIPTS_BOOT_LOG_FILE" + if ! is_dir_empty "$DB_CONF_DIR"; then + rm -rf "${DB_CONF_DIR:?}"/* + fi +} + +######################## +# Ensure Cassandra is initialized +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_initialize() { + info "Initializing $DB_FLAVOR database..." + + cassandra_clean_from_restart + cassandra_copy_mounted_config + cassandra_copy_default_config + cassandra_enable_auth + cassandra_setup_java + cassandra_setup_jemalloc + cassandra_setup_logging + cassandra_setup_ports + cassandra_setup_rack_dc + cassandra_setup_data_dirs + cassandra_setup_cluster + cassandra_setup_from_environment_variables # Give priority to users configuration + + is_boolean_yes "$DB_CLIENT_ENCRYPTION" && cassandra_setup_client_ssl + + debug "Ensuring expected directories/files exist..." + for dir in "$DB_DATA_DIR" "$DB_TMP_DIR" "$DB_LOG_DIR"; do + ensure_dir_exists "$dir" + am_i_root && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir" + done + + if ! is_dir_empty "$DB_DATA_DIR"; then + info "Deploying $DB_FLAVOR with persisted data" + else + info "Deploying $DB_FLAVOR from scratch" + cassandra_start_bg "$DB_FIRST_BOOT_LOG_FILE" + if is_boolean_yes "$DB_PASSWORD_SEEDER"; then + info "Password seeder node" + # Check that all peers are ready + for peer in ${DB_PEERS//,/ }; do + wait_for_cql_access "cassandra" "cassandra" "$peer" "$DB_PEER_CQL_MAX_RETRIES" "$DB_PEER_CQL_SLEEP_TIME" + done + # Setup user + if [[ "$DB_USER" = "cassandra" ]]; then + cassandra_change_cassandra_password "cassandra" "$DB_PASSWORD" "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" + else + cassandra_create_admin_user "$DB_USER" "$DB_PASSWORD" "cassandra" "cassandra" "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" + fi + + cassandra_execute_startup_cql + else + info "Non-seeder node. Waiting for synchronization" + wait_for_cql_access "$DB_USER" "$DB_PASSWORD" "" "$DB_PEER_CQL_MAX_RETRIES" "$DB_PEER_CQL_SLEEP_TIME" + fi + fi +} + +######################## +# Execute Cassandra startup cql (defined in DB_STARTUP_CQL) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_execute_startup_cql() { + if [[ -n "$DB_STARTUP_CQL" ]]; then + info "Executing Startup CQL" + if ! (echo "$DB_STARTUP_CQL" | cassandra_execute_with_retries "$DB_CQL_MAX_RETRIES" "$DB_CQL_SLEEP_TIME" "$DB_USER" "$DB_PASSWORD"); then + error "Failed executing startup CQL command" + exit 1 + fi + info "Startup CQL commands executed successfully" + fi +} + +######################## +# Run custom initialization scripts +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +cassandra_custom_init_scripts() { + if [[ -n "$(find "$DB_INITSCRIPTS_DIR/" \( -type f -o -type l \) -regex ".*\.\(sh\|cql\|cql.gz\)" ! -path "*/.*/*")" ]] && [[ ! -f "$DB_VOLUME_DIR/.user_scripts_initialized" ]]; then + info "Loading user's custom files from $DB_INITSCRIPTS_DIR ..." + local -r tmp_file="/tmp/filelist" + if ! is_cassandra_running; then + cassandra_start_bg "$DB_INITSCRIPTS_BOOT_LOG_FILE" + wait_for_cql_access + fi + find "${DB_INITSCRIPTS_DIR}/" \( -type f -o -type l \) -regex ".*\.\(sh\|cql\|cql.gz\)" ! -path "*/.*/*" | sort >"$tmp_file" + while read -r f; do + case "$f" in + *.sh) + if [[ -x "$f" ]]; then + debug "Executing $f" + "$f" + else + debug "Sourcing $f" + . "$f" + fi + ;; + *.cql) + debug "Executing $f" + cassandra_execute "$DB_USER" "$DB_PASSWORD" <"$f" + ;; + *.cql.gz) + debug "Executing $f" + gunzip -c "$f" | cassandra_execute "$DB_USER" "$DB_PASSWORD" + ;; + *) debug "Ignoring $f" ;; + esac + done <$tmp_file + rm -f "$tmp_file" + touch "$DB_VOLUME_DIR"/.user_scripts_initialized + fi +} + +######################## +# Execute an arbitrary query/queries against the running Cassandra service +# Stdin: +# Query/queries to execute +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# $1 - User to run queries +# $2 - Password +# $3 - Keyspace +# $4 - Host (default: localhost) +# $5 - Extra flags +# Returns: +# None +####################### +cassandra_execute() { + local -r user="${1:-$DB_USER}" + local -r pass="${2:-$DB_PASSWORD}" + local -r keyspace="${3:-}" + local -r host="${4:-localhost}" + local -r extra_args="${5:-}" + local -r port="${DB_CQL_PORT_NUMBER}" + local -r cmd=("cqlsh") + local args=("-u" "$user" "-p" "$pass") + + is_boolean_yes "$DB_CLIENT_ENCRYPTION" && args+=("--ssl") + [[ -n "$keyspace" ]] && args+=("-k" "$keyspace") + if [[ -n "$extra_args" ]]; then + local extra_args_array=() + read -r -a extra_args_array <<<"$extra_args" + [[ "${#extra_args[@]}" -gt 0 ]] && args+=("${extra_args_array[@]}") + fi + args+=("$host") + args+=("$port") + if [[ "${BITNAMI_DEBUG}" = true ]]; then + local -r command="$(cat)" + debug "Executing CQL \"$command\"" + echo "$command" | "${cmd[@]}" "${args[@]}" + else + "${cmd[@]}" "${args[@]}" >/dev/null 2>&1 + fi +} + +######################## +# Execute an arbitrary query/queries against the running Cassandra service with retries (in case Cassandra is still initializing or performing consistency operations) +# Stdin: +# Query/queries to execute +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# $1 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) +# $2 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) +# $3 - User to run queries +# $4 - Password +# $5 - Keyspace +# $6 - Host (default: localhost) +# $7 - Extra flags +# Returns: +# None +####################### +cassandra_execute_with_retries() { + local -r retries="${1:-$DB_CQL_MAX_RETRIES}" + local -r sleep_time="${2:-$DB_CQL_SLEEP_TIME}" + local -r user="${3:-$DB_USER}" + local -r pass="${4:-$DB_PASSWORD}" + local -r keyspace="${5:-}" + local -r host="${6:-localhost}" + local -r extra_args="${7:-}" + + local success=no + + # Get command from stdin as we will retry it several times + local -r command="$(cat)" + + for i in $(seq 1 "$retries"); do + if (echo "$command" | cassandra_execute "$user" "$pass" "$keyspace" "$host" "$extra_args"); then + success=yes + break + fi + sleep "$sleep_time" + done + if is_boolean_yes "$success"; then + true + else + error "CQL command failed $retries times" + false + fi +} + +######################## +# Wait until nodetool checks the node is ready +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# $1 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) +# $2 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) +# Returns: +# None +######################### +wait_for_nodetool_up() { + local -r retries="${1:-$DB_INIT_MAX_RETRIES}" + local -r sleep_time="${2:-$DB_INIT_SLEEP_TIME}" + + debug "Checking status with nodetool" + + check_function_nodetool_node_ip() { + # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error + # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html + local -r check_cmd=("nodetool" "-Dcom.sun.jndi.rmiURLParsing=legacy") + local -r check_args=("status" "--port" "$DB_JMX_PORT_NUMBER") + local -r machine_ip="$(dns_lookup "${DB_BROADCAST_ADDRESS:-$DB_HOST}" "v4")" + local -r check_regex="UN\s*(${DB_HOST}|${machine_ip}|127.0.0.1)" + + local output="/dev/null" + if [[ "$BITNAMI_DEBUG" = "true" ]]; then + output="/dev/stdout" + fi + + "${check_cmd[@]}" "${check_args[@]}" | grep -E "${check_regex}" >"${output}" + } + + check_function_nodetool_node_count() { + # Using legacy RMI URL parsing to avoid URISyntaxException: 'Malformed IPv6 address at index 7: rmi://[127.0.0.1]:7199' error + # https://community.datastax.com/questions/13764/java-version-for-cassandra-3113.html + local -r check_cmd=("nodetool" "-Dcom.sun.jndi.rmiURLParsing=legacy") + local -r check_args=("status" "--port" "$DB_JMX_PORT_NUMBER") + local -r machine_ip="$(dns_lookup "${DB_BROADCAST_ADDRESS:-$DB_HOST}" "v4")" + local -r check_regex="UN\s*" + read -r -a host_list <<<"$(tr ',;' ' ' <<<"$DB_NODES")" + local -r expected_node_count="${#host_list[@]}" + local actual_node_count + + local output="/dev/null" + if [[ "$BITNAMI_DEBUG" = "true" ]]; then + output="/dev/stdout" + fi + + actual_node_count=$("${check_cmd[@]}" "${check_args[@]}" | grep -c "${check_regex}" || true) + if [[ "$expected_node_count" != "$actual_node_count" ]]; then + false + fi + } + + if retry_while check_function_nodetool_node_ip "$retries" "$sleep_time"; then + info "Nodetool reported the successful startup of $DB_FLAVOR" + true + else + error "$DB_FLAVOR failed to start up" + if [[ "$BITNAMI_DEBUG" = "true" ]]; then + error "Nodetool output" + "${check_cmd[@]}" "${check_args[@]}" + fi + exit 1 + fi + + if [[ -n "$DB_NODES" ]]; then + if retry_while check_function_nodetool_node_count "$retries" "$sleep_time"; then + info "All nodes reached the UN status (Up/Normal)" + true + else + error "Some nodes did not reach the UN status (Up/Normal)" + if [[ "$BITNAMI_DEBUG" = "true" ]]; then + error "Nodetool output" + "${check_cmd[@]}" "${check_args[@]}" + fi + exit 1 + fi + fi +} + +######################## +# Wait until the log file shows that CQL is ready +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# $1 - Log file to check +# $1 - Maximum number of retries (default $DB_INIT_MAX_RETRIES) +# $2 - Sleep time during retries (default $DB_INIT_SLEEP_TIME) +# Returns: +# None +######################### +wait_for_cql_log_entry() { + local -r logger="${1:-/dev/stdout}" + local -r retries="${2:-$DB_INIT_MAX_RETRIES}" + local -r sleep_time="${3:-$DB_INIT_SLEEP_TIME}" + + debug "Checking that log $logger contains entry \"Starting listening for CQL clients\"" + + check_function_log_entry() { + local -r check_cmd=("cat") + local -r check_args=("$logger") + local -r check_regex="Starting listening for CQL clients" + + local output="/dev/null" + if [[ "$BITNAMI_DEBUG" = "true" ]]; then + output="/dev/stdout" + fi + "${check_cmd[@]}" "${check_args[@]}" | grep -E "${check_regex}" >"${output}" + } + + if retry_while check_function_log_entry "$retries" "$sleep_time"; then + info "Found CQL startup log line" + else + error "$DB_FLAVOR failed to start up" + error "Log content" + cat "$logger" + exit 1 + fi +} + +######################## +# Poll until the CQL command DESCRIBE KEYSPACES works successfully +# Globals: +# DB_* +# Arguments: +# 1 - Username (default: $DB_USER) +# 2 - Password (default: $DB_PASSWORD) +# 3 - Hostname (default: $DB_HOST) +# 4 - Maximum number of retries (default: $DB_CQL_MAX_RETRIES) +# 5 - Sleep time between retries (default: $DB_CQL_SLEEP_TIME) +# Returns: +# None +######################### +wait_for_cql_access() { + local -r user="${1:-$DB_USER}" + local -r password="${2:-$DB_PASSWORD}" + local -r host="${3:-$DB_HOST}" + local -r max_retries="${4:-$DB_CQL_MAX_RETRIES}" + local -r sleep_time="${5:-$DB_CQL_SLEEP_TIME}" + + info "Trying to access CQL server @ $host" + if (echo "DESCRIBE KEYSPACES" | cassandra_execute_with_retries "$max_retries" "$sleep_time" "$user" "$password" "" "$host"); then + info "Accessed CQL server successfully" + else + error "Could not access CQL server" + exit 1 + fi +} + +######################## +# Check if Cassandra is running +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# Boolean +######################### +is_cassandra_running() { + local -r pid="$(get_pid_from_file "$DB_PID_FILE")" + + if [[ -z "$pid" ]]; then + false + else + is_service_running "$pid" + fi +} + +######################## +# Return true if cassandra is not running +# Globals: +# KONG_* +# Arguments: +# None +# Returns: +# None +######################### +is_cassandra_not_running() { + ! is_cassandra_running +} + +######################## +# Set a configuration setting value to a file +# Globals: +# None +# Arguments: +# $1 - file +# $2 - key +# $3 - values (array) +# Returns: +# None +######################### +cassandra_common_conf_set() { + local -r file="${1:?missing file}" + local -r key="${2:?missing key}" + shift 2 + local values=("$@") + + if [[ "${#values[@]}" -eq 0 ]]; then + stderr_print "missing value" + return 1 + elif [[ "${#values[@]}" -ne 1 ]]; then + for i in "${!values[@]}"; do + cassandra_common_conf_set "$file" "${key[$i]}" "${values[$i]}" + done + else + value="${values[0]}" + # Check if the value was set before + if grep -q "^[#\\s]*$key\s*=.*" "$file"; then + # Update the existing key + replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false + else + # Add a new key + printf '\n%s=%s' "$key" "$value" >>"$file" + fi + fi +} + +######################## +# Set a configuration setting value to cassandra-env.sh +# Globals: +# DB_CONF_DIR +# Arguments: +# $1 - key +# $2 - values (array) +# Returns: +# None +######################### +cassandra_env_conf_set() { + cassandra_common_conf_set "${DB_ENV_FILE}" "$@" +} + +######################## +# Set a configuration setting value to cassandra-rackdc.properties +# Globals: +# DB_CONF_DIR +# Arguments: +# $1 - key +# $2 - values (array) +# Returns: +# None +######################### +cassandra_rackdc_conf_set() { + cassandra_common_conf_set "$DB_RACKDC_FILE" "$@" +} + +######################## +# Set a configuration setting value to commitlog_archiving.properties +# Globals: +# DB_CONF_DIR +# Arguments: +# $1 - key +# $2 - values (array) +# Returns: +# None +######################### +cassandra_commitlog_conf_set() { + cassandra_common_conf_set "${DB_COMMITLOG_ARCHIVING_FILE}" "$@" +} + +######################## +# Find the path to the libjemalloc library file +# Globals: +# None +# Arguments: +# None +# Returns: +# Path to a libjemalloc shared object file +######################### +find_jemalloc_lib() { + local -a locations=("/usr/lib" "/usr/lib64") + local -r pattern='libjemalloc.so.[0-9]' + local path + for dir in "${locations[@]}"; do + # Find the first element matching the pattern and quit + [[ ! -d "$dir" ]] && continue + path="$(find "$dir" -name "$pattern" -print -quit)" + [[ -n "$path" ]] && break + done + echo "${path:-}" +} diff --git a/bitnami/cassandra/5.0/debian-12/tags-info.yaml b/bitnami/cassandra/5.0/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..9d6baa5dd497a --- /dev/null +++ b/bitnami/cassandra/5.0/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "5.0" +- 5.0-debian-12 +- 5.0.2 +- latest diff --git a/bitnami/cassandra/README.md b/bitnami/cassandra/README.md index 0850e869a7bcc..5c4a5ec4d7b8a 100644 --- a/bitnami/cassandra/README.md +++ b/bitnami/cassandra/README.md @@ -24,11 +24,11 @@ You can find the default credentials and available configuration options in the * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Apache Cassandra in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Apache Cassandra in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## How to deploy Apache Cassandra in Kubernetes? @@ -36,9 +36,15 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -166,7 +172,6 @@ docker-compose up -d | Name | Description | Default Value | |----------------------------------------------------|-----------------------------------------------------------------------------------------|---------------------------------------| -| `CASSANDRA_MOUNTED_CONF_DIR` | Cassandra directory for mounted configuration files | `${DB_VOLUME_DIR}/conf` | | `CASSANDRA_CLIENT_ENCRYPTION` | Enable client encryption | `false` | | `CASSANDRA_CLUSTER_NAME` | Cassandra cluster name | `My Cluster` | | `CASSANDRA_DATACENTER` | Cassandra datacenter name | `dc1` | @@ -208,36 +213,48 @@ docker-compose up -d | `CASSANDRA_KEYSTORE_LOCATION` | Cassandra keystore location | `${DB_VOLUME_DIR}/secrets/keystore` | | `CASSANDRA_TRUSTSTORE_LOCATION` | Cassandra truststore location | `${DB_VOLUME_DIR}/secrets/truststore` | | `CASSANDRA_TMP_P12_FILE` | Cassandra truststore location | `${DB_TMP_DIR}/keystore.p12` | -| `CASSANDRA_SSL_CERT_FILE` | Cassandra SSL certificate location | `${DB_VOLUME_DIR}/client.cer.pem` | +| `CASSANDRA_SSL_CERT_FILE` | Cassandra SSL certificate location | `${DB_VOLUME_DIR}/certs/tls.crt` | +| `CASSANDRA_SSL_KEY_FILE` | Cassandra SSL keyfile location | `${DB_VOLUME_DIR}/certs/tls.key` | +| `CASSANDRA_SSL_CA_FILE` | Cassandra SSL CA location | `nil` | | `CASSANDRA_SSL_VALIDATE` | Perform SSL validation on the certificates | `false` | | `SSL_VERSION` | TLS version to use when connecting. | `TLSv1_2` | +| `CASSANDRA_MOUNTED_CONF_DIR` | Cassandra directory for mounted configuration files | `${DB_VOLUME_DIR}/conf` | +| `JAVA_TOOL_OPTIONS` | Java tool options. | `nil` | #### Read-only environment variables -| Name | Description | Value | -|---------------------------------------|-----------------------------------------------------------|-------------------------------------------------| -| `DB_FLAVOR` | Database flavor. Valid values: `cassandra` or `scylladb`. | `cassandra` | -| `CASSANDRA_BASE_DIR` | Cassandra installation directory | `/opt/bitnami/cassandra` | -| `CASSANDRA_BIN_DIR` | Cassandra executables directory | `${DB_BASE_DIR}/bin` | -| `CASSANDRA_CONF_DIR` | Cassandra configuration directory | `${DB_BASE_DIR}/conf` | -| `CASSANDRA_VOLUME_DIR` | Persistence base directory | `/bitnami/cassandra` | -| `CASSANDRA_DATA_DIR` | Cassandra data directory | `${DB_VOLUME_DIR}/data` | -| `CASSANDRA_COMMITLOG_DIR` | Cassandra commit log directory | `${DB_DATA_DIR}/commitlog` | -| `CASSANDRA_DEFAULT_CONF_DIR` | Cassandra default configuration directory | `${DB_BASE_DIR}/conf.default` | -| `CASSANDRA_INITSCRIPTS_DIR` | Path to the Cassandra container init scripts directory | `/docker-entrypoint-initdb.d` | -| `CASSANDRA_LOG_DIR` | Cassandra logs directory | `${DB_BASE_DIR}/logs` | -| `CASSANDRA_TMP_DIR` | Cassandra temporary directory | `${DB_BASE_DIR}/tmp` | -| `JAVA_BASE_DIR` | Java base directory | `${BITNAMI_ROOT_DIR}/java` | -| `JAVA_BIN_DIR` | Java binary directory | `${JAVA_BASE_DIR}/bin` | -| `PYTHON_BASE_DIR` | Python base directory | `${BITNAMI_ROOT_DIR}/python` | -| `PYTHON_BIN_DIR` | Python binary directory | `${PYTHON_BASE_DIR}/bin` | -| `CASSANDRA_CONF_FILE` | Path to Cassandra configuration file | `${DB_CONF_DIR}/cassandra.yaml` | -| `CASSANDRA_LOG_FILE` | Path to the Cassandra log file | `${DB_LOG_DIR}/cassandra.log` | -| `CASSANDRA_FIRST_BOOT_LOG_FILE` | Path to the Cassandra first boot log file | `${DB_LOG_DIR}/cassandra_first_boot.log` | -| `CASSANDRA_INITSCRIPTS_BOOT_LOG_FILE` | Path to the Cassandra init scripts log file | `${DB_LOG_DIR}/cassandra_init_scripts_boot.log` | -| `CASSANDRA_PID_FILE` | Path to the Cassandra pid file | `${DB_TMP_DIR}/cassandra.pid` | -| `CASSANDRA_DAEMON_USER` | Cassandra system user | `cassandra` | -| `CASSANDRA_DAEMON_GROUP` | Cassandra system group | `cassandra` | +| Name | Description | Value | +|---------------------------------------|---------------------------------------------------------------------------------|-------------------------------------------------| +| `DB_FLAVOR` | Database flavor. Valid values: `cassandra` or `scylladb`. | `cassandra` | +| `CASSANDRA_BASE_DIR` | Cassandra installation directory | `/opt/bitnami/cassandra` | +| `CASSANDRA_BIN_DIR` | Cassandra executables directory | `${DB_BASE_DIR}/bin` | +| `CASSANDRA_VOLUME_DIR` | Persistence base directory | `/bitnami/cassandra` | +| `CASSANDRA_DATA_DIR` | Cassandra data directory | `${DB_VOLUME_DIR}/data` | +| `CASSANDRA_COMMITLOG_DIR` | Cassandra commit log directory | `${DB_DATA_DIR}/commitlog` | +| `CASSANDRA_INITSCRIPTS_DIR` | Path to the Cassandra container init scripts directory | `/docker-entrypoint-initdb.d` | +| `CASSANDRA_LOG_DIR` | Cassandra logs directory | `${DB_BASE_DIR}/logs` | +| `CASSANDRA_TMP_DIR` | Cassandra temporary directory | `${DB_BASE_DIR}/tmp` | +| `JAVA_BASE_DIR` | Java base directory | `${BITNAMI_ROOT_DIR}/java` | +| `JAVA_BIN_DIR` | Java binary directory | `${JAVA_BASE_DIR}/bin` | +| `PYTHON_BASE_DIR` | Python base directory | `${BITNAMI_ROOT_DIR}/python` | +| `PYTHON_BIN_DIR` | Python binary directory | `${PYTHON_BASE_DIR}/bin` | +| `CASSANDRA_LOG_FILE` | Path to the Cassandra log file | `${DB_LOG_DIR}/cassandra.log` | +| `CASSANDRA_FIRST_BOOT_LOG_FILE` | Path to the Cassandra first boot log file | `${DB_LOG_DIR}/cassandra_first_boot.log` | +| `CASSANDRA_INITSCRIPTS_BOOT_LOG_FILE` | Path to the Cassandra init scripts log file | `${DB_LOG_DIR}/cassandra_init_scripts_boot.log` | +| `CASSANDRA_PID_FILE` | Path to the Cassandra pid file | `${DB_TMP_DIR}/cassandra.pid` | +| `CASSANDRA_DAEMON_USER` | Cassandra system user | `cassandra` | +| `CASSANDRA_DAEMON_GROUP` | Cassandra system group | `cassandra` | +| `CASSANDRA_CONF_DIR` | Cassandra configuration directory | `${DB_BASE_DIR}/conf` | +| `CASSANDRA_DEFAULT_CONF_DIR` | Cassandra default configuration directory | `${DB_BASE_DIR}/conf.default` | +| `CASSANDRA_CONF_FILE` | Path to Cassandra configuration file | `${DB_CONF_DIR}/cassandra.yaml` | +| `CASSANDRA_RACKDC_FILE` | Path to Cassandra cassandra-rackdc.properties file | `${DB_CONF_DIR}/cassandra-rackdc.properties` | +| `CASSANDRA_LOGBACK_FILE` | Path to Cassandra logback.xml file | `${DB_CONF_DIR}/logback.xml` | +| `CASSANDRA_COMMITLOG_ARCHIVING_FILE` | Path to Cassandra commitlog_archiving.properties file | `${DB_CONF_DIR}/commitlog_archiving.properties` | +| `CASSANDRA_ENV_FILE` | Path to Cassandra cassandra-env.sh file | `${DB_CONF_DIR}/cassandra-env.sh` | +| `CASSANDRA_MOUNTED_CONF_PATH` | Relative path (in mounted volume) to Cassandra configuration file | `cassandra.yaml` | +| `CASSANDRA_MOUNTED_RACKDC_PATH` | Relative path (in mounted volume) to Cassandra cassandra-rackdc-properties file | `cassandra-rackdc.properties` | +| `CASSANDRA_MOUNTED_ENV_PATH` | Relative path (in mounted volume) to Cassandra cassandra-env.sh file | `cassandra-env.sh` | +| `CASSANDRA_MOUNTED_LOGBACK_PATH` | Path to Cassandra logback.xml file | `logback.xml` | Additionally, any environment variable beginning with the following prefix will be mapped to its corresponding Apache Cassandra key in the proper file: @@ -543,7 +560,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/cassandra/docker-compose-cluster.yml b/bitnami/cassandra/docker-compose-cluster.yml index e772909726de6..34989c3e7ef9b 100644 --- a/bitnami/cassandra/docker-compose-cluster.yml +++ b/bitnami/cassandra/docker-compose-cluster.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: cassandra: - image: docker.io/bitnami/cassandra:4.1 + image: docker.io/bitnami/cassandra:5.0 ports: - 7000:7000 - 9042:9042 @@ -20,7 +19,7 @@ services: - MAX_HEAP_SIZE=2G - HEAP_NEWSIZE=200M cassandra2: - image: docker.io/bitnami/cassandra:4.1 + image: docker.io/bitnami/cassandra:5.0 ports: - 7001:7000 - 9043:9042 diff --git a/bitnami/cassandra/docker-compose.yml b/bitnami/cassandra/docker-compose.yml index 134ec313c186f..0ce09ba5d9b31 100644 --- a/bitnami/cassandra/docker-compose.yml +++ b/bitnami/cassandra/docker-compose.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: cassandra: - image: docker.io/bitnami/cassandra:4.1 + image: docker.io/bitnami/cassandra:5.0 ports: - '7000:7000' - '9042:9042' diff --git a/bitnami/cert-manager-webhook/1/debian-12/Dockerfile b/bitnami/cert-manager-webhook/1/debian-12/Dockerfile index 71518ff4ad089..b6e00d3811e50 100644 --- a/bitnami/cert-manager-webhook/1/debian-12/Dockerfile +++ b/bitnami/cert-manager-webhook/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:56:54Z" \ + org.opencontainers.image.created="2025-01-02T20:07:03Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cert-manager-webhook/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.14.5-debian-12-r3" \ + org.opencontainers.image.ref.name="1.16.2-debian-12-r2" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cert-manager-webhook" \ org.opencontainers.image.title="cert-manager-webhook" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.14.5" + org.opencontainers.image.version="1.16.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "cert-manager-webhook-1.14.5-2-linux-${OS_ARCH}-debian-12" \ + "cert-manager-webhook-1.16.2-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.14.5" \ +ENV APP_VERSION="1.16.2" \ BITNAMI_APP_NAME="cert-manager-webhook" \ PATH="/opt/bitnami/cert-manager-webhook/bin:$PATH" diff --git a/bitnami/cert-manager-webhook/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cert-manager-webhook/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 5f664054f9771..434f09a091a8e 100644 --- a/bitnami/cert-manager-webhook/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cert-manager-webhook/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.14.5-2" + "version": "1.16.2-1" } } \ No newline at end of file diff --git a/bitnami/cert-manager-webhook/1/debian-12/tags-info.yaml b/bitnami/cert-manager-webhook/1/debian-12/tags-info.yaml index b046df4b98acc..c8a4b67475171 100644 --- a/bitnami/cert-manager-webhook/1/debian-12/tags-info.yaml +++ b/bitnami/cert-manager-webhook/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.14.5 +- 1.16.2 - latest diff --git a/bitnami/cert-manager-webhook/README.md b/bitnami/cert-manager-webhook/README.md index 3bd2d568714fb..ca4af3a220b6f 100644 --- a/bitnami/cert-manager-webhook/README.md +++ b/bitnami/cert-manager-webhook/README.md @@ -16,7 +16,7 @@ docker run --name cert-manager-webhook -e ALLOW_EMPTY_PASSWORD=yes bitnami/cert- **Warning**: These quick setups are only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Configuration](#configuration) section for a more secure deployment. -## Pre-requisites +## Prerequisites Kubernetes cluster with `CustomResourceDefinition` or `ThirdPartyResource support` @@ -29,15 +29,21 @@ Kubernetes cluster with `CustomResourceDefinition` or `ThirdPartyResource suppor * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use cert-manager Webhook in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use cert-manager Webhook in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -65,7 +71,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/cert-manager/1/debian-12/Dockerfile b/bitnami/cert-manager/1/debian-12/Dockerfile index 58d6192effb82..19d874cc3268a 100644 --- a/bitnami/cert-manager/1/debian-12/Dockerfile +++ b/bitnami/cert-manager/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:56:41Z" \ + org.opencontainers.image.created="2025-01-02T20:10:25Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cert-manager/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.14.5-debian-12-r4" \ + org.opencontainers.image.ref.name="1.16.2-debian-12-r2" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cert-manager" \ org.opencontainers.image.title="cert-manager" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.14.5" + org.opencontainers.image.version="1.16.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "cert-manager-1.14.5-2-linux-${OS_ARCH}-debian-12" \ + "cert-manager-1.16.2-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.14.5" \ +ENV APP_VERSION="1.16.2" \ BITNAMI_APP_NAME="cert-manager" \ PATH="/opt/bitnami/cert-manager/bin:$PATH" diff --git a/bitnami/cert-manager/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cert-manager/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index af390df4e1dc0..cd586b69af7b2 100644 --- a/bitnami/cert-manager/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cert-manager/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.14.5-2" + "version": "1.16.2-1" } } \ No newline at end of file diff --git a/bitnami/cert-manager/1/debian-12/tags-info.yaml b/bitnami/cert-manager/1/debian-12/tags-info.yaml index b046df4b98acc..c8a4b67475171 100644 --- a/bitnami/cert-manager/1/debian-12/tags-info.yaml +++ b/bitnami/cert-manager/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.14.5 +- 1.16.2 - latest diff --git a/bitnami/cert-manager/README.md b/bitnami/cert-manager/README.md index 009daf802b515..36e8f9b53e131 100644 --- a/bitnami/cert-manager/README.md +++ b/bitnami/cert-manager/README.md @@ -1,4 +1,4 @@ -# cert-manager packaged by Bitnami +# Bitnami package for cert-manager ## What is cert-manager? @@ -16,7 +16,7 @@ docker run --name cert-manager -e ALLOW_EMPTY_PASSWORD=yes bitnami/cert-manager: **Warning**: These quick setups are only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Configuration](#configuration) section for a more secure deployment. -## Pre-requisites +## Prerequisites Kubernetes cluster with `CustomResourceDefinition` or `ThirdPartyResource support` @@ -29,15 +29,21 @@ Kubernetes cluster with `CustomResourceDefinition` or `ThirdPartyResource suppor * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use cert-manager in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use cert-manager in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -65,7 +71,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/chainloop-artifact-cas/0/debian-12/Dockerfile b/bitnami/chainloop-artifact-cas/0/debian-12/Dockerfile new file mode 100644 index 0000000000000..a6c4eabdc2a8e --- /dev/null +++ b/bitnami/chainloop-artifact-cas/0/debian-12/Dockerfile @@ -0,0 +1,60 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm as builder + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +ENV OS_ARCH="${TARGETARCH:-amd64}" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] + +# Install required system packages and dependencies +RUN install_packages ca-certificates curl +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "chainloop-artifact-cas-0.151.0-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done + +###### + +FROM scratch + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +ENV OS_ARCH="${TARGETARCH:-amd64}" + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="scratch" \ + org.opencontainers.image.created="2025-01-10T14:50:06Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="0.151.0-debian-12-r0" \ + org.opencontainers.image.title="chainloop-artifact-cas" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="0.151.0" + +COPY prebuildfs / +COPY rootfs / +COPY --from=builder /opt/bitnami/chainloop/bin/artifact-cas /artifact-cas +COPY --from=builder /opt/bitnami/chainloop/.spdx-chainloop-artifact-cas.spdx /opt/bitnami/chainloop/.spdx-chainloop-artifact-cas.spdx +COPY --from=builder /opt/bitnami/chainloop/licenses /opt/bitnami/chainloop/licenses + +ENV APP_VERSION="0.151.0" \ + BITNAMI_APP_NAME="chainloop-artifact-cas" + +USER 1001 + +CMD [ "/artifact-cas" ] diff --git a/bitnami/chainloop-artifact-cas/0/debian-12/docker-compose.yml b/bitnami/chainloop-artifact-cas/0/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..17d2b387b473b --- /dev/null +++ b/bitnami/chainloop-artifact-cas/0/debian-12/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + chainloop-artifact-cas: + image: docker.io/bitnami/chainloop-artifact-cas:0 diff --git a/bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..055d328c25481 --- /dev/null +++ b/bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "chainloop-artifact-cas": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "0.151.0-0" + } +} \ No newline at end of file diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/airflow-scheduler/2/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/airflow-scheduler/2/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/chainloop-artifact-cas/0/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/chainloop-artifact-cas/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt b/bitnami/chainloop-artifact-cas/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt new file mode 100644 index 0000000000000..2d584626cce62 --- /dev/null +++ b/bitnami/chainloop-artifact-cas/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt @@ -0,0 +1,3864 @@ +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx +CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp +ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa +QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw +NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft +ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu +QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG +qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL +fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ +Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4 +Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ +54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b +MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j +ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej +YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt +A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF +rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ +pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB +lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy +YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50 +7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs +YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6 +xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc +unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/ +Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp +ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42 +gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0 +jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+ +XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD +W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/ +RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r +MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk +BYn8eNZcLCZDqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw +MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD +VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul +CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n +tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl +dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch +PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC ++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O +BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk +ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X +7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz +43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl +pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA +WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg +b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB +ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw +IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B +AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb +unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d +BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq +7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 +0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX +roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG +A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j +aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p +26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA +BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud +EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN +BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB +AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd +p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi +1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc +XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 +eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu +tGWaIZDgqtCYvDi1czyL+Nw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo +YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 +MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy +NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G +A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA +A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 +Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s +QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV +eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 +B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh +z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T +AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i +ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w +TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH +MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD +VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE +VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B +AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM +bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi +ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG +VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c +ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ +AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb +BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz +MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx +FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g +Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 +fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl +LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV +WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF +TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb +5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc +CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri +wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ +wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG +m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 +F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng +WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 +2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF +AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ +0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw +F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS +g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj +qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN +h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ +ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V +btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj +Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ +8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW +gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw +PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz +cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 +MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz +IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ +ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR +VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL +kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd +EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas +H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 +HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud +DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 +QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu +Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ +AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 +yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR +FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA +ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB +kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a +iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt +6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP +0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f +6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE +EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN +1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc +h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT +mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV +4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO +WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd +Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq +hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh +66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 +/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS +S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j +2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R +Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr +RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy +6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV +V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 +g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl +++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat +93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x +Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj +FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG +SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch +p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal +U5ORGpOucGpnutee5WEaXw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E +jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo +ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI +ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu +Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg +AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 +HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA +uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa +TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg +xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q +CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x +O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs +6GAqm4VKQPNriiTsBhYscw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB +gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu +QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG +A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz +OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ +VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 +b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA +DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn +0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB +OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE +fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E +Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m +o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i +sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW +OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez +Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS +adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n +3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ +F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf +CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 +XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm +djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ +WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb +AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq +P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko +b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj +XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P +5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi +DrW5viSP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz +IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz +MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw +EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 +28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq +VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q +DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR +5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL +ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a +Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl +UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s ++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 +Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx +hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV +HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 ++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t +L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy +ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt +IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV +HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w +DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW +PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF +5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 +glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH +FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 +pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD +xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG +tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq +jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De +fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ +d0jQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 +MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG +EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT +CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK +8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 +98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb +2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC +ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi +Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB +o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl +ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD +AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL +AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd +foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M +cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq +8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp +hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk +Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U +AGegcQCCSA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD +QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD +VQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMR8wHQYDVQQDDBZELVRSVVNU +IFJvb3QgQ0EgMyAyMDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +xHtCkoIf7O1UmI4SwMoJ35NuOpNcG+QQd55OaYhs9uFp8vabomGxvQcgdJhl8Ywm +CM2oNcqANtFjbehEeoLDbF7eu+g20sRoNoyfMr2EIuDcwu4QRjltr5M5rofmw7wJ +ySxrZ1vZm3Z1TAvgu8XXvD558l++0ZBX+a72Zl8xv9Ntj6e6SvMjZbu376Ml1wrq +WLbviPr6ebJSWNXwrIyhUXQplapRO5AyA58ccnSQ3j3tYdLl4/1kR+W5t0qp9x+u +loYErC/jpIF3t1oW/9gPP/a3eMykr/pbPBJbqFKJcu+I89VEgYaVI5973bzZNO98 +lDyqwEHC451QGsDkGSL8swIDAQABo4IBBTCCAQEwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUP5DIfccVb/Mkj6nDL0uiDyGyL+cwDgYDVR0PAQH/BAQDAgEGMIG+ +BgNVHR8EgbYwgbMwdKByoHCGbmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv +Q049RC1UUlVTVCUyMFJvb3QlMjBDQSUyMDMlMjAyMDEzLE89RC1UcnVzdCUyMEdt +YkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MDugOaA3hjVodHRwOi8v +Y3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2FfM18yMDEzLmNybDAN +BgkqhkiG9w0BAQsFAAOCAQEADlkOWOR0SCNEzzQhtZwUGq2aS7eziG1cqRdw8Cqf +jXv5e4X6xznoEAiwNStfzwLS05zICx7uBVSuN5MECX1sj8J0vPgclL4xAUAt8yQg +t4RVLFzI9XRKEBmLo8ftNdYJSNMOwLo5qLBGArDbxohZwr78e7Erz35ih1WWzAFv +m2chlTWL+BD8cRu3SzdppjvW7IvuwbDzJcmPkn2h6sPKRL8mpXSSnON065102ctN +h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln +tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc +MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj +IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB +IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE +RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl +U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 +IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU +ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC +QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr +rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S +NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc +QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH +txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP +BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp +tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa +IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl +6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ +xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG +CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy +MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl +ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS +b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy +euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO +bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw +WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d +MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE +1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ +zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB +BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF +BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV +v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG +E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW +iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v +GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy +c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 +IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV +VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 +cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT +QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh +F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v +c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w +mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd +VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX +teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ +f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe +Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ +nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY +MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX +IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn +ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z +uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN +Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja +QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW +koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 +ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt +DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm +bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy +c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD +VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 +c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 +WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG +FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq +XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL +se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb +KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd +IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 +y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt +hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc +QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 +Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV +HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ +KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ +L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr +Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo +ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY +T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz +GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m +1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV +OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH +6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX +QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx +MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy +cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG +A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl +BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed +KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 +G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 +zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 +ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG +HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 +Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V +yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e +beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r +6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog +zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW +BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr +ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp +ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk +cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt +YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC +CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow +KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI +hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ +UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz +X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x +fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz +a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd +Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd +SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O +AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso +M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge +v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL +BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV +BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw +MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B +LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F +ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem +hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 +EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn +Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 +zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ +96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m +j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g +DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ +8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j +X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH +hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB +KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 +Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT ++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL +BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 +BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO +jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 +loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c +qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ +2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ +JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre +zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf +LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ +x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 +oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB +ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly +aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w +NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G +A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX +SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR +VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 +w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF +mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg +4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 +4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx +SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 +ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 +vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi +Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ +/L7fCg0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b +wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX +/uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0 +77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP +uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx +p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx +Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2 +TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W +G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw +vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY +EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1 +2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw +DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E +PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf +gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS +FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0 +V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P +XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I +i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t +TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91 +09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky +Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ +AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj +1oxx +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh +/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e +CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 +1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE +FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS +gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X +G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy +YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH +vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 +t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ +gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 +5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w +DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz +Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 +nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT +RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT +wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 +t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa +TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 +o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU +3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA +iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f +WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM +S1IK +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx +CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U +cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow +QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl +blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm +3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d +oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 +DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK +BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q +j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx +4nxp5V2a+EEfOzmTk51V6s2N8fvB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2DCCAsCgAwIBAgIQYFbFSyNAW2TU7SXa2dYeHjANBgkqhkiG9w0BAQsFADCB +hTELMAkGA1UEBhMCREUxKTAnBgNVBAoTIERldXRzY2hlciBTcGFya2Fzc2VuIFZl +cmxhZyBHbWJIMScwJQYDVQQLEx5TLVRSVVNUIENlcnRpZmljYXRpb24gU2Vydmlj +ZXMxIjAgBgNVBAMTGVMtVFJVU1QgVW5pdmVyc2FsIFJvb3QgQ0EwHhcNMTMxMDIy +MDAwMDAwWhcNMzgxMDIxMjM1OTU5WjCBhTELMAkGA1UEBhMCREUxKTAnBgNVBAoT +IERldXRzY2hlciBTcGFya2Fzc2VuIFZlcmxhZyBHbWJIMScwJQYDVQQLEx5TLVRS +VVNUIENlcnRpZmljYXRpb24gU2VydmljZXMxIjAgBgNVBAMTGVMtVFJVU1QgVW5p +dmVyc2FsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo +4wvfETeFgpq1bGZ8YT/ARxodRuOwVWTluII5KAd+F//0m4rwkYHqOD8heGxI7Gsv +otOKcrKn19nqf7TASWswJYmM67fVQGGY4tw8IJLNZUpynxqOjPolFb/zIYMoDYuv +WRGCQ1ybTSVRf1gYY2A7s7WKi1hjN0hIkETCQN1d90NpKZhcEmVeq5CSS2bf1XUS +U1QYpt6K1rtXAzlZmRgFDPn9FcaQZEYXgtfCSkE9/QC+V3IYlHcbU1qJAfYzcg6T +OtzoHv0FBda8c+CI3KtP7LUYhk95hA5IKmYq3TLIeGXIC51YAQVx7YH1aBduyw20 +S9ih7K446xxYL6FlAzQvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBSafdfr639UmEUptCCrbQuWIxmkwjANBgkqhkiG +9w0BAQsFAAOCAQEATpYS2353XpInniEXGIJ22D+8pQkEZoiJrdtVszNqxmXEj03z +MjbceQSWqXcy0Zf1GGuMuu3OEdBEx5LxtESO7YhSSJ7V/Vn4ox5R+wFS5V/let2q +JE8ii912RvaloA812MoPmLkwXSBvwoEevb3A/hXTOCoJk5gnG5N70Cs0XmilFU/R +UsOgyqCDRR319bdZc11ZAY+qwkcvFHHVKeMQtUeTJcwjKdq3ctiR1OwbSIoi5MEq +9zpok59FGW5Dt8z+uJGaYRo2aWNkkijzb2GShROfyQcsi1fc65551cLeCNVUsldO +KjKNoeI60RAgIjl9NEVvcTvDHfz/sk+o4vYwHg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 +ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw +NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg +Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN +QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT +3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw +3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 +3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 +BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN +XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF +AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw +8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG +nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP +oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy +d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg +LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y +MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg +TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS +b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS +M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC +UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d +Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p +rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l +pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb +j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC +KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS +/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X +cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH +1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP +px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 +MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u +2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS +v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC +wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy +CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e +vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 +Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa +Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL +eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 +FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc +7uzXLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX +DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP +cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW +IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX +xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy +KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR +9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az +5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 +6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 +Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP +bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt +BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt +XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd +INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD +U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp +LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 +Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp +gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh +/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw +0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A +fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq +4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR +1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ +QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM +94B7IWcnMFk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu +IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw +WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD +ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y +IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn +IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ +6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob +jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw +izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl ++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY +zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP +pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF +KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW +ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB +AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 +ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW +IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA +A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 +uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ +FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 +jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ +u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D +YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 +puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa +icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG +DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x +kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z +Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr +jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r +0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f +2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP +ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF +y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA +tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL +6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 +uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL +acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh +k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q +VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O +BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh +b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R +fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv +/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI +REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx +srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv +aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT +woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n +Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W +t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N +8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 +9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 +wSsSnqaeG8XmDtkx2Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQIW4zpcvTiKRvKQe0JzzE2DAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAxIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATXZrUb266zYO5G6ohjdTsqlG3zXxL24w+etgoUU0hS +yNw6s8tIICYSTvqJhNTfkeQpfSgB2dsYQ2mhH7XThhbcx39nI9/fMTGDAzVwsUu3 +yBe7UcvclBfb6gk7dhLeqrWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRlwI0l9Qy6l3eQP54u4Fr1ztXh5DAKBggqhkjOPQQD +AwNpADBmAjEApa7jRlP4mDbjIvouKEkN7jB+M/PsP3FezFWJeJmssv3cHFwzjim5 +axfIEWi13IMHAjEAnMhE2mnCNsNUGRCFAtqdR+9B52wmnQk9922Q0QVEL7C8g5No +8gxFSTm/mQQc0xCg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD +6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o +ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH +w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn +r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP +N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX +tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP +4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q +dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz +5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA +DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 +0jPg/73RVDkpDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQNBdlEkA7t1aALYDLeVWmHjAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAyIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATR2UqOTA2ESlG6fO/TzPo6mrWnYxM9AeBJPvrBR8mS +szrX/m+c95o6D/UOCgrDP8jnEhSO1dVtmCyzcTIK6yq99tdqIAtnRZzSsr9TImYJ +XdsR8/EFM1ij4rjPfM2Cm72jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBQ9MvM6qQyQhPmijGkGYVQvh3L+BTAKBggqhkjOPQQD +AwNpADBmAjEAyKapr0F/tckRQhZoaUxcuCcYtpjxwH+QbYfTjEYX8D5P/OqwCMR6 +S7wIL8fip29lAjEA1lnehs5fDspU1cbQFQ78i5Ry1I4AWFPPfrFLDeVQhuuea9// +KabYR9mglhjb8kWz +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn +V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs +ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx ++FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y +KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN +KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW +tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L +0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 +bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 +Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm +KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ +b/xa5IJVWa8xqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL +MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV +BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 +Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1 +OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i +SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc +VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW +Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q +Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2 +1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq +ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1 +Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX +XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy +dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6 +Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz +JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 +Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u +TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN +irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8 +TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6 +g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB +95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj +S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ +MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR +IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q +gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy +yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts +F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 +jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx +ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC +VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK +YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH +EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN +Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud +DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE +MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK +UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf +qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK +ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE +JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 +hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 +EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm +nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX +udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz +ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe +LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl +pYYsfPQS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y +IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig +RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb +3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA +BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 +3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou +owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ +wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF +ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf +BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv +civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 +AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 +soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI +WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi +tJ/X5g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y +IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB +pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h +IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG +A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU +cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid +RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V +seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme +9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV +EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW +hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ +DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD +ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I +/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ +yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts +L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN +zl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig +Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk +MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg +Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD +VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ +QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq +1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp +2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK +DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape +az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF +3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 +oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM +g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 +mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd +BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U +nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw +DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX +dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ +MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL +/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX +CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa +ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW +2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 +N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 +Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB +As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp +5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu +1uwJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL +ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx +MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc +MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ +AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH +iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj +vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA +0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB +OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ +BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E +FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 +GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW +zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 +1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE +f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F +jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN +ZetX2fNXlrtIzYE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE +BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn +aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg +QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg +SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0 +MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD +VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 +dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom +/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR +Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3 +4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z +5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0 +hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID +AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX +SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l +VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq +URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf +peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF +Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW ++qtB4Uu2NQvAmxU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB +rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt +Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa +Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV +BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l +dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE +AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B +YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9 +hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l +L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm +SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM +1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws +6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw +Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50 +aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH +AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u +7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0 +xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ +rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim +eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk +USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 +IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y +IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh +bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF +9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH +H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H +LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN +/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT +rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw +WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs +exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 +sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ +seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz +4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ +BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR +lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 +7M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 +nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO +8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV +ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb +PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 +6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr +n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a +qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 +wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 +ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs +pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 +E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp +Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g +Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU +J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO +JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY +wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o +koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN +qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E +Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe +xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u +7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU +sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI +sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP +cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw +CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h +dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l +cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h +2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E +lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV +ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq +299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t +vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL +dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF +AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR +zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 +LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd +7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw +++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp +IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi +BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw +MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig +YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v +dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ +BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 +papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K +DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 +KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox +XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- diff --git a/bitnami/chainloop-artifact-cas/0/debian-12/tags-info.yaml b/bitnami/chainloop-artifact-cas/0/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..c99aab0e030bb --- /dev/null +++ b/bitnami/chainloop-artifact-cas/0/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "0" +- 0-debian-12 +- 0.151.0 +- latest diff --git a/bitnami/chainloop-artifact-cas/README.md b/bitnami/chainloop-artifact-cas/README.md new file mode 100644 index 0000000000000..b88c7f36f0270 --- /dev/null +++ b/bitnami/chainloop-artifact-cas/README.md @@ -0,0 +1,101 @@ +# Bitnami package for Chainloop Artifact CAS + +## What is Chainloop Artifact CAS? + +> The artifact proxy is a Content-Addressable Storage (CAS) Proxy that sits in front of different storage backends. + +[Overview of Chainloop Artifact CAS](https://chainloop.dev) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name chainloop-artifact-cas bitnami/chainloop-artifact-cas:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Chainloop Artifact CAS in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Why use a non-root container? + +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Chainloop Artifact CAS Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/chainloop-artifact-cas). + +```console +docker pull bitnami/chainloop-artifact-cas:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/chainloop-artifact-cas/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/chainloop-artifact-cas:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `chainloop-artifact-cas help` you can follow the example below: + +```console +docker run --rm --name chainloop-artifact-cas bitnami/chainloop-artifact-cas:latest help +``` + +Check the [official Chainloop Artifact CAS documentation](https://github.com/chainloop-dev/chainloop/tree/main/app/artifact-cas) for more information about configuration options. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/chainloop-artifact-cas/docker-compose.yml b/bitnami/chainloop-artifact-cas/docker-compose.yml new file mode 100644 index 0000000000000..17d2b387b473b --- /dev/null +++ b/bitnami/chainloop-artifact-cas/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + chainloop-artifact-cas: + image: docker.io/bitnami/chainloop-artifact-cas:0 diff --git a/bitnami/chainloop-control-plane-migrations/0/debian-12/Dockerfile b/bitnami/chainloop-control-plane-migrations/0/debian-12/Dockerfile new file mode 100644 index 0000000000000..ac28dba0f0b88 --- /dev/null +++ b/bitnami/chainloop-control-plane-migrations/0/debian-12/Dockerfile @@ -0,0 +1,65 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm as builder + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +ENV OS_ARCH="${TARGETARCH:-amd64}" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] + +# Install required system packages and dependencies +RUN install_packages ca-certificates curl +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "atlas-0.30.0-0-linux-${OS_ARCH}-debian-12" \ + "chainloop-control-plane-migrations-0.151.0-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done + +###### + +FROM scratch + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +ENV OS_ARCH="${TARGETARCH:-amd64}" + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="scratch" \ + org.opencontainers.image.created="2025-01-10T14:50:05Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="0.151.0-debian-12-r0" \ + org.opencontainers.image.title="chainloop-control-plane-migrations" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="0.151.0" + +COPY prebuildfs / +COPY rootfs / +COPY --from=builder /opt/bitnami/atlas/bin/atlas /atlas +COPY --from=builder /opt/bitnami/chainloop/migrations /migrations +COPY --from=builder /opt/bitnami/atlas/.spdx-atlas.spdx /opt/bitnami/atlas/.spdx-atlas.spdx +COPY --from=builder /opt/bitnami/atlas/licenses /opt/bitnami/atlas/licenses +COPY --from=builder /opt/bitnami/chainloop/.spdx-chainloop-control-plane-migrations.spdx /opt/bitnami/chainloop/.spdx-chainloop-control-plane-migrations.spdx +COPY --from=builder /opt/bitnami/chainloop/licenses /opt/bitnami/chainloop/licenses + +ENV APP_VERSION="0.151.0" \ + BITNAMI_APP_NAME="chainloop-control-plane-migrations" \ + PATH="/opt/bitnami/atlas/bin:$PATH" + +USER 1001 + +CMD [ "/atlas" ] diff --git a/bitnami/chainloop-control-plane-migrations/0/debian-12/docker-compose.yml b/bitnami/chainloop-control-plane-migrations/0/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..a94d4769fedb6 --- /dev/null +++ b/bitnami/chainloop-control-plane-migrations/0/debian-12/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + chainloop-control-plane-migrations: + image: docker.io/bitnami/chainloop-control-plane-migrations:0 diff --git a/bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..f18c476f2628b --- /dev/null +++ b/bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "atlas": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "0.30.0-0" + }, + "chainloop-control-plane-migrations": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "0.151.0-0" + } +} \ No newline at end of file diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/airflow-worker/2/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/airflow-worker/2/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/chainloop-control-plane-migrations/0/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/chainloop-control-plane-migrations/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt b/bitnami/chainloop-control-plane-migrations/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt new file mode 100644 index 0000000000000..2d584626cce62 --- /dev/null +++ b/bitnami/chainloop-control-plane-migrations/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt @@ -0,0 +1,3864 @@ +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx +CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp +ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa +QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw +NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft +ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu +QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG +qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL +fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ +Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4 +Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ +54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b +MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j +ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej +YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt +A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF +rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ +pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB +lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy +YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50 +7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs +YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6 +xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc +unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/ +Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp +ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42 +gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0 +jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+ +XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD +W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/ +RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r +MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk +BYn8eNZcLCZDqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw +MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD +VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul +CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n +tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl +dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch +PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC ++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O +BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk +ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X +7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz +43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl +pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA +WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg +b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB +ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw +IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B +AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb +unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d +BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq +7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 +0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX +roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG +A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j +aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p +26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA +BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud +EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN +BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB +AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd +p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi +1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc +XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 +eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu +tGWaIZDgqtCYvDi1czyL+Nw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo +YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 +MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy +NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G +A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA +A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 +Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s +QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV +eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 +B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh +z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T +AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i +ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w +TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH +MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD +VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE +VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B +AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM +bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi +ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG +VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c +ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ +AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb +BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz +MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx +FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g +Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 +fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl +LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV +WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF +TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb +5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc +CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri +wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ +wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG +m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 +F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng +WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 +2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF +AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ +0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw +F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS +g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj +qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN +h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ +ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V +btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj +Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ +8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW +gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw +PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz +cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 +MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz +IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ +ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR +VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL +kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd +EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas +H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 +HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud +DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 +QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu +Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ +AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 +yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR +FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA +ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB +kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a +iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt +6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP +0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f +6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE +EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN +1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc +h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT +mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV +4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO +WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd +Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq +hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh +66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 +/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS +S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j +2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R +Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr +RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy +6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV +V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 +g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl +++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat +93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x +Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj +FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG +SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch +p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal +U5ORGpOucGpnutee5WEaXw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E +jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo +ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI +ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu +Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg +AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 +HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA +uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa +TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg +xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q +CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x +O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs +6GAqm4VKQPNriiTsBhYscw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB +gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu +QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG +A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz +OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ +VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 +b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA +DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn +0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB +OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE +fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E +Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m +o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i +sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW +OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez +Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS +adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n +3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ +F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf +CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 +XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm +djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ +WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb +AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq +P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko +b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj +XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P +5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi +DrW5viSP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz +IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz +MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw +EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 +28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq +VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q +DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR +5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL +ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a +Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl +UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s ++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 +Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx +hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV +HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 ++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t +L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy +ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt +IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV +HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w +DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW +PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF +5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 +glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH +FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 +pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD +xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG +tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq +jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De +fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ +d0jQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 +MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG +EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT +CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK +8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 +98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb +2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC +ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi +Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB +o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl +ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD +AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL +AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd +foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M +cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq +8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp +hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk +Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U +AGegcQCCSA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD +QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD +VQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMR8wHQYDVQQDDBZELVRSVVNU +IFJvb3QgQ0EgMyAyMDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +xHtCkoIf7O1UmI4SwMoJ35NuOpNcG+QQd55OaYhs9uFp8vabomGxvQcgdJhl8Ywm +CM2oNcqANtFjbehEeoLDbF7eu+g20sRoNoyfMr2EIuDcwu4QRjltr5M5rofmw7wJ +ySxrZ1vZm3Z1TAvgu8XXvD558l++0ZBX+a72Zl8xv9Ntj6e6SvMjZbu376Ml1wrq +WLbviPr6ebJSWNXwrIyhUXQplapRO5AyA58ccnSQ3j3tYdLl4/1kR+W5t0qp9x+u +loYErC/jpIF3t1oW/9gPP/a3eMykr/pbPBJbqFKJcu+I89VEgYaVI5973bzZNO98 +lDyqwEHC451QGsDkGSL8swIDAQABo4IBBTCCAQEwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUP5DIfccVb/Mkj6nDL0uiDyGyL+cwDgYDVR0PAQH/BAQDAgEGMIG+ +BgNVHR8EgbYwgbMwdKByoHCGbmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv +Q049RC1UUlVTVCUyMFJvb3QlMjBDQSUyMDMlMjAyMDEzLE89RC1UcnVzdCUyMEdt +YkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MDugOaA3hjVodHRwOi8v +Y3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2FfM18yMDEzLmNybDAN +BgkqhkiG9w0BAQsFAAOCAQEADlkOWOR0SCNEzzQhtZwUGq2aS7eziG1cqRdw8Cqf +jXv5e4X6xznoEAiwNStfzwLS05zICx7uBVSuN5MECX1sj8J0vPgclL4xAUAt8yQg +t4RVLFzI9XRKEBmLo8ftNdYJSNMOwLo5qLBGArDbxohZwr78e7Erz35ih1WWzAFv +m2chlTWL+BD8cRu3SzdppjvW7IvuwbDzJcmPkn2h6sPKRL8mpXSSnON065102ctN +h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln +tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc +MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj +IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB +IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE +RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl +U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 +IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU +ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC +QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr +rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S +NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc +QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH +txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP +BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp +tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa +IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl +6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ +xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG +CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy +MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl +ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS +b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy +euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO +bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw +WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d +MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE +1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ +zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB +BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF +BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV +v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG +E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW +iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v +GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy +c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 +IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV +VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 +cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT +QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh +F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v +c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w +mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd +VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX +teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ +f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe +Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ +nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY +MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX +IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn +ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z +uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN +Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja +QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW +koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 +ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt +DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm +bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy +c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD +VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 +c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 +WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG +FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq +XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL +se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb +KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd +IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 +y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt +hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc +QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 +Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV +HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ +KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ +L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr +Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo +ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY +T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz +GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m +1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV +OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH +6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX +QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx +MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy +cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG +A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl +BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed +KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 +G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 +zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 +ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG +HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 +Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V +yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e +beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r +6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog +zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW +BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr +ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp +ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk +cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt +YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC +CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow +KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI +hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ +UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz +X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x +fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz +a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd +Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd +SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O +AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso +M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge +v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL +BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV +BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw +MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B +LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F +ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem +hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 +EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn +Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 +zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ +96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m +j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g +DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ +8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j +X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH +hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB +KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 +Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT ++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL +BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 +BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO +jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 +loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c +qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ +2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ +JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre +zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf +LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ +x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 +oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB +ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly +aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w +NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G +A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX +SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR +VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 +w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF +mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg +4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 +4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx +SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 +ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 +vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi +Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ +/L7fCg0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b +wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX +/uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0 +77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP +uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx +p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx +Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2 +TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W +G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw +vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY +EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1 +2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw +DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E +PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf +gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS +FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0 +V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P +XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I +i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t +TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91 +09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky +Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ +AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj +1oxx +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh +/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e +CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 +1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE +FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS +gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X +G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy +YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH +vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 +t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ +gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 +5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w +DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz +Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 +nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT +RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT +wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 +t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa +TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 +o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU +3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA +iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f +WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM +S1IK +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx +CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U +cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow +QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl +blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm +3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d +oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 +DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK +BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q +j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx +4nxp5V2a+EEfOzmTk51V6s2N8fvB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2DCCAsCgAwIBAgIQYFbFSyNAW2TU7SXa2dYeHjANBgkqhkiG9w0BAQsFADCB +hTELMAkGA1UEBhMCREUxKTAnBgNVBAoTIERldXRzY2hlciBTcGFya2Fzc2VuIFZl +cmxhZyBHbWJIMScwJQYDVQQLEx5TLVRSVVNUIENlcnRpZmljYXRpb24gU2Vydmlj +ZXMxIjAgBgNVBAMTGVMtVFJVU1QgVW5pdmVyc2FsIFJvb3QgQ0EwHhcNMTMxMDIy +MDAwMDAwWhcNMzgxMDIxMjM1OTU5WjCBhTELMAkGA1UEBhMCREUxKTAnBgNVBAoT +IERldXRzY2hlciBTcGFya2Fzc2VuIFZlcmxhZyBHbWJIMScwJQYDVQQLEx5TLVRS +VVNUIENlcnRpZmljYXRpb24gU2VydmljZXMxIjAgBgNVBAMTGVMtVFJVU1QgVW5p +dmVyc2FsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo +4wvfETeFgpq1bGZ8YT/ARxodRuOwVWTluII5KAd+F//0m4rwkYHqOD8heGxI7Gsv +otOKcrKn19nqf7TASWswJYmM67fVQGGY4tw8IJLNZUpynxqOjPolFb/zIYMoDYuv +WRGCQ1ybTSVRf1gYY2A7s7WKi1hjN0hIkETCQN1d90NpKZhcEmVeq5CSS2bf1XUS +U1QYpt6K1rtXAzlZmRgFDPn9FcaQZEYXgtfCSkE9/QC+V3IYlHcbU1qJAfYzcg6T +OtzoHv0FBda8c+CI3KtP7LUYhk95hA5IKmYq3TLIeGXIC51YAQVx7YH1aBduyw20 +S9ih7K446xxYL6FlAzQvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBSafdfr639UmEUptCCrbQuWIxmkwjANBgkqhkiG +9w0BAQsFAAOCAQEATpYS2353XpInniEXGIJ22D+8pQkEZoiJrdtVszNqxmXEj03z +MjbceQSWqXcy0Zf1GGuMuu3OEdBEx5LxtESO7YhSSJ7V/Vn4ox5R+wFS5V/let2q +JE8ii912RvaloA812MoPmLkwXSBvwoEevb3A/hXTOCoJk5gnG5N70Cs0XmilFU/R +UsOgyqCDRR319bdZc11ZAY+qwkcvFHHVKeMQtUeTJcwjKdq3ctiR1OwbSIoi5MEq +9zpok59FGW5Dt8z+uJGaYRo2aWNkkijzb2GShROfyQcsi1fc65551cLeCNVUsldO +KjKNoeI60RAgIjl9NEVvcTvDHfz/sk+o4vYwHg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 +ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw +NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg +Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN +QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT +3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw +3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 +3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 +BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN +XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF +AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw +8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG +nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP +oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy +d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg +LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y +MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg +TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS +b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS +M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC +UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d +Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p +rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l +pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb +j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC +KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS +/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X +cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH +1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP +px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 +MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u +2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS +v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC +wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy +CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e +vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 +Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa +Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL +eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 +FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc +7uzXLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX +DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP +cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW +IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX +xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy +KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR +9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az +5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 +6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 +Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP +bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt +BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt +XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd +INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD +U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp +LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 +Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp +gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh +/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw +0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A +fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq +4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR +1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ +QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM +94B7IWcnMFk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu +IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw +WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD +ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y +IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn +IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ +6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob +jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw +izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl ++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY +zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP +pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF +KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW +ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB +AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 +ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW +IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA +A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 +uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ +FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 +jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ +u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D +YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 +puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa +icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG +DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x +kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z +Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr +jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r +0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f +2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP +ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF +y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA +tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL +6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 +uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL +acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh +k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q +VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O +BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh +b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R +fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv +/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI +REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx +srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv +aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT +woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n +Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W +t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N +8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 +9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 +wSsSnqaeG8XmDtkx2Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQIW4zpcvTiKRvKQe0JzzE2DAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAxIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATXZrUb266zYO5G6ohjdTsqlG3zXxL24w+etgoUU0hS +yNw6s8tIICYSTvqJhNTfkeQpfSgB2dsYQ2mhH7XThhbcx39nI9/fMTGDAzVwsUu3 +yBe7UcvclBfb6gk7dhLeqrWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRlwI0l9Qy6l3eQP54u4Fr1ztXh5DAKBggqhkjOPQQD +AwNpADBmAjEApa7jRlP4mDbjIvouKEkN7jB+M/PsP3FezFWJeJmssv3cHFwzjim5 +axfIEWi13IMHAjEAnMhE2mnCNsNUGRCFAtqdR+9B52wmnQk9922Q0QVEL7C8g5No +8gxFSTm/mQQc0xCg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD +6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o +ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH +w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn +r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP +N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX +tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP +4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q +dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz +5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA +DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 +0jPg/73RVDkpDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQNBdlEkA7t1aALYDLeVWmHjAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAyIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATR2UqOTA2ESlG6fO/TzPo6mrWnYxM9AeBJPvrBR8mS +szrX/m+c95o6D/UOCgrDP8jnEhSO1dVtmCyzcTIK6yq99tdqIAtnRZzSsr9TImYJ +XdsR8/EFM1ij4rjPfM2Cm72jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBQ9MvM6qQyQhPmijGkGYVQvh3L+BTAKBggqhkjOPQQD +AwNpADBmAjEAyKapr0F/tckRQhZoaUxcuCcYtpjxwH+QbYfTjEYX8D5P/OqwCMR6 +S7wIL8fip29lAjEA1lnehs5fDspU1cbQFQ78i5Ry1I4AWFPPfrFLDeVQhuuea9// +KabYR9mglhjb8kWz +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn +V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs +ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx ++FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y +KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN +KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW +tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L +0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 +bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 +Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm +KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ +b/xa5IJVWa8xqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL +MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV +BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 +Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1 +OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i +SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc +VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW +Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q +Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2 +1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq +ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1 +Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX +XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy +dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6 +Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz +JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 +Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u +TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN +irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8 +TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6 +g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB +95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj +S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ +MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR +IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q +gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy +yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts +F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 +jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx +ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC +VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK +YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH +EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN +Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud +DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE +MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK +UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf +qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK +ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE +JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 +hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 +EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm +nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX +udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz +ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe +LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl +pYYsfPQS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y +IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig +RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb +3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA +BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 +3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou +owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ +wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF +ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf +BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv +civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 +AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 +soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI +WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi +tJ/X5g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y +IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB +pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h +IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG +A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU +cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid +RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V +seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme +9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV +EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW +hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ +DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD +ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I +/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ +yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts +L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN +zl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig +Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk +MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg +Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD +VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ +QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq +1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp +2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK +DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape +az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF +3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 +oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM +g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 +mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd +BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U +nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw +DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX +dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ +MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL +/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX +CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa +ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW +2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 +N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 +Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB +As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp +5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu +1uwJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL +ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx +MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc +MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ +AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH +iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj +vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA +0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB +OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ +BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E +FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 +GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW +zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 +1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE +f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F +jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN +ZetX2fNXlrtIzYE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE +BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn +aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg +QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg +SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0 +MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD +VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 +dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom +/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR +Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3 +4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z +5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0 +hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID +AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX +SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l +VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq +URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf +peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF +Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW ++qtB4Uu2NQvAmxU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB +rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt +Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa +Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV +BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l +dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE +AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B +YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9 +hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l +L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm +SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM +1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws +6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw +Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50 +aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH +AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u +7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0 +xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ +rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim +eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk +USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 +IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y +IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh +bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF +9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH +H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H +LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN +/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT +rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw +WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs +exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 +sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ +seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz +4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ +BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR +lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 +7M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 +nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO +8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV +ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb +PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 +6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr +n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a +qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 +wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 +ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs +pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 +E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp +Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g +Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU +J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO +JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY +wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o +koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN +qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E +Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe +xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u +7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU +sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI +sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP +cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw +CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h +dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l +cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h +2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E +lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV +ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq +299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t +vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL +dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF +AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR +zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 +LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd +7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw +++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp +IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi +BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw +MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig +YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v +dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ +BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 +papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K +DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 +KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox +XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- diff --git a/bitnami/chainloop-control-plane-migrations/0/debian-12/tags-info.yaml b/bitnami/chainloop-control-plane-migrations/0/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..c99aab0e030bb --- /dev/null +++ b/bitnami/chainloop-control-plane-migrations/0/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "0" +- 0-debian-12 +- 0.151.0 +- latest diff --git a/bitnami/chainloop-control-plane-migrations/README.md b/bitnami/chainloop-control-plane-migrations/README.md new file mode 100644 index 0000000000000..396e4d613c66e --- /dev/null +++ b/bitnami/chainloop-control-plane-migrations/README.md @@ -0,0 +1,101 @@ +# Bitnami package for Chainloop Control Plane migrations + +## What is Chainloop Control Plane migrations? + +> Atlas-based database migration controller for Chainloop. + +[Overview of Chainloop Control Plane migrations](https://chainloop.dev) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name chainloop-control-plane-migrations bitnami/chainloop-control-plane-migrations:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Chainloop Control Plane migrations in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Why use a non-root container? + +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Chainloop Control Plane migrations Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/chainloop-control-plane-migrations). + +```console +docker pull bitnami/chainloop-control-plane-migrations:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/chainloop-control-plane-migrations/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/chainloop-control-plane-migrations:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `chainloop-control-plane-migrations help` you can follow the example below: + +```console +docker run --rm --name chainloop-control-plane-migrations bitnami/chainloop-control-plane-migrations:latest help +``` + +Check the [official Chainloop Control Plane migrations documentation](https://github.com/chainloop-dev/chainloop/tree/main/app/controlplane) for more information about configuration options. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/chainloop-control-plane-migrations/docker-compose.yml b/bitnami/chainloop-control-plane-migrations/docker-compose.yml new file mode 100644 index 0000000000000..a94d4769fedb6 --- /dev/null +++ b/bitnami/chainloop-control-plane-migrations/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + chainloop-control-plane-migrations: + image: docker.io/bitnami/chainloop-control-plane-migrations:0 diff --git a/bitnami/chainloop-control-plane/0/debian-12/Dockerfile b/bitnami/chainloop-control-plane/0/debian-12/Dockerfile new file mode 100644 index 0000000000000..273a684b4e33c --- /dev/null +++ b/bitnami/chainloop-control-plane/0/debian-12/Dockerfile @@ -0,0 +1,60 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm as builder + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +ENV OS_ARCH="${TARGETARCH:-amd64}" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] + +# Install required system packages and dependencies +RUN install_packages ca-certificates curl +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "chainloop-0.151.0-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done + +###### + +FROM scratch + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +ENV OS_ARCH="${TARGETARCH:-amd64}" + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="scratch" \ + org.opencontainers.image.created="2025-01-10T14:50:27Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="0.151.0-debian-12-r0" \ + org.opencontainers.image.title="chainloop-control-plane" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="0.151.0" + +COPY prebuildfs / +COPY rootfs / +COPY --from=builder /opt/bitnami/chainloop/bin/control-plane /control-plane +COPY --from=builder /opt/bitnami/chainloop/.spdx-chainloop.spdx /opt/bitnami/chainloop/.spdx-chainloop.spdx +COPY --from=builder /opt/bitnami/chainloop/licenses /opt/bitnami/chainloop/licenses + +ENV APP_VERSION="0.151.0" \ + BITNAMI_APP_NAME="chainloop-control-plane" + +USER 1001 + +CMD [ "/control-plane", "--conf", "/data/conf" ] diff --git a/bitnami/chainloop-control-plane/0/debian-12/docker-compose.yml b/bitnami/chainloop-control-plane/0/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..e0fb168ee4b24 --- /dev/null +++ b/bitnami/chainloop-control-plane/0/debian-12/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + chainloop-control-plane: + image: docker.io/bitnami/chainloop-control-plane:0 diff --git a/bitnami/chainloop-control-plane/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/chainloop-control-plane/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..01dcac8d76275 --- /dev/null +++ b/bitnami/chainloop-control-plane/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "chainloop": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "0.151.0-0" + } +} \ No newline at end of file diff --git a/bitnami/aspnet-core/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/chainloop-control-plane/0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/aspnet-core/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/chainloop-control-plane/0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/aspnet-core/6/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/chainloop-control-plane/0/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/aspnet-core/6/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/chainloop-control-plane/0/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/aspnet-core/6/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/chainloop-control-plane/0/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/aspnet-core/6/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/chainloop-control-plane/0/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/chainloop-control-plane/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt b/bitnami/chainloop-control-plane/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt new file mode 100644 index 0000000000000..2d584626cce62 --- /dev/null +++ b/bitnami/chainloop-control-plane/0/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt @@ -0,0 +1,3864 @@ +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx +CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp +ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa +QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw +NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft +ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu +QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG +qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL +fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ +Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4 +Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ +54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b +MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j +ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej +YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt +A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF +rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ +pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB +lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy +YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50 +7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs +YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6 +xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc +unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/ +Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp +ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42 +gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0 +jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+ +XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD +W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/ +RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r +MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk +BYn8eNZcLCZDqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw +MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD +VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul +CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n +tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl +dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch +PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC ++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O +BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk +ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X +7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz +43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl +pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA +WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg +b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB +ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw +IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B +AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb +unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d +BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq +7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 +0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX +roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG +A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j +aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p +26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA +BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud +EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN +BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB +AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd +p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi +1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc +XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 +eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu +tGWaIZDgqtCYvDi1czyL+Nw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo +YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 +MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy +NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G +A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA +A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 +Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s +QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV +eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 +B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh +z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T +AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i +ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w +TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH +MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD +VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE +VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B +AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM +bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi +ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG +VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c +ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ +AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb +BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz +MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx +FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g +Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 +fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl +LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV +WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF +TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb +5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc +CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri +wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ +wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG +m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 +F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng +WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 +2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF +AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ +0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw +F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS +g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj +qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN +h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ +ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V +btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj +Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ +8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW +gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw +PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz +cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 +MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz +IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ +ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR +VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL +kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd +EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas +H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 +HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud +DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 +QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu +Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ +AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 +yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR +FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA +ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB +kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a +iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt +6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP +0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f +6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE +EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN +1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc +h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT +mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV +4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO +WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd +Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq +hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh +66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 +/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS +S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j +2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R +Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr +RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy +6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV +V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 +g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl +++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat +93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x +Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj +FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG +SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch +p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal +U5ORGpOucGpnutee5WEaXw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E +jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo +ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI +ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu +Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg +AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 +HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA +uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa +TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg +xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q +CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x +O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs +6GAqm4VKQPNriiTsBhYscw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB +gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu +QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG +A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz +OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ +VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 +b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA +DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn +0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB +OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE +fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E +Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m +o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i +sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW +OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez +Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS +adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n +3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ +F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf +CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 +XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm +djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ +WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb +AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq +P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko +b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj +XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P +5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi +DrW5viSP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz +IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz +MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw +EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 +28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq +VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q +DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR +5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL +ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a +Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl +UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s ++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 +Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx +hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV +HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 ++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t +L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy +ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt +IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV +HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w +DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW +PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF +5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 +glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH +FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 +pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD +xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG +tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq +jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De +fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ +d0jQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 +MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG +EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT +CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK +8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 +98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb +2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC +ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi +Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB +o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl +ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD +AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL +AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd +foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M +cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq +8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp +hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk +Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U +AGegcQCCSA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD +QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD +VQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMR8wHQYDVQQDDBZELVRSVVNU +IFJvb3QgQ0EgMyAyMDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +xHtCkoIf7O1UmI4SwMoJ35NuOpNcG+QQd55OaYhs9uFp8vabomGxvQcgdJhl8Ywm +CM2oNcqANtFjbehEeoLDbF7eu+g20sRoNoyfMr2EIuDcwu4QRjltr5M5rofmw7wJ +ySxrZ1vZm3Z1TAvgu8XXvD558l++0ZBX+a72Zl8xv9Ntj6e6SvMjZbu376Ml1wrq +WLbviPr6ebJSWNXwrIyhUXQplapRO5AyA58ccnSQ3j3tYdLl4/1kR+W5t0qp9x+u +loYErC/jpIF3t1oW/9gPP/a3eMykr/pbPBJbqFKJcu+I89VEgYaVI5973bzZNO98 +lDyqwEHC451QGsDkGSL8swIDAQABo4IBBTCCAQEwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUP5DIfccVb/Mkj6nDL0uiDyGyL+cwDgYDVR0PAQH/BAQDAgEGMIG+ +BgNVHR8EgbYwgbMwdKByoHCGbmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv +Q049RC1UUlVTVCUyMFJvb3QlMjBDQSUyMDMlMjAyMDEzLE89RC1UcnVzdCUyMEdt +YkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MDugOaA3hjVodHRwOi8v +Y3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2FfM18yMDEzLmNybDAN +BgkqhkiG9w0BAQsFAAOCAQEADlkOWOR0SCNEzzQhtZwUGq2aS7eziG1cqRdw8Cqf +jXv5e4X6xznoEAiwNStfzwLS05zICx7uBVSuN5MECX1sj8J0vPgclL4xAUAt8yQg +t4RVLFzI9XRKEBmLo8ftNdYJSNMOwLo5qLBGArDbxohZwr78e7Erz35ih1WWzAFv +m2chlTWL+BD8cRu3SzdppjvW7IvuwbDzJcmPkn2h6sPKRL8mpXSSnON065102ctN +h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln +tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc +MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj +IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB +IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE +RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl +U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 +IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU +ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC +QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr +rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S +NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc +QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH +txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP +BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp +tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa +IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl +6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ +xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG +CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy +MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl +ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS +b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy +euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO +bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw +WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d +MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE +1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ +zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB +BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF +BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV +v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG +E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW +iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v +GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy +c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 +IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV +VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 +cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT +QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh +F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v +c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w +mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd +VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX +teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ +f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe +Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ +nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY +MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX +IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn +ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z +uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN +Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja +QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW +koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 +ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt +DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm +bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy +c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD +VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 +c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 +WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG +FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq +XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL +se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb +KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd +IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 +y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt +hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc +QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 +Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV +HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ +KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ +L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr +Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo +ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY +T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz +GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m +1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV +OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH +6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX +QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx +MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy +cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG +A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl +BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed +KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 +G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 +zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 +ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG +HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 +Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V +yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e +beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r +6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog +zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW +BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr +ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp +ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk +cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt +YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC +CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow +KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI +hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ +UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz +X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x +fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz +a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd +Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd +SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O +AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso +M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge +v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL +BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV +BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw +MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B +LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F +ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem +hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 +EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn +Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 +zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ +96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m +j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g +DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ +8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j +X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH +hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB +KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 +Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT ++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL +BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 +BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO +jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 +loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c +qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ +2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ +JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre +zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf +LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ +x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 +oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB +ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly +aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w +NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G +A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX +SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR +VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 +w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF +mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg +4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 +4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx +SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 +ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 +vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi +Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ +/L7fCg0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b +wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX +/uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0 +77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP +uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx +p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx +Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2 +TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W +G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw +vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY +EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1 +2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw +DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E +PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf +gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS +FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0 +V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P +XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I +i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t +TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91 +09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky +Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ +AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj +1oxx +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh +/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e +CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 +1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE +FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS +gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X +G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy +YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH +vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 +t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ +gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 +5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w +DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz +Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 +nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT +RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT +wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 +t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa +TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 +o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU +3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA +iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f +WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM +S1IK +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx +CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U +cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow +QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl +blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm +3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d +oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 +DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK +BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q +j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx +4nxp5V2a+EEfOzmTk51V6s2N8fvB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2DCCAsCgAwIBAgIQYFbFSyNAW2TU7SXa2dYeHjANBgkqhkiG9w0BAQsFADCB +hTELMAkGA1UEBhMCREUxKTAnBgNVBAoTIERldXRzY2hlciBTcGFya2Fzc2VuIFZl +cmxhZyBHbWJIMScwJQYDVQQLEx5TLVRSVVNUIENlcnRpZmljYXRpb24gU2Vydmlj +ZXMxIjAgBgNVBAMTGVMtVFJVU1QgVW5pdmVyc2FsIFJvb3QgQ0EwHhcNMTMxMDIy +MDAwMDAwWhcNMzgxMDIxMjM1OTU5WjCBhTELMAkGA1UEBhMCREUxKTAnBgNVBAoT +IERldXRzY2hlciBTcGFya2Fzc2VuIFZlcmxhZyBHbWJIMScwJQYDVQQLEx5TLVRS +VVNUIENlcnRpZmljYXRpb24gU2VydmljZXMxIjAgBgNVBAMTGVMtVFJVU1QgVW5p +dmVyc2FsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo +4wvfETeFgpq1bGZ8YT/ARxodRuOwVWTluII5KAd+F//0m4rwkYHqOD8heGxI7Gsv +otOKcrKn19nqf7TASWswJYmM67fVQGGY4tw8IJLNZUpynxqOjPolFb/zIYMoDYuv +WRGCQ1ybTSVRf1gYY2A7s7WKi1hjN0hIkETCQN1d90NpKZhcEmVeq5CSS2bf1XUS +U1QYpt6K1rtXAzlZmRgFDPn9FcaQZEYXgtfCSkE9/QC+V3IYlHcbU1qJAfYzcg6T +OtzoHv0FBda8c+CI3KtP7LUYhk95hA5IKmYq3TLIeGXIC51YAQVx7YH1aBduyw20 +S9ih7K446xxYL6FlAzQvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBSafdfr639UmEUptCCrbQuWIxmkwjANBgkqhkiG +9w0BAQsFAAOCAQEATpYS2353XpInniEXGIJ22D+8pQkEZoiJrdtVszNqxmXEj03z +MjbceQSWqXcy0Zf1GGuMuu3OEdBEx5LxtESO7YhSSJ7V/Vn4ox5R+wFS5V/let2q +JE8ii912RvaloA812MoPmLkwXSBvwoEevb3A/hXTOCoJk5gnG5N70Cs0XmilFU/R +UsOgyqCDRR319bdZc11ZAY+qwkcvFHHVKeMQtUeTJcwjKdq3ctiR1OwbSIoi5MEq +9zpok59FGW5Dt8z+uJGaYRo2aWNkkijzb2GShROfyQcsi1fc65551cLeCNVUsldO +KjKNoeI60RAgIjl9NEVvcTvDHfz/sk+o4vYwHg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 +ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw +NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg +Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN +QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT +3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw +3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 +3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 +BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN +XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF +AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw +8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG +nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP +oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy +d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg +LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y +MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg +TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS +b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS +M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC +UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d +Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p +rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l +pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb +j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC +KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS +/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X +cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH +1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP +px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 +MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u +2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS +v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC +wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy +CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e +vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 +Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa +Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL +eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 +FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc +7uzXLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX +DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP +cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW +IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX +xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy +KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR +9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az +5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 +6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 +Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP +bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt +BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt +XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd +INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD +U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp +LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 +Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp +gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh +/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw +0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A +fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq +4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR +1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ +QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM +94B7IWcnMFk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu +IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw +WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD +ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y +IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn +IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ +6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob +jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw +izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl ++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY +zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP +pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF +KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW +ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB +AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 +ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW +IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA +A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 +uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ +FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 +jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ +u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D +YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 +puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa +icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG +DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x +kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z +Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr +jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r +0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f +2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP +ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF +y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA +tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL +6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 +uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL +acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh +k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q +VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O +BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh +b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R +fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv +/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI +REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx +srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv +aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT +woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n +Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W +t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N +8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 +9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 +wSsSnqaeG8XmDtkx2Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQIW4zpcvTiKRvKQe0JzzE2DAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAxIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATXZrUb266zYO5G6ohjdTsqlG3zXxL24w+etgoUU0hS +yNw6s8tIICYSTvqJhNTfkeQpfSgB2dsYQ2mhH7XThhbcx39nI9/fMTGDAzVwsUu3 +yBe7UcvclBfb6gk7dhLeqrWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRlwI0l9Qy6l3eQP54u4Fr1ztXh5DAKBggqhkjOPQQD +AwNpADBmAjEApa7jRlP4mDbjIvouKEkN7jB+M/PsP3FezFWJeJmssv3cHFwzjim5 +axfIEWi13IMHAjEAnMhE2mnCNsNUGRCFAtqdR+9B52wmnQk9922Q0QVEL7C8g5No +8gxFSTm/mQQc0xCg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD +6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o +ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH +w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn +r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP +N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX +tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP +4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q +dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz +5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA +DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 +0jPg/73RVDkpDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQNBdlEkA7t1aALYDLeVWmHjAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAyIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATR2UqOTA2ESlG6fO/TzPo6mrWnYxM9AeBJPvrBR8mS +szrX/m+c95o6D/UOCgrDP8jnEhSO1dVtmCyzcTIK6yq99tdqIAtnRZzSsr9TImYJ +XdsR8/EFM1ij4rjPfM2Cm72jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBQ9MvM6qQyQhPmijGkGYVQvh3L+BTAKBggqhkjOPQQD +AwNpADBmAjEAyKapr0F/tckRQhZoaUxcuCcYtpjxwH+QbYfTjEYX8D5P/OqwCMR6 +S7wIL8fip29lAjEA1lnehs5fDspU1cbQFQ78i5Ry1I4AWFPPfrFLDeVQhuuea9// +KabYR9mglhjb8kWz +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn +V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs +ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx ++FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y +KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN +KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW +tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L +0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 +bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 +Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm +KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ +b/xa5IJVWa8xqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL +MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV +BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 +Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1 +OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i +SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc +VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW +Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q +Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2 +1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq +ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1 +Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX +XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy +dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6 +Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz +JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 +Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u +TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN +irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8 +TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6 +g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB +95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj +S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ +MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR +IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q +gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy +yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts +F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 +jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx +ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC +VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK +YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH +EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN +Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud +DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE +MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK +UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf +qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK +ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE +JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 +hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 +EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm +nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX +udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz +ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe +LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl +pYYsfPQS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y +IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig +RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb +3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA +BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 +3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou +owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ +wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF +ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf +BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv +civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 +AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 +soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI +WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi +tJ/X5g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y +IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB +pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h +IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG +A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU +cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid +RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V +seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme +9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV +EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW +hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ +DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD +ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I +/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ +yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts +L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN +zl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig +Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk +MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg +Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD +VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ +QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq +1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp +2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK +DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape +az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF +3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 +oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM +g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 +mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd +BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U +nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw +DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX +dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ +MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL +/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX +CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa +ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW +2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 +N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 +Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB +As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp +5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu +1uwJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL +ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx +MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc +MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ +AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH +iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj +vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA +0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB +OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ +BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E +FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 +GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW +zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 +1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE +f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F +jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN +ZetX2fNXlrtIzYE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE +BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn +aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg +QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg +SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0 +MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD +VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 +dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom +/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR +Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3 +4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z +5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0 +hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID +AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX +SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l +VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq +URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf +peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF +Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW ++qtB4Uu2NQvAmxU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB +rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt +Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa +Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV +BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l +dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE +AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B +YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9 +hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l +L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm +SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM +1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws +6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw +Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50 +aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH +AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u +7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0 +xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ +rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim +eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk +USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 +IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y +IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh +bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF +9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH +H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H +LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN +/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT +rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw +WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs +exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 +sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ +seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz +4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ +BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR +lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 +7M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 +nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO +8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV +ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb +PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 +6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr +n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a +qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 +wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 +ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs +pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 +E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp +Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g +Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU +J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO +JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY +wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o +koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN +qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E +Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe +xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u +7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU +sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI +sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP +cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw +CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h +dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l +cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h +2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E +lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV +ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq +299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t +vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL +dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF +AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR +zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 +LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd +7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw +++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp +IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi +BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw +MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig +YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v +dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ +BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 +papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K +DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 +KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox +XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- diff --git a/bitnami/chainloop-control-plane/0/debian-12/tags-info.yaml b/bitnami/chainloop-control-plane/0/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..c99aab0e030bb --- /dev/null +++ b/bitnami/chainloop-control-plane/0/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "0" +- 0-debian-12 +- 0.151.0 +- latest diff --git a/bitnami/chainloop-control-plane/README.md b/bitnami/chainloop-control-plane/README.md new file mode 100644 index 0000000000000..a152c62b07b4e --- /dev/null +++ b/bitnami/chainloop-control-plane/README.md @@ -0,0 +1,101 @@ +# Bitnami package for Chainloop + +## What is Chainloop? + +> Chainloop is an open-source Software Supply Chain control plane, a single source of truth for metadata and artifacts, plus a declarative attestation process. + +[Overview of Chainloop](https://chainloop.dev) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name chainloop-control-plane bitnami/chainloop-control-plane:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Chainloop in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Why use a non-root container? + +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Chainloop Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/chainloop-control-plane). + +```console +docker pull bitnami/chainloop-control-plane:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/chainloop-control-plane/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/chainloop-control-plane:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `chainloop-control-plane help` you can follow the example below: + +```console +docker run --rm --name chainloop-control-plane bitnami/chainloop-control-plane:latest help +``` + +Check the [official Chainloop documentation](https://github.com/chainloop-dev/chainloop/tree/main/app/controlplane) for more information about configuration options. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/chainloop-control-plane/docker-compose.yml b/bitnami/chainloop-control-plane/docker-compose.yml new file mode 100644 index 0000000000000..e0fb168ee4b24 --- /dev/null +++ b/bitnami/chainloop-control-plane/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + chainloop-control-plane: + image: docker.io/bitnami/chainloop-control-plane:0 diff --git a/bitnami/charts-syncer/2/debian-12/Dockerfile b/bitnami/charts-syncer/2/debian-12/Dockerfile new file mode 100644 index 0000000000000..10087c1c38c1a --- /dev/null +++ b/bitnami/charts-syncer/2/debian-12/Dockerfile @@ -0,0 +1,60 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm as builder + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +ENV OS_ARCH="${TARGETARCH:-amd64}" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] + +# Install required system packages and dependencies +RUN install_packages ca-certificates curl +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "charts-syncer-2.0.2-4-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done + +###### + +FROM scratch + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +ENV OS_ARCH="${TARGETARCH:-amd64}" + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="scratch" \ + org.opencontainers.image.created="2025-01-02T20:16:41Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="2.0.2-debian-12-r5" \ + org.opencontainers.image.title="charts-syncer" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="2.0.2" + +COPY prebuildfs / +COPY rootfs / +COPY --from=builder /opt/bitnami/charts-syncer/bin/charts-syncer /charts-syncer +COPY --from=builder /opt/bitnami/charts-syncer/.spdx-charts-syncer.spdx /opt/bitnami/charts-syncer/.spdx-charts-syncer.spdx +COPY --from=builder /opt/bitnami/charts-syncer/licenses /opt/bitnami/charts-syncer/licenses + +ENV APP_VERSION="2.0.2" \ + BITNAMI_APP_NAME="charts-syncer" + +USER 1001 + +CMD [ "/charts-syncer" ] diff --git a/bitnami/charts-syncer/2/debian-12/docker-compose.yml b/bitnami/charts-syncer/2/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..ee62050bda84c --- /dev/null +++ b/bitnami/charts-syncer/2/debian-12/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + charts-syncer: + image: docker.io/bitnami/charts-syncer:2 diff --git a/bitnami/charts-syncer/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/charts-syncer/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..064a5c02665c3 --- /dev/null +++ b/bitnami/charts-syncer/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "charts-syncer": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "2.0.2-4" + } +} \ No newline at end of file diff --git a/bitnami/aws-cli/1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/charts-syncer/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/aws-cli/1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/charts-syncer/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/aws-cli/1/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/charts-syncer/2/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/aws-cli/1/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/charts-syncer/2/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/aws-cli/1/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/charts-syncer/2/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/aws-cli/1/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/charts-syncer/2/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/charts-syncer/2/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt b/bitnami/charts-syncer/2/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt new file mode 100644 index 0000000000000..2d584626cce62 --- /dev/null +++ b/bitnami/charts-syncer/2/debian-12/rootfs/etc/ssl/certs/ca-certificates.crt @@ -0,0 +1,3864 @@ +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx +CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp +ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa +QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw +NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft +ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu +QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG +qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL +fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ +Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4 +Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ +54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b +MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j +ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej +YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt +A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF +rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ +pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB +lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy +YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50 +7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs +YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6 +xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc +unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/ +Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp +ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42 +gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0 +jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+ +XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD +W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/ +RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r +MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk +BYn8eNZcLCZDqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw +MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD +VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul +CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n +tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl +dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch +PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC ++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O +BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk +ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X +7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz +43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl +pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA +WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg +b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB +ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw +IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B +AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb +unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d +BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq +7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 +0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX +roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG +A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j +aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p +26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA +BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud +EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN +BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB +AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd +p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi +1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc +XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 +eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu +tGWaIZDgqtCYvDi1czyL+Nw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo +YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 +MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy +NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G +A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA +A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 +Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s +QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV +eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 +B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh +z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T +AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i +ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w +TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH +MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD +VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE +VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B +AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM +bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi +ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG +VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c +ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ +AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb +BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz +MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx +FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g +Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 +fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl +LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV +WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF +TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb +5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc +CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri +wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ +wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG +m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 +F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng +WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 +2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF +AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ +0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw +F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS +g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj +qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN +h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ +ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V +btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj +Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ +8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW +gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw +PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz +cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 +MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz +IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ +ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR +VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL +kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd +EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas +H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 +HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud +DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 +QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu +Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ +AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 +yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR +FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA +ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB +kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a +iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt +6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP +0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f +6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE +EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN +1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc +h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT +mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV +4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO +WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd +Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq +hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh +66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 +/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS +S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j +2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R +Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr +RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy +6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV +V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 +g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl +++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat +93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x +Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj +FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG +SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch +p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal +U5ORGpOucGpnutee5WEaXw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E +jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo +ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI +ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu +Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg +AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 +HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA +uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa +TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg +xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q +CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x +O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs +6GAqm4VKQPNriiTsBhYscw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB +gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu +QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG +A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz +OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ +VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 +b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA +DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn +0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB +OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE +fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E +Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m +o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i +sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW +OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez +Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS +adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n +3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ +F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf +CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 +XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm +djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ +WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb +AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq +P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko +b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj +XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P +5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi +DrW5viSP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz +IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz +MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw +EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 +28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq +VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q +DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR +5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL +ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a +Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl +UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s ++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 +Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx +hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV +HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 ++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t +L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy +ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt +IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV +HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w +DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW +PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF +5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 +glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH +FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 +pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD +xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG +tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq +jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De +fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ +d0jQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 +MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG +EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT +CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK +8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 +98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb +2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC +ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi +Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB +o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl +ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD +AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL +AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd +foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M +cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq +8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp +hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk +Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U +AGegcQCCSA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD +QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD +VQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMR8wHQYDVQQDDBZELVRSVVNU +IFJvb3QgQ0EgMyAyMDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +xHtCkoIf7O1UmI4SwMoJ35NuOpNcG+QQd55OaYhs9uFp8vabomGxvQcgdJhl8Ywm +CM2oNcqANtFjbehEeoLDbF7eu+g20sRoNoyfMr2EIuDcwu4QRjltr5M5rofmw7wJ +ySxrZ1vZm3Z1TAvgu8XXvD558l++0ZBX+a72Zl8xv9Ntj6e6SvMjZbu376Ml1wrq +WLbviPr6ebJSWNXwrIyhUXQplapRO5AyA58ccnSQ3j3tYdLl4/1kR+W5t0qp9x+u +loYErC/jpIF3t1oW/9gPP/a3eMykr/pbPBJbqFKJcu+I89VEgYaVI5973bzZNO98 +lDyqwEHC451QGsDkGSL8swIDAQABo4IBBTCCAQEwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUP5DIfccVb/Mkj6nDL0uiDyGyL+cwDgYDVR0PAQH/BAQDAgEGMIG+ +BgNVHR8EgbYwgbMwdKByoHCGbmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv +Q049RC1UUlVTVCUyMFJvb3QlMjBDQSUyMDMlMjAyMDEzLE89RC1UcnVzdCUyMEdt +YkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MDugOaA3hjVodHRwOi8v +Y3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2FfM18yMDEzLmNybDAN +BgkqhkiG9w0BAQsFAAOCAQEADlkOWOR0SCNEzzQhtZwUGq2aS7eziG1cqRdw8Cqf +jXv5e4X6xznoEAiwNStfzwLS05zICx7uBVSuN5MECX1sj8J0vPgclL4xAUAt8yQg +t4RVLFzI9XRKEBmLo8ftNdYJSNMOwLo5qLBGArDbxohZwr78e7Erz35ih1WWzAFv +m2chlTWL+BD8cRu3SzdppjvW7IvuwbDzJcmPkn2h6sPKRL8mpXSSnON065102ctN +h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln +tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc +MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj +IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB +IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE +RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl +U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 +IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU +ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC +QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr +rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S +NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc +QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH +txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP +BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp +tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa +IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl +6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ +xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG +CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy +MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl +ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS +b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy +euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO +bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw +WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d +MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE +1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ +zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB +BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF +BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV +v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG +E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW +iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v +GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy +c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 +IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV +VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 +cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT +QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh +F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v +c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w +mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd +VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX +teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ +f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe +Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ +nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY +MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX +IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn +ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z +uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN +Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja +QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW +koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 +ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt +DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm +bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy +c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD +VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 +c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 +WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG +FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq +XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL +se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb +KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd +IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 +y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt +hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc +QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 +Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV +HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ +KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ +L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr +Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo +ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY +T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz +GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m +1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV +OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH +6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX +QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx +MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy +cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG +A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl +BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed +KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 +G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 +zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 +ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG +HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 +Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V +yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e +beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r +6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog +zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW +BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr +ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp +ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk +cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt +YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC +CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow +KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI +hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ +UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz +X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x +fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz +a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd +Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd +SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O +AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso +M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge +v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL +BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV +BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw +MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B +LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F +ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem +hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 +EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn +Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 +zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ +96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m +j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g +DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ +8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j +X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH +hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB +KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 +Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT ++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL +BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 +BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO +jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 +loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c +qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ +2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ +JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre +zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf +LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ +x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 +oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB +ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly +aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w +NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G +A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX +SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR +VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 +w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF +mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg +4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 +4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx +SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 +ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 +vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi +Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ +/L7fCg0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b +wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX +/uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0 +77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP +uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx +p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx +Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2 +TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W +G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw +vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY +EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1 +2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw +DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E +PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf +gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS +FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0 +V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P +XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I +i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t +TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91 +09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky +Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ +AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj +1oxx +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh +/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e +CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 +1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE +FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS +gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X +G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy +YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH +vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 +t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ +gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 +5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w +DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz +Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 +nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT +RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT +wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 +t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa +TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 +o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU +3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA +iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f +WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM +S1IK +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx +CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U +cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow +QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl +blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm +3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d +oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 +DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK +BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q +j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx +4nxp5V2a+EEfOzmTk51V6s2N8fvB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2DCCAsCgAwIBAgIQYFbFSyNAW2TU7SXa2dYeHjANBgkqhkiG9w0BAQsFADCB +hTELMAkGA1UEBhMCREUxKTAnBgNVBAoTIERldXRzY2hlciBTcGFya2Fzc2VuIFZl +cmxhZyBHbWJIMScwJQYDVQQLEx5TLVRSVVNUIENlcnRpZmljYXRpb24gU2Vydmlj +ZXMxIjAgBgNVBAMTGVMtVFJVU1QgVW5pdmVyc2FsIFJvb3QgQ0EwHhcNMTMxMDIy +MDAwMDAwWhcNMzgxMDIxMjM1OTU5WjCBhTELMAkGA1UEBhMCREUxKTAnBgNVBAoT +IERldXRzY2hlciBTcGFya2Fzc2VuIFZlcmxhZyBHbWJIMScwJQYDVQQLEx5TLVRS +VVNUIENlcnRpZmljYXRpb24gU2VydmljZXMxIjAgBgNVBAMTGVMtVFJVU1QgVW5p +dmVyc2FsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo +4wvfETeFgpq1bGZ8YT/ARxodRuOwVWTluII5KAd+F//0m4rwkYHqOD8heGxI7Gsv +otOKcrKn19nqf7TASWswJYmM67fVQGGY4tw8IJLNZUpynxqOjPolFb/zIYMoDYuv +WRGCQ1ybTSVRf1gYY2A7s7WKi1hjN0hIkETCQN1d90NpKZhcEmVeq5CSS2bf1XUS +U1QYpt6K1rtXAzlZmRgFDPn9FcaQZEYXgtfCSkE9/QC+V3IYlHcbU1qJAfYzcg6T +OtzoHv0FBda8c+CI3KtP7LUYhk95hA5IKmYq3TLIeGXIC51YAQVx7YH1aBduyw20 +S9ih7K446xxYL6FlAzQvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBSafdfr639UmEUptCCrbQuWIxmkwjANBgkqhkiG +9w0BAQsFAAOCAQEATpYS2353XpInniEXGIJ22D+8pQkEZoiJrdtVszNqxmXEj03z +MjbceQSWqXcy0Zf1GGuMuu3OEdBEx5LxtESO7YhSSJ7V/Vn4ox5R+wFS5V/let2q +JE8ii912RvaloA812MoPmLkwXSBvwoEevb3A/hXTOCoJk5gnG5N70Cs0XmilFU/R +UsOgyqCDRR319bdZc11ZAY+qwkcvFHHVKeMQtUeTJcwjKdq3ctiR1OwbSIoi5MEq +9zpok59FGW5Dt8z+uJGaYRo2aWNkkijzb2GShROfyQcsi1fc65551cLeCNVUsldO +KjKNoeI60RAgIjl9NEVvcTvDHfz/sk+o4vYwHg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 +ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw +NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg +Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN +QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT +3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw +3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 +3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 +BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN +XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF +AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw +8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG +nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP +oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy +d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg +LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y +MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg +TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS +b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS +M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC +UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d +Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p +rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l +pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb +j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC +KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS +/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X +cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH +1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP +px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 +MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u +2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS +v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC +wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy +CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e +vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 +Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa +Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL +eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 +FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc +7uzXLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX +DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP +cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW +IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX +xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy +KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR +9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az +5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 +6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 +Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP +bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt +BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt +XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd +INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD +U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp +LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 +Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp +gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh +/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw +0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A +fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq +4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR +1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ +QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM +94B7IWcnMFk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu +IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw +WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD +ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y +IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn +IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ +6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob +jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw +izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl ++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY +zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP +pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF +KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW +ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB +AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 +ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW +IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA +A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 +uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ +FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 +jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ +u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D +YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 +puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa +icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG +DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x +kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z +Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr +jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r +0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f +2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP +ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF +y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA +tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL +6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 +uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL +acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh +k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q +VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O +BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh +b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R +fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv +/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI +REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx +srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv +aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT +woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n +Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W +t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N +8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 +9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 +wSsSnqaeG8XmDtkx2Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQIW4zpcvTiKRvKQe0JzzE2DAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAxIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATXZrUb266zYO5G6ohjdTsqlG3zXxL24w+etgoUU0hS +yNw6s8tIICYSTvqJhNTfkeQpfSgB2dsYQ2mhH7XThhbcx39nI9/fMTGDAzVwsUu3 +yBe7UcvclBfb6gk7dhLeqrWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRlwI0l9Qy6l3eQP54u4Fr1ztXh5DAKBggqhkjOPQQD +AwNpADBmAjEApa7jRlP4mDbjIvouKEkN7jB+M/PsP3FezFWJeJmssv3cHFwzjim5 +axfIEWi13IMHAjEAnMhE2mnCNsNUGRCFAtqdR+9B52wmnQk9922Q0QVEL7C8g5No +8gxFSTm/mQQc0xCg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD +6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o +ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH +w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn +r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP +N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX +tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP +4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q +dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz +5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA +DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 +0jPg/73RVDkpDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICqDCCAi2gAwIBAgIQNBdlEkA7t1aALYDLeVWmHjAKBggqhkjOPQQDAzCBlDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBD +bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g +RzQwHhcNMTExMDA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBlDELMAkGA1UEBhMC +VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1h +bnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAyIFB1 +YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATR2UqOTA2ESlG6fO/TzPo6mrWnYxM9AeBJPvrBR8mS +szrX/m+c95o6D/UOCgrDP8jnEhSO1dVtmCyzcTIK6yq99tdqIAtnRZzSsr9TImYJ +XdsR8/EFM1ij4rjPfM2Cm72jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBQ9MvM6qQyQhPmijGkGYVQvh3L+BTAKBggqhkjOPQQD +AwNpADBmAjEAyKapr0F/tckRQhZoaUxcuCcYtpjxwH+QbYfTjEYX8D5P/OqwCMR6 +S7wIL8fip29lAjEA1lnehs5fDspU1cbQFQ78i5Ry1I4AWFPPfrFLDeVQhuuea9// +KabYR9mglhjb8kWz +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn +V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs +ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx ++FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y +KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN +KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW +tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L +0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 +bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 +Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm +KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ +b/xa5IJVWa8xqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL +MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV +BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 +Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1 +OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i +SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc +VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW +Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q +Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2 +1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq +ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1 +Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX +XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy +dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6 +Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz +JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 +Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u +TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN +irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8 +TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6 +g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB +95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj +S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ +MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR +IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q +gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy +yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts +F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 +jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx +ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC +VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK +YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH +EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN +Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud +DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE +MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK +UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf +qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK +ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE +JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 +hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 +EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm +nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX +udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz +ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe +LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl +pYYsfPQS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y +IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig +RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb +3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA +BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 +3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou +owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ +wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF +ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf +BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv +civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 +AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 +soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI +WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi +tJ/X5g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y +IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB +pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h +IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG +A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU +cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid +RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V +seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme +9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV +EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW +hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ +DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD +ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I +/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ +yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts +L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN +zl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig +Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk +MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg +Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD +VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ +QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq +1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp +2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK +DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape +az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF +3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 +oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM +g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 +mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd +BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U +nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw +DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX +dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ +MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL +/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX +CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa +ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW +2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 +N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 +Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB +As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp +5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu +1uwJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL +ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx +MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc +MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ +AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH +iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj +vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA +0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB +OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ +BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E +FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 +GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW +zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 +1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE +f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F +jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN +ZetX2fNXlrtIzYE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE +BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn +aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg +QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg +SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0 +MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD +VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 +dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF +bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom +/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR +Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3 +4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z +5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0 +hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID +AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX +SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l +VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq +URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf +peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF +Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW ++qtB4Uu2NQvAmxU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB +rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt +Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa +Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV +BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l +dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE +AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B +YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9 +hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l +L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm +SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM +1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws +6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw +Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50 +aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH +AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u +7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0 +xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ +rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim +eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk +USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 +IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y +IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh +bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF +9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH +H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H +LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN +/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT +rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw +WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs +exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 +sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ +seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz +4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ +BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR +lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 +7M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 +nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO +8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV +ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb +PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 +6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr +n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a +qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 +wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 +ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs +pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 +E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp +Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g +Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU +J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO +JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY +wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o +koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN +qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E +Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe +xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u +7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU +sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI +sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP +cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw +CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h +dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l +cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h +2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E +lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV +ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq +299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t +vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL +dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF +AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR +zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 +LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd +7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw +++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp +IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi +BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw +MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig +YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v +dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ +BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 +papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K +DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 +KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox +XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- diff --git a/bitnami/charts-syncer/2/debian-12/tags-info.yaml b/bitnami/charts-syncer/2/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..8bf1da0d1104b --- /dev/null +++ b/bitnami/charts-syncer/2/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "2" +- 2-debian-12 +- 2.0.2 +- latest diff --git a/bitnami/charts-syncer/README.md b/bitnami/charts-syncer/README.md new file mode 100644 index 0000000000000..ad24810fdfac0 --- /dev/null +++ b/bitnami/charts-syncer/README.md @@ -0,0 +1,101 @@ +# Bitnami package for charts-syncer + +## What is charts-syncer? + +> charts-syncer is a CLI that syncs chart packages and associated container images between chart repositories. + +[Overview of charts-syncer](https://github.com/bitnami/charts-syncer) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name charts-syncer bitnami/charts-syncer:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use charts-syncer in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Why use a non-root container? + +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami charts-syncer Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/charts-syncer). + +```console +docker pull bitnami/charts-syncer:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/charts-syncer/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/charts-syncer:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `charts-syncer help` you can follow the example below: + +```console +docker run --rm --name charts-syncer bitnami/charts-syncer:latest help +``` + +Check the [official charts-syncer documentation](https://github.com/bitnami/charts-syncer?tab=readme-ov-file#configuration/) for more information about configuration options. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/charts-syncer/docker-compose.yml b/bitnami/charts-syncer/docker-compose.yml new file mode 100644 index 0000000000000..ee62050bda84c --- /dev/null +++ b/bitnami/charts-syncer/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + charts-syncer: + image: docker.io/bitnami/charts-syncer:2 diff --git a/bitnami/cilium-operator/1/debian-12/Dockerfile b/bitnami/cilium-operator/1/debian-12/Dockerfile index a2c6aec280f3d..9665f71bef26e 100644 --- a/bitnami/cilium-operator/1/debian-12/Dockerfile +++ b/bitnami/cilium-operator/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-16T16:17:51Z" \ + org.opencontainers.image.created="2024-12-17T17:00:35Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cilium-operator/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.15.5-debian-12-r0" \ + org.opencontainers.image.ref.name="1.16.5-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cilium-operator" \ org.opencontainers.image.title="cilium-operator" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.15.5" + org.opencontainers.image.version="1.16.5" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "gops-0.3.28-1-linux-${OS_ARCH}-debian-12" \ - "cilium-operator-1.15.5-0-linux-${OS_ARCH}-debian-12" \ + "gops-0.3.28-11-linux-${OS_ARCH}-debian-12" \ + "cilium-operator-1.16.5-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.15.5" \ +ENV APP_VERSION="1.16.5" \ BITNAMI_APP_NAME="cilium-operator" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/cilium-operator/bin:$PATH" diff --git a/bitnami/cilium-operator/1/debian-12/docker-compose.yml b/bitnami/cilium-operator/1/debian-12/docker-compose.yml index d2833395c6512..36114893a6136 100644 --- a/bitnami/cilium-operator/1/debian-12/docker-compose.yml +++ b/bitnami/cilium-operator/1/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 - -version: "2" - + services: cilium: image: docker.io/bitnami/cilium-operator:1 diff --git a/bitnami/cilium-operator/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cilium-operator/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 65743f20ebf3c..7a58b6a23dc4a 100644 --- a/bitnami/cilium-operator/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cilium-operator/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.15.5-0" + "version": "1.16.5-0" }, "gops": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.3.28-1" + "version": "0.3.28-11" } } \ No newline at end of file diff --git a/bitnami/cilium-operator/1/debian-12/tags-info.yaml b/bitnami/cilium-operator/1/debian-12/tags-info.yaml index ab16c622736cf..70ac48a845f5b 100644 --- a/bitnami/cilium-operator/1/debian-12/tags-info.yaml +++ b/bitnami/cilium-operator/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.15.5 +- 1.16.5 - latest diff --git a/bitnami/cilium-operator/README.md b/bitnami/cilium-operator/README.md index 619ed5954ad93..2984f2c6aa6a9 100644 --- a/bitnami/cilium-operator/README.md +++ b/bitnami/cilium-operator/README.md @@ -22,15 +22,21 @@ docker run --name cilium-operator bitnami/cilium-operator:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Cilium Operator in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Cilium Operator in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/cilium-operator/docker-compose.yml b/bitnami/cilium-operator/docker-compose.yml index d2833395c6512..36114893a6136 100644 --- a/bitnami/cilium-operator/docker-compose.yml +++ b/bitnami/cilium-operator/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 - -version: "2" - + services: cilium: image: docker.io/bitnami/cilium-operator:1 diff --git a/bitnami/cilium-proxy/1.29/debian-12/Dockerfile b/bitnami/cilium-proxy/1.29/debian-12/Dockerfile new file mode 100644 index 0000000000000..859fc996df648 --- /dev/null +++ b/bitnami/cilium-proxy/1.29/debian-12/Dockerfile @@ -0,0 +1,58 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-02T21:52:50Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cilium-proxy/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="1.29.10-debian-12-r4" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cilium-proxy" \ + org.opencontainers.image.title="cilium-proxy" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="1.29.10" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl libgcc-s1 procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "cilium-proxy-1.29.10-2-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +ENV APP_VERSION="1.29.10" \ + BITNAMI_APP_NAME="cilium-proxy" \ + PATH="/opt/bitnami/cilium-proxy/bin:$PATH" + +EXPOSE 9878 9964 + +WORKDIR /opt/bitnami/cilium-proxy +USER 1001 +ENTRYPOINT [ "/opt/bitnami/cilium-proxy/bin/cilium-envoy" ] +CMD [ "help" ] diff --git a/bitnami/cilium-proxy/1.29/debian-12/docker-compose.yml b/bitnami/cilium-proxy/1.29/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..6aa3263e19256 --- /dev/null +++ b/bitnami/cilium-proxy/1.29/debian-12/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + cilium-proxy: + image: docker.io/bitnami/cilium-proxy:1.29 diff --git a/bitnami/cilium-proxy/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cilium-proxy/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..2ad130bc10859 --- /dev/null +++ b/bitnami/cilium-proxy/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "cilium-proxy": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.29.10-2" + } +} \ No newline at end of file diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/cilium-proxy/1.29/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/cilium-proxy/1.29/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/cilium-proxy/1.29/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/cilium-proxy/1.29/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/cilium-proxy/1.29/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/cilium-proxy/1.29/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/cilium-proxy/1.29/debian-12/tags-info.yaml b/bitnami/cilium-proxy/1.29/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..8fc764c545518 --- /dev/null +++ b/bitnami/cilium-proxy/1.29/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "1.29" +- 1.29-debian-12 +- 1.29.10 +- latest diff --git a/bitnami/cilium-proxy/README.md b/bitnami/cilium-proxy/README.md new file mode 100644 index 0000000000000..c4796248b2212 --- /dev/null +++ b/bitnami/cilium-proxy/README.md @@ -0,0 +1,107 @@ +# Bitnami package for Cilium Proxy + +## What is Cilium Proxy? + +> Cilium Proxy ships Envoy with minimal extensions and Cilium policy enforcement filters. + +[Overview of Cilium Proxy](https://cilium.io/) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name cilium-proxy bitnami/cilium-proxy:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Cilium Proxy in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## How to deploy Cilium Proxy in Kubernetes? + +Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami Cilium Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/cilium). + +Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Why use a non-root container? + +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Cilium Proxy Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/cilium-proxy). + +```console +docker pull bitnami/cilium-proxy:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/cilium-proxy/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/cilium-proxy:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `cilium-envoy help` you can follow the example below: + +```console +docker run --rm --name cilium-proxy bitnami/cilium-proxy:latest help +``` + +Check the [official Cilium Proxy documentation](https://docs.cilium.io/en/stable/security/network/proxy/envoy/) for more information about configuration options. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/cilium-proxy/docker-compose.yml b/bitnami/cilium-proxy/docker-compose.yml new file mode 100644 index 0000000000000..6aa3263e19256 --- /dev/null +++ b/bitnami/cilium-proxy/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +services: + cilium-proxy: + image: docker.io/bitnami/cilium-proxy:1.29 diff --git a/bitnami/cilium/1/debian-12/Dockerfile b/bitnami/cilium/1/debian-12/Dockerfile index f5ed29aa5742f..8cf25d173b4a8 100644 --- a/bitnami/cilium/1/debian-12/Dockerfile +++ b/bitnami/cilium/1/debian-12/Dockerfile @@ -3,38 +3,42 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-06-04T09:01:54Z" \ + org.opencontainers.image.created="2025-01-07T18:26:50Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cilium/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.15.5-debian-12-r3" \ + org.opencontainers.image.ref.name="1.16.5-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cilium" \ org.opencontainers.image.title="cilium" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.15.5" + org.opencontainers.image.version="1.16.5" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ OS_FLAVOUR="debian-12" \ OS_NAME="linux" \ - PATH="/opt/bitnami/cilium/bin:$PATH" + PATH="/opt/bitnami/common/bin:/opt/bitnami/cilium/bin:$PATH" COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages bash-completion ca-certificates curl iproute2 ipset iptables procps +RUN install_packages bash-completion ca-certificates curl iproute2 ipset iptables libgcc-s1 libstdc++6 libtinfo6 nftables procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "cilium-1.15.5-2-linux-${OS_ARCH}-debian-12" \ + "llvm-18.1.8-1-linux-${OS_ARCH}-debian-12" \ + "gops-0.3.28-11-linux-${OS_ARCH}-debian-12" \ + "bpftool-7.5.0-0-linux-${OS_ARCH}-debian-12" \ + "cilium-1.16.5-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +51,7 @@ RUN chmod g+rwX /opt/bitnami COPY rootfs / RUN /opt/bitnami/scripts/cilium/postunpack.sh -ENV APP_VERSION="1.15.5" \ +ENV APP_VERSION="1.16.5" \ BITNAMI_APP_NAME="cilium" USER 1001 diff --git a/bitnami/cilium/1/debian-12/docker-compose.yml b/bitnami/cilium/1/debian-12/docker-compose.yml index ddc373893f7cf..74ec293307e45 100644 --- a/bitnami/cilium/1/debian-12/docker-compose.yml +++ b/bitnami/cilium/1/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 - -version: "2" - + services: cilium: image: docker.io/bitnami/cilium:1 diff --git a/bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 566f6468940d2..3f2c1cdc5b9a4 100644 --- a/bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -1,8 +1,26 @@ { + "bpftool": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "7.5.0-0" + }, "cilium": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.15.5-2" + "version": "1.16.5-1" + }, + "gops": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "0.3.28-11" + }, + "llvm": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "18.1.8-1" } } \ No newline at end of file diff --git a/bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium-env.sh b/bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium-env.sh index 7321b41c997c4..8b1cf0d491afc 100644 --- a/bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium-env.sh +++ b/bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium-env.sh @@ -44,8 +44,8 @@ unset cilium_env_vars # Paths export CILIUM_BASE_DIR="${BITNAMI_ROOT_DIR}/cilium" export CILIUM_BIN_DIR="${CILIUM_BASE_DIR}/bin" -export CILIUM_LIB_DIR="${CILIUM_BASE_DIR}/lib" -export CILIUM_RUN_DIR="${CILIUM_BASE_DIR}/run" +export CILIUM_LIB_DIR="${CILIUM_BASE_DIR}/var/lib" +export CILIUM_RUN_DIR="${CILIUM_BASE_DIR}/var/run" export CILIUM_CNI_BIN_DIR="${CILIUM_BASE_DIR}/cni/bin" # System users (when running with a privileged user) diff --git a/bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium/postunpack.sh b/bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium/postunpack.sh index 1084f98ff4357..44e2dacbf8f9b 100755 --- a/bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium/postunpack.sh +++ b/bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium/postunpack.sh @@ -17,7 +17,42 @@ if [[ "$(get_os_metadata --id)" != "photon" ]]; then cilium_bash_completion fi +# Ensure non-root user has write permissions on a set of directories +mv "${CILIUM_LIB_DIR}/cilium/bpf" "${CILIUM_LIB_DIR}/bpf" && rmdir "${CILIUM_LIB_DIR}/cilium" +for dir in "$CILIUM_LIB_DIR" "$CILIUM_RUN_DIR" ; do + ensure_dir_exists "$dir" + chmod -R g+rwX "$dir" +done # Add symlinks to the default paths to make a similar UX as the upstream Cilium configuration # https://github.com/cilium/cilium/blob/main/pkg/defaults/defaults.go ln -s "$CILIUM_LIB_DIR" "/var/lib/cilium" ln -s "$CILIUM_RUN_DIR" "/var/run/cilium" + +ALTERNATIVES_CMD=update-alternatives +if [ -x /usr/bin/alternatives ] || [ -x /usr/sbin/alternatives ]; then + # Fedora/SUSE style alternatives + ALTERNATIVES_CMD=alternatives +fi + +# Point the iptables binaries to iptables-wrapper +if "$ALTERNATIVES_CMD" 2>&1 | grep follower; then + # New version of command which uses follower + "$ALTERNATIVES_CMD" \ + --install /usr/sbin/iptables iptables /usr/sbin/iptables-wrapper 100 \ + --follower /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-wrapper \ + --follower /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-wrapper + "$ALTERNATIVES_CMD" \ + --install /usr/sbin/ip6tables ip6tables /usr/sbin/iptables-wrapper 100 \ + --follower /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/iptables-wrapper \ + --follower /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/iptables-wrapper +else + # Old version of command, which uses slave + "$ALTERNATIVES_CMD" \ + --install /usr/sbin/iptables iptables /usr/sbin/iptables-wrapper 100 \ + --slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-wrapper \ + --slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-wrapper + "$ALTERNATIVES_CMD" \ + --install /usr/sbin/ip6tables ip6tables /usr/sbin/iptables-wrapper 100 \ + --slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/iptables-wrapper \ + --slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/iptables-wrapper +fi diff --git a/bitnami/cilium/1/debian-12/rootfs/usr/sbin/iptables-wrapper b/bitnami/cilium/1/debian-12/rootfs/usr/sbin/iptables-wrapper new file mode 100755 index 0000000000000..66f15a68afb63 --- /dev/null +++ b/bitnami/cilium/1/debian-12/rootfs/usr/sbin/iptables-wrapper @@ -0,0 +1,83 @@ +#!/bin/bash + +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# Copyright 2020 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This is a variant of the original Kubernetes iptables-wrapper below: +# https://github.com/kubernetes-sigs/iptables-wrappers/blob/v2/iptables-wrapper-installer.sh +# Adapted to use bash interpreter and make it compatible with read-only +# root filesystems. + +# shellcheck disable=SC2126 + +set -o errexit +set -o nounset + +# In kubernetes 1.17 and later, kubelet will have created at least +# one chain in the "mangle" table (either "KUBE-IPTABLES-HINT" or +# "KUBE-KUBELET-CANARY"), so check that first, against +# iptables-nft, because we can check that more efficiently and +# it's more common these days. +nft_kubelet_rules=$( (iptables-nft-save -t mangle || true; ip6tables-nft-save -t mangle || true) 2>/dev/null | grep -E '^:(KUBE-IPTABLES-HINT|KUBE-KUBELET-CANARY)' | wc -l) +if [ "${nft_kubelet_rules}" -ne 0 ]; then + mode=nft +else + # Check for kubernetes 1.17-or-later with iptables-legacy. We + # can't pass "-t mangle" to iptables-legacy-save because it would + # cause the kernel to create that table if it didn't already + # exist, which we don't want. So we have to grab all the rules + legacy_kubelet_rules=$( (iptables-legacy-save || true; ip6tables-legacy-save || true) 2>/dev/null | grep -E '^:(KUBE-IPTABLES-HINT|KUBE-KUBELET-CANARY)' | wc -l) + if [ "${legacy_kubelet_rules}" -ne 0 ]; then + mode=legacy + else + # With older kubernetes releases there may not be any _specific_ + # rules we can look for, but we assume that some non-containerized process + # (possibly kubelet) will have created _some_ iptables rules. + num_legacy_lines=$( (iptables-legacy-save || true; ip6tables-legacy-save || true) 2>/dev/null | grep '^-' | wc -l) + num_nft_lines=$( (iptables-nft-save || true; ip6tables-nft-save || true) 2>/dev/null | grep '^-' | wc -l) + if [ "${num_legacy_lines}" -gt "${num_nft_lines}" ]; then + mode=legacy + else + mode=nft + fi + fi +fi + +original_command="$(basename "$0")" +# Update links to point to the selected binaries +if [ -x /usr/sbin/alternatives ]; then + # Fedora/SUSE style alternatives + alternatives --set iptables "/usr/sbin/iptables-${mode}" > /dev/null || failed=1 + if [ "${failed:-0}" = 1 ]; then + # Try the multi-binary if alternatives failed + exec "/usr/sbin/xtables-${mode}-multi" "$original_command" "$@" + fi +elif [ -x /usr/sbin/update-alternatives ] || [ -x /usr/bin/update-alternatives ]; then + # Debian style alternatives + update-alternatives --set iptables "/usr/sbin/iptables-${mode}" > /dev/null || failed=1 + update-alternatives --set ip6tables "/usr/sbin/ip6tables-${mode}" > /dev/null || failed=1 + if [ "${failed:-0}" = 1 ]; then + # Try the multi-binary if update-alternatives failed + exec "/usr/sbin/xtables-${mode}-multi" "$original_command" "$@" + fi +else + # Try the multi-binary + exec "/usr/sbin/xtables-${mode}-multi" "$original_command" "$@" +fi + +# Now re-exec the original command with the newly-selected alternative +exec "$original_command" "$@" diff --git a/bitnami/cilium/1/debian-12/tags-info.yaml b/bitnami/cilium/1/debian-12/tags-info.yaml index ab16c622736cf..70ac48a845f5b 100644 --- a/bitnami/cilium/1/debian-12/tags-info.yaml +++ b/bitnami/cilium/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.15.5 +- 1.16.5 - latest diff --git a/bitnami/cilium/README.md b/bitnami/cilium/README.md index 51d4949815539..cf5bfe5a30fae 100644 --- a/bitnami/cilium/README.md +++ b/bitnami/cilium/README.md @@ -22,15 +22,21 @@ docker run --name cilium bitnami/cilium:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Cilium in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Cilium in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -80,7 +86,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/cilium/docker-compose.yml b/bitnami/cilium/docker-compose.yml index ddc373893f7cf..74ec293307e45 100644 --- a/bitnami/cilium/docker-compose.yml +++ b/bitnami/cilium/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 - -version: "2" - + services: cilium: image: docker.io/bitnami/cilium:1 diff --git a/bitnami/clickhouse/23.8/debian-12/Dockerfile b/bitnami/clickhouse/23.8/debian-12/Dockerfile deleted file mode 100644 index b0f0870493956..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:07:47Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/clickhouse/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="23.8.14-debian-12-r2" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/clickhouse" \ - org.opencontainers.image.title="clickhouse" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="23.8.14" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps xmlstarlet -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "clickhouse-23.8.14-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/clickhouse/postunpack.sh -ENV APP_VERSION="23.8.14" \ - BITNAMI_APP_NAME="clickhouse" \ - PATH="/opt/bitnami/clickhouse/bin:/opt/bitnami/common/bin:$PATH" \ - clickhouseCTL_API="3" - -EXPOSE 8123 9000 9004 9005 9009 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/clickhouse/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/clickhouse/run.sh", "--", "--listen_host=0.0.0.0" ] diff --git a/bitnami/clickhouse/23.8/debian-12/docker-compose.yml b/bitnami/clickhouse/23.8/debian-12/docker-compose.yml deleted file mode 100644 index 5c65a9dee1ad0..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - clickhouse: - image: docker.io/bitnami/clickhouse:23.8 - environment: - - ALLOW_EMPTY_PASSWORD=yes - ports: - - '8123:8123' - volumes: - - clickhouse_data:/bitnami/clickhouse -volumes: - clickhouse_data: - driver: local diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index eac3fd2df65c4..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "clickhouse": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "23.8.14-1" - } -} \ No newline at end of file diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse-env.sh b/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse-env.sh deleted file mode 100644 index 4a82bf3c31c9e..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse-env.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for clickhouse - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-clickhouse}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -clickhouse_env_vars=( - ALLOW_EMPTY_PASSWORD - CLICKHOUSE_ADMIN_USER - CLICKHOUSE_ADMIN_PASSWORD - CLICKHOUSE_HTTP_PORT - CLICKHOUSE_TCP_PORT - CLICKHOUSE_MYSQL_PORT - CLICKHOUSE_POSTGRESQL_PORT - CLICKHOUSE_INTERSERVER_HTTP_PORT - CLICKHOUSE_USER - CLICKHOUSE_PASSWORD -) -for env_var in "${clickhouse_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset clickhouse_env_vars - -# Paths -export CLICKHOUSE_BASE_DIR="${BITNAMI_ROOT_DIR}/clickhouse" -export CLICKHOUSE_VOLUME_DIR="/bitnami/clickhouse" -export CLICKHOUSE_CONF_DIR="${CLICKHOUSE_BASE_DIR}/etc" -export CLICKHOUSE_DEFAULT_CONF_DIR="${CLICKHOUSE_BASE_DIR}/etc.default" -export CLICKHOUSE_MOUNTED_CONF_DIR="${CLICKHOUSE_VOLUME_DIR}/etc" -export CLICKHOUSE_DATA_DIR="${CLICKHOUSE_VOLUME_DIR}/data" -export CLICKHOUSE_LOG_DIR="${CLICKHOUSE_BASE_DIR}/logs" -export CLICKHOUSE_CONF_FILE="${CLICKHOUSE_CONF_DIR}/config.xml" -export CLICKHOUSE_LOG_FILE="${CLICKHOUSE_LOG_DIR}/clickhouse.log" -export CLICKHOUSE_ERROR_LOG_FILE="${CLICKHOUSE_LOG_DIR}/clickhouse_error.log" -export CLICKHOUSE_TMP_DIR="${CLICKHOUSE_BASE_DIR}/tmp" -export CLICKHOUSE_PID_FILE="${CLICKHOUSE_TMP_DIR}/clickhouse.pid" -export CLICKHOUSE_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" - -# ClickHouse configuration parameters -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -CLICKHOUSE_ADMIN_USER="${CLICKHOUSE_ADMIN_USER:-"${CLICKHOUSE_USER:-}"}" -export CLICKHOUSE_ADMIN_USER="${CLICKHOUSE_ADMIN_USER:-default}" -CLICKHOUSE_ADMIN_PASSWORD="${CLICKHOUSE_ADMIN_PASSWORD:-"${CLICKHOUSE_PASSWORD:-}"}" -export CLICKHOUSE_ADMIN_PASSWORD="${CLICKHOUSE_ADMIN_PASSWORD:-}" -export CLICKHOUSE_HTTP_PORT="${CLICKHOUSE_HTTP_PORT:-8123}" -export CLICKHOUSE_TCP_PORT="${CLICKHOUSE_TCP_PORT:-9000}" -export CLICKHOUSE_MYSQL_PORT="${CLICKHOUSE_MYSQL_PORT:-9004}" -export CLICKHOUSE_POSTGRESQL_PORT="${CLICKHOUSE_POSTGRESQL_PORT:-9005}" -export CLICKHOUSE_INTERSERVER_HTTP_PORT="${CLICKHOUSE_INTERSERVER_HTTP_PORT:-9009}" - -# ClickHouse system parameters -export CLICKHOUSE_DAEMON_USER="clickhouse" -export CLICKHOUSE_DAEMON_GROUP="clickhouse" -export PATH="${CLICKHOUSE_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/common/bin:$PATH" - -# Custom environment variables may be defined below diff --git a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/entrypoint.sh b/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/entrypoint.sh deleted file mode 100755 index fcc401e12fdb1..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load ClickHouse environment variables -. /opt/bitnami/scripts/clickhouse-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/clickhouse/etc) -debug "Copying files from $CLICKHOUSE_DEFAULT_CONF_DIR to $CLICKHOUSE_CONF_DIR" -cp -nr "$CLICKHOUSE_DEFAULT_CONF_DIR"/. "$CLICKHOUSE_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/clickhouse/run.sh" ]]; then - info "** Starting ClickHouse setup **" - /opt/bitnami/scripts/clickhouse/setup.sh - info "** ClickHouse setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/postunpack.sh b/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/postunpack.sh deleted file mode 100755 index 80491033079f0..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/postunpack.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libclickhouse.sh - -# Load ClickHouse environment variables -. /opt/bitnami/scripts/clickhouse-env.sh - -# System User -ensure_user_exists "$CLICKHOUSE_DAEMON_USER" --group "$CLICKHOUSE_DAEMON_GROUP" --system - -# Create directories -for dir in "$CLICKHOUSE_DATA_DIR" "$CLICKHOUSE_CONF_DIR" "${CLICKHOUSE_CONF_DIR}/conf.d" "${CLICKHOUSE_CONF_DIR}/users.d" "$CLICKHOUSE_DEFAULT_CONF_DIR" "$CLICKHOUSE_LOG_DIR" "$CLICKHOUSE_TMP_DIR" "$CLICKHOUSE_MOUNTED_CONF_DIR" "/docker-entrypoint-startdb.d" "/docker-entrypoint-initdb.d"; do - ensure_dir_exists "$dir" - configure_permissions_ownership "$dir" -d "775" -f "664" -u "$CLICKHOUSE_DAEMON_USER" -g "root" -done - -# Set default settings in the configuration file - -# Delete default cluster configurations (it contains example configurations that adds noise) and add an empty one -xmlstarlet ed -L -d "/clickhouse/remote_servers" "$CLICKHOUSE_CONF_FILE" - -# Set paths -clickhouse_conf_set "/clickhouse/path" "$CLICKHOUSE_DATA_DIR" -clickhouse_conf_set "/clickhouse/logger/log" "$CLICKHOUSE_LOG_FILE" -clickhouse_conf_set "/clickhouse/logger/errorlog" "$CLICKHOUSE_ERROR_LOG_FILE" - -# ClickHouse allow making settings point to environment variables. This change -# will simplify the container logic substantially because we won't need to modify -# the xml files at runtime -# Source: https://clickhouse.com/docs/en/operations/server-configuration-parameters/settings/ -env_vars_mapping=( - "http_port=CLICKHOUSE_HTTP_PORT" - "tcp_port=CLICKHOUSE_TCP_PORT" - "mysql_port=CLICKHOUSE_MYSQL_PORT" - "postgresql_port=CLICKHOUSE_POSTGRESQL_PORT" - "interserver_http_port=CLICKHOUSE_INTERSERVER_HTTP_PORT" -) - -for pair in "${env_vars_mapping[@]}"; do - setting="${pair%=*}" - env_var="${pair#*=}" - # Delete the existing node - xmlstarlet ed -L -d "/clickhouse/${setting}" "$CLICKHOUSE_CONF_FILE" - # Recreate the node so it has the following structure - # - clickhouse_conf_set "/clickhouse/${setting}" - xmlstarlet ed -L --insert "/clickhouse/${setting}" -type attr -n "from_env" -v "${env_var}" "$CLICKHOUSE_CONF_FILE" -done - -# Set default password to point to the CLICKHOUSE_ADMIN_PASSWORD variable -xmlstarlet ed -L --insert "/clickhouse/users/default/password" -type attr -n "from_env" -v "CLICKHOUSE_ADMIN_PASSWORD" "${CLICKHOUSE_CONF_DIR}/users.xml" - -# Add symlinks to the default paths to make a similar UX as the upstream ClickHouse configuration -# https://github.com/ClickHouse/ClickHouse/blob/master/programs/server/config.xml -ln -s "$CLICKHOUSE_DATA_DIR" "/var/lib/clickhouse" -ln -s "$CLICKHOUSE_CONF_DIR" "/etc/clickhouse-server" -ln -s "$CLICKHOUSE_LOG_DIR" "/var/log/clickhouse-server" -ln -s "$CLICKHOUSE_TMP_DIR" "/var/lib/clickhouse/tmp" - -ln -s /dev/stdout "$CLICKHOUSE_LOG_FILE" -ln -s /dev/stderr "$CLICKHOUSE_ERROR_LOG_FILE" - -touch /.clickhouse-client-history -chmod g+rw /.clickhouse-client-history - -# Set logging to console -xmlstarlet ed -L -d "/clickhouse/logger/log" "$CLICKHOUSE_CONF_FILE" -xmlstarlet ed -L -d "/clickhouse/logger/errorlog" "$CLICKHOUSE_CONF_FILE" -clickhouse_conf_set "/clickhouse/logger/console" "1" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${CLICKHOUSE_CONF_DIR}/"* "$CLICKHOUSE_DEFAULT_CONF_DIR" \ No newline at end of file diff --git a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/run.sh b/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/run.sh deleted file mode 100755 index c42c1d6426abd..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/run.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libclickhouse.sh - -# Load ClickHouse environment variables -. /opt/bitnami/scripts/clickhouse-env.sh - -declare -a cmd=("${CLICKHOUSE_BASE_DIR}/bin/clickhouse-server") -declare -a args=("--config-file=${CLICKHOUSE_CONF_FILE}" "--pid-file=${CLICKHOUSE_PID_FILE}") -args+=("$@") - -info "** Starting ClickHouse **" -if am_i_root; then - exec_as_user "$CLICKHOUSE_DAEMON_USER" "${cmd[@]}" "${args[@]}" -else - exec "${cmd[@]}" "${args[@]}" -fi diff --git a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/setup.sh b/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/setup.sh deleted file mode 100755 index 75f75f04cf2bc..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/clickhouse/setup.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libclickhouse.sh - -# Load ClickHouse environment settings -. /opt/bitnami/scripts/clickhouse-env.sh - -# Ensure ClickHouse environment settings are valid -clickhouse_validate -# Ensure ClickHouse is stopped when this script ends. -trap "clickhouse_stop" EXIT -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$CLICKHOUSE_DAEMON_USER" --group "$CLICKHOUSE_DAEMON_GROUP" -# Ensure is initialized -clickhouse_initialize -# Allow running custom initialization scripts -clickhouse_custom_scripts 'init' -# Allow running custom start scripts -clickhouse_custom_scripts 'start' -# Stop ClickHouse before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -clickhouse_stop diff --git a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh b/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh deleted file mode 100644 index 3fc5b0495b2e5..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh +++ /dev/null @@ -1,284 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami ClickHouse library - -# shellcheck disable=SC1090 -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -######################## -# Validate settings in CLICKHOUSE_* env vars -# Globals: -# CLICKHOUSE_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -clickhouse_validate() { - debug "Validating settings in CLICKHOUSE_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_empty_value() { - if is_empty_value "${!1}"; then - print_validation_error "${1} must be set" - fi - } - check_valid_port() { - local port_var="${1:?missing port variable}" - local err - if ! err="$(validate_port "${!port_var}")"; then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - # Validate user inputs - ! is_empty_value "$CLICKHOUSE_HTTP_PORT" && check_valid_port "CLICKHOUSE_HTTP_PORT" - ! is_empty_value "$CLICKHOUSE_TCP_PORT" && check_valid_port "CLICKHOUSE_TCP_PORT" - ! is_empty_value "$CLICKHOUSE_MYSQL_PORT" && check_valid_port "CLICKHOUSE_MYSQL_PORT" - ! is_empty_value "$CLICKHOUSE_POSTGRESQL_PORT" && check_valid_port "CLICKHOUSE_POSTGRESQL_PORT" - ! is_empty_value "$CLICKHOUSE_INTERSERVER_HTTP_PORT" && check_valid_port "CLICKHOUSE_INTERSERVER_HTTP_PORT" - - # Validate credentials - if is_boolean_yes "${ALLOW_EMPTY_PASSWORD:-}"; then - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD:-}. For safety reasons, do not use this flag in a production environment." - elif is_empty_value "$CLICKHOUSE_ADMIN_PASSWORD"; then - print_validation_error "The CLICKHOUSE_ADMIN_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow a blank password. This is only recommended for development environments." - fi - - return "$error_code" -} - -######################## -# Copy configuration from the mounted folder to the etc folder -# In charts mounting directly in the configuration folder would not -# allow the use of multiple ConfigMaps and Secrets -# Globals: -# CLICKHOUSE_* -# Arguments: -# None -# Returns: -# None -######################### -clickhouse_copy_mounted_configuration() { - if [[ -w "$CLICKHOUSE_CONF_DIR" ]]; then - if ! is_mounted_dir_empty "$CLICKHOUSE_MOUNTED_CONF_DIR"; then - info "Copying mounted configuration from $CLICKHOUSE_MOUNTED_CONF_DIR" - # Copy first the files at the base of the mounted folder to go to ClickHouse - # base etc folder - find "$CLICKHOUSE_MOUNTED_CONF_DIR" -maxdepth 1 \( -type f -o -type l \) -exec cp -L {} "$CLICKHOUSE_CONF_DIR" \; - - # The ClickHouse override directories (etc/conf.d and etc/users.d) do not support subfolders. That means we cannot - # copy directly with cp -RL because we need all override xml files to have at the root of these subfolders. In the helm - # chart we want to allow overrides from different ConfigMaps and Secrets so we need to use the find command - if [[ -d "${CLICKHOUSE_MOUNTED_CONF_DIR}/conf.d" ]]; then - find "${CLICKHOUSE_MOUNTED_CONF_DIR}/conf.d" \( -type f -o -type l \) -exec cp -L {} "${CLICKHOUSE_CONF_DIR}/conf.d" \; - fi - if [[ -d "${CLICKHOUSE_MOUNTED_CONF_DIR}/users.d" ]]; then - find "${CLICKHOUSE_MOUNTED_CONF_DIR}/users.d" \( -type f -o -type l \) -exec cp -L {} "${CLICKHOUSE_CONF_DIR}/users.d" \; - fi - fi - else - warn "The folder $CLICKHOUSE_CONF_DIR is not writable. This is likely because a read-only filesystem was mounted in that folder. Using $CLICKHOUSE_MOUNTED_DIR is recommended" - fi -} - -######################## -# Add or modify an entry in the ClickHouse configuration file -# Globals: -# CLICKHOUSE_* -# Arguments: -# $1 - XPath expression -# $2 - Value to assign to the variable -# $3 - Configuration file -# Returns: -# None -######################### -clickhouse_conf_set() { - local -r xpath="${1:?key missing}" - # We allow empty values - local -r value="${2:-}" - local -r config_file="${3:-$CLICKHOUSE_CONF_FILE}" - debug "Setting ${xpath} to '${value}' in ClickHouse configuration file $config_file" - # Check if the entry exists in the XML file - if xmlstarlet --quiet sel -t -v "$xpath" "$config_file"; then - # Base case - # It exists, so replace the entry - if ! is_empty_value "$value"; then - xmlstarlet ed -L -u "$xpath" -v "$value" "$config_file" - fi - else - # It does not exist, so add the subnode - local -r parentNode="$(dirname "$xpath")" - local -r newNode="$(basename "$xpath")" - # Recursive call to add parent nodes - clickhouse_conf_set "$parentNode" - if is_empty_value "$value"; then - xmlstarlet ed -L --subnode "${parentNode}" -t "elem" -n "${newNode}" "$config_file" - else - xmlstarlet ed -L --subnode "${parentNode}" -t "elem" -n "${newNode}" -v "$value" "$config_file" - fi - fi -} - -######################## -# Check if ClickHouse daemon is running -# Arguments: -# None -# Returns: -# Boolean -######################### -is_clickhouse_running() { - pid="$(get_pid_from_file "$CLICKHOUSE_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if ClickHouse daemon is not running -# Arguments: -# None -# Returns: -# Boolean -######################### -is_clickhouse_not_running() { - ! is_clickhouse_running -} - -######################## -# Stop ClickHouse daemons -# Arguments: -# None -# Returns: -# None -######################### -clickhouse_stop() { - ! is_clickhouse_running && return - stop_service_using_pid "$CLICKHOUSE_PID_FILE" -} - -######################## -# Initialize ClickHouse -# Arguments: -# None -# Returns: -# None -######################### -clickhouse_initialize() { - # Logic based on the upstream ClickHouse container - # For the container itself we keep the logic simple. In the helm chart we rely on the mounting of configuration files with overrides - # Source: https://github.com/ClickHouse/ClickHouse/blob/master/docker/server/entrypoint.sh - - # This fixes an issue where the trap would kill the entrypoint.sh, if a PID was left over from a previous run - # Exec replaces the process without creating a new one, and when the container is restarted it may have the same PID - rm -f "$CLICKHOUSE_PID_FILE" - - clickhouse_copy_mounted_configuration - if [[ "$CLICKHOUSE_ADMIN_USER" != "default" ]]; then - # If we need to set an admin user different from default, we create a configuration override - local -r admin_user_override="${CLICKHOUSE_CONF_DIR}/users.d/__bitnami_default_user.xml" - cat <"${admin_user_override}" - - - - - - - - <${CLICKHOUSE_ADMIN_USER}> - default - - - ::/0 - - default - 1 - - - -EOF - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Start ClickHouse daemon -# Arguments: -# $1 - Log file to check the startup message -# Returns: -# None -######################### -clickhouse_start_bg() { - local -r log_file="${1:-$CLICKHOUSE_LOG_FILE}" - info "Starting ClickHouse in background" - is_clickhouse_running && return - # This function is meant to be called for internal operations like the init scripts - local -r cmd=("${CLICKHOUSE_BASE_DIR}/bin/clickhouse-server") - local -r args=("--config-file=${CLICKHOUSE_CONF_FILE}" "--pid-file=${CLICKHOUSE_PID_FILE}" "--" "--listen_host=127.0.0.1") - if am_i_root; then - run_as_user "$CLICKHOUSE_DAEMON_USER" "${cmd[@]}" "${args[@]}" >"$log_file" 2>&1 & - else - "${cmd[@]}" "${args[@]}" >"$log_file" 2>&1 & - fi - if ! retry_while is_clickhouse_running; then - error "ClickHouse failed to start" - exit 1 - fi - wait_for_log_entry "Application: Ready for connections" "$log_file" - info "ClickHouse started successfully" -} - -######################## -# Run custom scripts -# Globals: -# CLICKHOUSE_* -# Arguments: -# $1 - 'init' or 'start' ('init' runs on first container start, 'start' runs everytime the container starts) -# Returns: -# None -######################### -clickhouse_custom_scripts() { - if [[ -n $(find /docker-entrypoint-"$1"db.d/ -type f -regex ".*\.sh") ]] && { [[ ! -f "$CLICKHOUSE_DATA_DIR/.user_scripts_initialized" ]] || [[ $1 == start ]]; }; then - clickhouse_start_bg "$CLICKHOUSE_LOG_DIR/clickhouse_init_scripts.log" - info "Loading user's custom files from /docker-entrypoint-$1db.d" - for f in /docker-entrypoint-"$1"db.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "${CLICKHOUSE_DATA_DIR}/.user_scripts_initialized" - fi -} diff --git a/bitnami/clickhouse/23.8/debian-12/tags-info.yaml b/bitnami/clickhouse/23.8/debian-12/tags-info.yaml deleted file mode 100644 index d18dcb4bfd025..0000000000000 --- a/bitnami/clickhouse/23.8/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "23.8" -- 23.8-debian-12 -- 23.8.14 diff --git a/bitnami/clickhouse/24.3/README.md b/bitnami/clickhouse/24.3/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/clickhouse/24.3/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/clickhouse/24.3/debian-12/Dockerfile b/bitnami/clickhouse/24.3/debian-12/Dockerfile deleted file mode 100644 index 86b5215f74017..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T17:56:36Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/clickhouse/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="24.3.3-debian-12-r1" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/clickhouse" \ - org.opencontainers.image.title="clickhouse" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="24.3.3" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps xmlstarlet -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "clickhouse-24.3.3-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/clickhouse/postunpack.sh -ENV APP_VERSION="24.3.3" \ - BITNAMI_APP_NAME="clickhouse" \ - PATH="/opt/bitnami/clickhouse/bin:/opt/bitnami/common/bin:$PATH" \ - clickhouseCTL_API="3" - -EXPOSE 8123 9000 9004 9005 9009 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/clickhouse/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/clickhouse/run.sh", "--", "--listen_host=0.0.0.0" ] diff --git a/bitnami/clickhouse/24.3/debian-12/docker-compose.yml b/bitnami/clickhouse/24.3/debian-12/docker-compose.yml deleted file mode 100644 index 985c8a79ee7c3..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - clickhouse: - image: docker.io/bitnami/clickhouse:24.3 - environment: - - ALLOW_EMPTY_PASSWORD=yes - ports: - - '8123:8123' - volumes: - - clickhouse_data:/bitnami/clickhouse -volumes: - clickhouse_data: - driver: local diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 56336730df58c..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "clickhouse": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "24.3.3-1" - } -} \ No newline at end of file diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse-env.sh b/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse-env.sh deleted file mode 100644 index 4a82bf3c31c9e..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse-env.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for clickhouse - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-clickhouse}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -clickhouse_env_vars=( - ALLOW_EMPTY_PASSWORD - CLICKHOUSE_ADMIN_USER - CLICKHOUSE_ADMIN_PASSWORD - CLICKHOUSE_HTTP_PORT - CLICKHOUSE_TCP_PORT - CLICKHOUSE_MYSQL_PORT - CLICKHOUSE_POSTGRESQL_PORT - CLICKHOUSE_INTERSERVER_HTTP_PORT - CLICKHOUSE_USER - CLICKHOUSE_PASSWORD -) -for env_var in "${clickhouse_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset clickhouse_env_vars - -# Paths -export CLICKHOUSE_BASE_DIR="${BITNAMI_ROOT_DIR}/clickhouse" -export CLICKHOUSE_VOLUME_DIR="/bitnami/clickhouse" -export CLICKHOUSE_CONF_DIR="${CLICKHOUSE_BASE_DIR}/etc" -export CLICKHOUSE_DEFAULT_CONF_DIR="${CLICKHOUSE_BASE_DIR}/etc.default" -export CLICKHOUSE_MOUNTED_CONF_DIR="${CLICKHOUSE_VOLUME_DIR}/etc" -export CLICKHOUSE_DATA_DIR="${CLICKHOUSE_VOLUME_DIR}/data" -export CLICKHOUSE_LOG_DIR="${CLICKHOUSE_BASE_DIR}/logs" -export CLICKHOUSE_CONF_FILE="${CLICKHOUSE_CONF_DIR}/config.xml" -export CLICKHOUSE_LOG_FILE="${CLICKHOUSE_LOG_DIR}/clickhouse.log" -export CLICKHOUSE_ERROR_LOG_FILE="${CLICKHOUSE_LOG_DIR}/clickhouse_error.log" -export CLICKHOUSE_TMP_DIR="${CLICKHOUSE_BASE_DIR}/tmp" -export CLICKHOUSE_PID_FILE="${CLICKHOUSE_TMP_DIR}/clickhouse.pid" -export CLICKHOUSE_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" - -# ClickHouse configuration parameters -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -CLICKHOUSE_ADMIN_USER="${CLICKHOUSE_ADMIN_USER:-"${CLICKHOUSE_USER:-}"}" -export CLICKHOUSE_ADMIN_USER="${CLICKHOUSE_ADMIN_USER:-default}" -CLICKHOUSE_ADMIN_PASSWORD="${CLICKHOUSE_ADMIN_PASSWORD:-"${CLICKHOUSE_PASSWORD:-}"}" -export CLICKHOUSE_ADMIN_PASSWORD="${CLICKHOUSE_ADMIN_PASSWORD:-}" -export CLICKHOUSE_HTTP_PORT="${CLICKHOUSE_HTTP_PORT:-8123}" -export CLICKHOUSE_TCP_PORT="${CLICKHOUSE_TCP_PORT:-9000}" -export CLICKHOUSE_MYSQL_PORT="${CLICKHOUSE_MYSQL_PORT:-9004}" -export CLICKHOUSE_POSTGRESQL_PORT="${CLICKHOUSE_POSTGRESQL_PORT:-9005}" -export CLICKHOUSE_INTERSERVER_HTTP_PORT="${CLICKHOUSE_INTERSERVER_HTTP_PORT:-9009}" - -# ClickHouse system parameters -export CLICKHOUSE_DAEMON_USER="clickhouse" -export CLICKHOUSE_DAEMON_GROUP="clickhouse" -export PATH="${CLICKHOUSE_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/common/bin:$PATH" - -# Custom environment variables may be defined below diff --git a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/entrypoint.sh b/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/entrypoint.sh deleted file mode 100755 index fcc401e12fdb1..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load ClickHouse environment variables -. /opt/bitnami/scripts/clickhouse-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/clickhouse/etc) -debug "Copying files from $CLICKHOUSE_DEFAULT_CONF_DIR to $CLICKHOUSE_CONF_DIR" -cp -nr "$CLICKHOUSE_DEFAULT_CONF_DIR"/. "$CLICKHOUSE_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/clickhouse/run.sh" ]]; then - info "** Starting ClickHouse setup **" - /opt/bitnami/scripts/clickhouse/setup.sh - info "** ClickHouse setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/postunpack.sh b/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/postunpack.sh deleted file mode 100755 index 80491033079f0..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/postunpack.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libclickhouse.sh - -# Load ClickHouse environment variables -. /opt/bitnami/scripts/clickhouse-env.sh - -# System User -ensure_user_exists "$CLICKHOUSE_DAEMON_USER" --group "$CLICKHOUSE_DAEMON_GROUP" --system - -# Create directories -for dir in "$CLICKHOUSE_DATA_DIR" "$CLICKHOUSE_CONF_DIR" "${CLICKHOUSE_CONF_DIR}/conf.d" "${CLICKHOUSE_CONF_DIR}/users.d" "$CLICKHOUSE_DEFAULT_CONF_DIR" "$CLICKHOUSE_LOG_DIR" "$CLICKHOUSE_TMP_DIR" "$CLICKHOUSE_MOUNTED_CONF_DIR" "/docker-entrypoint-startdb.d" "/docker-entrypoint-initdb.d"; do - ensure_dir_exists "$dir" - configure_permissions_ownership "$dir" -d "775" -f "664" -u "$CLICKHOUSE_DAEMON_USER" -g "root" -done - -# Set default settings in the configuration file - -# Delete default cluster configurations (it contains example configurations that adds noise) and add an empty one -xmlstarlet ed -L -d "/clickhouse/remote_servers" "$CLICKHOUSE_CONF_FILE" - -# Set paths -clickhouse_conf_set "/clickhouse/path" "$CLICKHOUSE_DATA_DIR" -clickhouse_conf_set "/clickhouse/logger/log" "$CLICKHOUSE_LOG_FILE" -clickhouse_conf_set "/clickhouse/logger/errorlog" "$CLICKHOUSE_ERROR_LOG_FILE" - -# ClickHouse allow making settings point to environment variables. This change -# will simplify the container logic substantially because we won't need to modify -# the xml files at runtime -# Source: https://clickhouse.com/docs/en/operations/server-configuration-parameters/settings/ -env_vars_mapping=( - "http_port=CLICKHOUSE_HTTP_PORT" - "tcp_port=CLICKHOUSE_TCP_PORT" - "mysql_port=CLICKHOUSE_MYSQL_PORT" - "postgresql_port=CLICKHOUSE_POSTGRESQL_PORT" - "interserver_http_port=CLICKHOUSE_INTERSERVER_HTTP_PORT" -) - -for pair in "${env_vars_mapping[@]}"; do - setting="${pair%=*}" - env_var="${pair#*=}" - # Delete the existing node - xmlstarlet ed -L -d "/clickhouse/${setting}" "$CLICKHOUSE_CONF_FILE" - # Recreate the node so it has the following structure - # - clickhouse_conf_set "/clickhouse/${setting}" - xmlstarlet ed -L --insert "/clickhouse/${setting}" -type attr -n "from_env" -v "${env_var}" "$CLICKHOUSE_CONF_FILE" -done - -# Set default password to point to the CLICKHOUSE_ADMIN_PASSWORD variable -xmlstarlet ed -L --insert "/clickhouse/users/default/password" -type attr -n "from_env" -v "CLICKHOUSE_ADMIN_PASSWORD" "${CLICKHOUSE_CONF_DIR}/users.xml" - -# Add symlinks to the default paths to make a similar UX as the upstream ClickHouse configuration -# https://github.com/ClickHouse/ClickHouse/blob/master/programs/server/config.xml -ln -s "$CLICKHOUSE_DATA_DIR" "/var/lib/clickhouse" -ln -s "$CLICKHOUSE_CONF_DIR" "/etc/clickhouse-server" -ln -s "$CLICKHOUSE_LOG_DIR" "/var/log/clickhouse-server" -ln -s "$CLICKHOUSE_TMP_DIR" "/var/lib/clickhouse/tmp" - -ln -s /dev/stdout "$CLICKHOUSE_LOG_FILE" -ln -s /dev/stderr "$CLICKHOUSE_ERROR_LOG_FILE" - -touch /.clickhouse-client-history -chmod g+rw /.clickhouse-client-history - -# Set logging to console -xmlstarlet ed -L -d "/clickhouse/logger/log" "$CLICKHOUSE_CONF_FILE" -xmlstarlet ed -L -d "/clickhouse/logger/errorlog" "$CLICKHOUSE_CONF_FILE" -clickhouse_conf_set "/clickhouse/logger/console" "1" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${CLICKHOUSE_CONF_DIR}/"* "$CLICKHOUSE_DEFAULT_CONF_DIR" \ No newline at end of file diff --git a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/run.sh b/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/run.sh deleted file mode 100755 index c42c1d6426abd..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/run.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libclickhouse.sh - -# Load ClickHouse environment variables -. /opt/bitnami/scripts/clickhouse-env.sh - -declare -a cmd=("${CLICKHOUSE_BASE_DIR}/bin/clickhouse-server") -declare -a args=("--config-file=${CLICKHOUSE_CONF_FILE}" "--pid-file=${CLICKHOUSE_PID_FILE}") -args+=("$@") - -info "** Starting ClickHouse **" -if am_i_root; then - exec_as_user "$CLICKHOUSE_DAEMON_USER" "${cmd[@]}" "${args[@]}" -else - exec "${cmd[@]}" "${args[@]}" -fi diff --git a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/setup.sh b/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/setup.sh deleted file mode 100755 index 75f75f04cf2bc..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/clickhouse/setup.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libclickhouse.sh - -# Load ClickHouse environment settings -. /opt/bitnami/scripts/clickhouse-env.sh - -# Ensure ClickHouse environment settings are valid -clickhouse_validate -# Ensure ClickHouse is stopped when this script ends. -trap "clickhouse_stop" EXIT -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$CLICKHOUSE_DAEMON_USER" --group "$CLICKHOUSE_DAEMON_GROUP" -# Ensure is initialized -clickhouse_initialize -# Allow running custom initialization scripts -clickhouse_custom_scripts 'init' -# Allow running custom start scripts -clickhouse_custom_scripts 'start' -# Stop ClickHouse before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -clickhouse_stop diff --git a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh b/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh deleted file mode 100644 index 3fc5b0495b2e5..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh +++ /dev/null @@ -1,284 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami ClickHouse library - -# shellcheck disable=SC1090 -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -######################## -# Validate settings in CLICKHOUSE_* env vars -# Globals: -# CLICKHOUSE_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -clickhouse_validate() { - debug "Validating settings in CLICKHOUSE_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_empty_value() { - if is_empty_value "${!1}"; then - print_validation_error "${1} must be set" - fi - } - check_valid_port() { - local port_var="${1:?missing port variable}" - local err - if ! err="$(validate_port "${!port_var}")"; then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - # Validate user inputs - ! is_empty_value "$CLICKHOUSE_HTTP_PORT" && check_valid_port "CLICKHOUSE_HTTP_PORT" - ! is_empty_value "$CLICKHOUSE_TCP_PORT" && check_valid_port "CLICKHOUSE_TCP_PORT" - ! is_empty_value "$CLICKHOUSE_MYSQL_PORT" && check_valid_port "CLICKHOUSE_MYSQL_PORT" - ! is_empty_value "$CLICKHOUSE_POSTGRESQL_PORT" && check_valid_port "CLICKHOUSE_POSTGRESQL_PORT" - ! is_empty_value "$CLICKHOUSE_INTERSERVER_HTTP_PORT" && check_valid_port "CLICKHOUSE_INTERSERVER_HTTP_PORT" - - # Validate credentials - if is_boolean_yes "${ALLOW_EMPTY_PASSWORD:-}"; then - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD:-}. For safety reasons, do not use this flag in a production environment." - elif is_empty_value "$CLICKHOUSE_ADMIN_PASSWORD"; then - print_validation_error "The CLICKHOUSE_ADMIN_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow a blank password. This is only recommended for development environments." - fi - - return "$error_code" -} - -######################## -# Copy configuration from the mounted folder to the etc folder -# In charts mounting directly in the configuration folder would not -# allow the use of multiple ConfigMaps and Secrets -# Globals: -# CLICKHOUSE_* -# Arguments: -# None -# Returns: -# None -######################### -clickhouse_copy_mounted_configuration() { - if [[ -w "$CLICKHOUSE_CONF_DIR" ]]; then - if ! is_mounted_dir_empty "$CLICKHOUSE_MOUNTED_CONF_DIR"; then - info "Copying mounted configuration from $CLICKHOUSE_MOUNTED_CONF_DIR" - # Copy first the files at the base of the mounted folder to go to ClickHouse - # base etc folder - find "$CLICKHOUSE_MOUNTED_CONF_DIR" -maxdepth 1 \( -type f -o -type l \) -exec cp -L {} "$CLICKHOUSE_CONF_DIR" \; - - # The ClickHouse override directories (etc/conf.d and etc/users.d) do not support subfolders. That means we cannot - # copy directly with cp -RL because we need all override xml files to have at the root of these subfolders. In the helm - # chart we want to allow overrides from different ConfigMaps and Secrets so we need to use the find command - if [[ -d "${CLICKHOUSE_MOUNTED_CONF_DIR}/conf.d" ]]; then - find "${CLICKHOUSE_MOUNTED_CONF_DIR}/conf.d" \( -type f -o -type l \) -exec cp -L {} "${CLICKHOUSE_CONF_DIR}/conf.d" \; - fi - if [[ -d "${CLICKHOUSE_MOUNTED_CONF_DIR}/users.d" ]]; then - find "${CLICKHOUSE_MOUNTED_CONF_DIR}/users.d" \( -type f -o -type l \) -exec cp -L {} "${CLICKHOUSE_CONF_DIR}/users.d" \; - fi - fi - else - warn "The folder $CLICKHOUSE_CONF_DIR is not writable. This is likely because a read-only filesystem was mounted in that folder. Using $CLICKHOUSE_MOUNTED_DIR is recommended" - fi -} - -######################## -# Add or modify an entry in the ClickHouse configuration file -# Globals: -# CLICKHOUSE_* -# Arguments: -# $1 - XPath expression -# $2 - Value to assign to the variable -# $3 - Configuration file -# Returns: -# None -######################### -clickhouse_conf_set() { - local -r xpath="${1:?key missing}" - # We allow empty values - local -r value="${2:-}" - local -r config_file="${3:-$CLICKHOUSE_CONF_FILE}" - debug "Setting ${xpath} to '${value}' in ClickHouse configuration file $config_file" - # Check if the entry exists in the XML file - if xmlstarlet --quiet sel -t -v "$xpath" "$config_file"; then - # Base case - # It exists, so replace the entry - if ! is_empty_value "$value"; then - xmlstarlet ed -L -u "$xpath" -v "$value" "$config_file" - fi - else - # It does not exist, so add the subnode - local -r parentNode="$(dirname "$xpath")" - local -r newNode="$(basename "$xpath")" - # Recursive call to add parent nodes - clickhouse_conf_set "$parentNode" - if is_empty_value "$value"; then - xmlstarlet ed -L --subnode "${parentNode}" -t "elem" -n "${newNode}" "$config_file" - else - xmlstarlet ed -L --subnode "${parentNode}" -t "elem" -n "${newNode}" -v "$value" "$config_file" - fi - fi -} - -######################## -# Check if ClickHouse daemon is running -# Arguments: -# None -# Returns: -# Boolean -######################### -is_clickhouse_running() { - pid="$(get_pid_from_file "$CLICKHOUSE_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if ClickHouse daemon is not running -# Arguments: -# None -# Returns: -# Boolean -######################### -is_clickhouse_not_running() { - ! is_clickhouse_running -} - -######################## -# Stop ClickHouse daemons -# Arguments: -# None -# Returns: -# None -######################### -clickhouse_stop() { - ! is_clickhouse_running && return - stop_service_using_pid "$CLICKHOUSE_PID_FILE" -} - -######################## -# Initialize ClickHouse -# Arguments: -# None -# Returns: -# None -######################### -clickhouse_initialize() { - # Logic based on the upstream ClickHouse container - # For the container itself we keep the logic simple. In the helm chart we rely on the mounting of configuration files with overrides - # Source: https://github.com/ClickHouse/ClickHouse/blob/master/docker/server/entrypoint.sh - - # This fixes an issue where the trap would kill the entrypoint.sh, if a PID was left over from a previous run - # Exec replaces the process without creating a new one, and when the container is restarted it may have the same PID - rm -f "$CLICKHOUSE_PID_FILE" - - clickhouse_copy_mounted_configuration - if [[ "$CLICKHOUSE_ADMIN_USER" != "default" ]]; then - # If we need to set an admin user different from default, we create a configuration override - local -r admin_user_override="${CLICKHOUSE_CONF_DIR}/users.d/__bitnami_default_user.xml" - cat <"${admin_user_override}" - - - - - - - - <${CLICKHOUSE_ADMIN_USER}> - default - - - ::/0 - - default - 1 - - - -EOF - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Start ClickHouse daemon -# Arguments: -# $1 - Log file to check the startup message -# Returns: -# None -######################### -clickhouse_start_bg() { - local -r log_file="${1:-$CLICKHOUSE_LOG_FILE}" - info "Starting ClickHouse in background" - is_clickhouse_running && return - # This function is meant to be called for internal operations like the init scripts - local -r cmd=("${CLICKHOUSE_BASE_DIR}/bin/clickhouse-server") - local -r args=("--config-file=${CLICKHOUSE_CONF_FILE}" "--pid-file=${CLICKHOUSE_PID_FILE}" "--" "--listen_host=127.0.0.1") - if am_i_root; then - run_as_user "$CLICKHOUSE_DAEMON_USER" "${cmd[@]}" "${args[@]}" >"$log_file" 2>&1 & - else - "${cmd[@]}" "${args[@]}" >"$log_file" 2>&1 & - fi - if ! retry_while is_clickhouse_running; then - error "ClickHouse failed to start" - exit 1 - fi - wait_for_log_entry "Application: Ready for connections" "$log_file" - info "ClickHouse started successfully" -} - -######################## -# Run custom scripts -# Globals: -# CLICKHOUSE_* -# Arguments: -# $1 - 'init' or 'start' ('init' runs on first container start, 'start' runs everytime the container starts) -# Returns: -# None -######################### -clickhouse_custom_scripts() { - if [[ -n $(find /docker-entrypoint-"$1"db.d/ -type f -regex ".*\.sh") ]] && { [[ ! -f "$CLICKHOUSE_DATA_DIR/.user_scripts_initialized" ]] || [[ $1 == start ]]; }; then - clickhouse_start_bg "$CLICKHOUSE_LOG_DIR/clickhouse_init_scripts.log" - info "Loading user's custom files from /docker-entrypoint-$1db.d" - for f in /docker-entrypoint-"$1"db.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "${CLICKHOUSE_DATA_DIR}/.user_scripts_initialized" - fi -} diff --git a/bitnami/clickhouse/24.3/debian-12/tags-info.yaml b/bitnami/clickhouse/24.3/debian-12/tags-info.yaml deleted file mode 100644 index b79155c343013..0000000000000 --- a/bitnami/clickhouse/24.3/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "24.3" -- 24.3-debian-12 -- 24.3.3 diff --git a/bitnami/clickhouse/24.8/README.md b/bitnami/clickhouse/24.8/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/clickhouse/24.8/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/clickhouse/24/debian-12/Dockerfile b/bitnami/clickhouse/24/debian-12/Dockerfile index 83a6a9c42e155..0602b15443e3f 100644 --- a/bitnami/clickhouse/24/debian-12/Dockerfile +++ b/bitnami/clickhouse/24/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-06-01T11:43:51Z" \ + org.opencontainers.image.created="2024-12-31T12:57:52Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/clickhouse/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="24.5.1-debian-12-r0" \ + org.opencontainers.image.ref.name="24.12.2-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/clickhouse" \ org.opencontainers.image.title="clickhouse" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="24.5.1" + org.opencontainers.image.version="24.12.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps xmlstarlet RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "clickhouse-24.5.1-0-linux-${OS_ARCH}-debian-12" \ + "clickhouse-24.12.2-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/clickhouse/postunpack.sh -ENV APP_VERSION="24.5.1" \ +ENV APP_VERSION="24.12.2" \ BITNAMI_APP_NAME="clickhouse" \ PATH="/opt/bitnami/clickhouse/bin:/opt/bitnami/common/bin:$PATH" \ clickhouseCTL_API="3" diff --git a/bitnami/clickhouse/24/debian-12/docker-compose.yml b/bitnami/clickhouse/24/debian-12/docker-compose.yml index 9d02502cad4fd..20195f63c434f 100644 --- a/bitnami/clickhouse/24/debian-12/docker-compose.yml +++ b/bitnami/clickhouse/24/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: clickhouse: image: docker.io/bitnami/clickhouse:24 diff --git a/bitnami/clickhouse/24/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/clickhouse/24/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index d142d3ff59799..16be1cfcd34e2 100644 --- a/bitnami/clickhouse/24/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/clickhouse/24/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "24.5.1-0" + "version": "24.12.2-0" } } \ No newline at end of file diff --git a/bitnami/clickhouse/24/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/clickhouse/24/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/clickhouse/24/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/clickhouse/24/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/clickhouse/24/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh b/bitnami/clickhouse/24/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh index 3fc5b0495b2e5..80489fb542db4 100644 --- a/bitnami/clickhouse/24/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh +++ b/bitnami/clickhouse/24/debian-12/rootfs/opt/bitnami/scripts/libclickhouse.sh @@ -80,16 +80,16 @@ clickhouse_copy_mounted_configuration() { info "Copying mounted configuration from $CLICKHOUSE_MOUNTED_CONF_DIR" # Copy first the files at the base of the mounted folder to go to ClickHouse # base etc folder - find "$CLICKHOUSE_MOUNTED_CONF_DIR" -maxdepth 1 \( -type f -o -type l \) -exec cp -L {} "$CLICKHOUSE_CONF_DIR" \; + find "$CLICKHOUSE_MOUNTED_CONF_DIR" -maxdepth 1 \( -type f -o -type l \) -exec cp -L -r {} "$CLICKHOUSE_CONF_DIR" \; # The ClickHouse override directories (etc/conf.d and etc/users.d) do not support subfolders. That means we cannot # copy directly with cp -RL because we need all override xml files to have at the root of these subfolders. In the helm # chart we want to allow overrides from different ConfigMaps and Secrets so we need to use the find command if [[ -d "${CLICKHOUSE_MOUNTED_CONF_DIR}/conf.d" ]]; then - find "${CLICKHOUSE_MOUNTED_CONF_DIR}/conf.d" \( -type f -o -type l \) -exec cp -L {} "${CLICKHOUSE_CONF_DIR}/conf.d" \; + find "${CLICKHOUSE_MOUNTED_CONF_DIR}/conf.d" \( -type f -o -type l \) -exec cp -L -r {} "${CLICKHOUSE_CONF_DIR}/conf.d" \; fi if [[ -d "${CLICKHOUSE_MOUNTED_CONF_DIR}/users.d" ]]; then - find "${CLICKHOUSE_MOUNTED_CONF_DIR}/users.d" \( -type f -o -type l \) -exec cp -L {} "${CLICKHOUSE_CONF_DIR}/users.d" \; + find "${CLICKHOUSE_MOUNTED_CONF_DIR}/users.d" \( -type f -o -type l \) -exec cp -L -r {} "${CLICKHOUSE_CONF_DIR}/users.d" \; fi fi else @@ -233,7 +233,7 @@ clickhouse_start_bg() { is_clickhouse_running && return # This function is meant to be called for internal operations like the init scripts local -r cmd=("${CLICKHOUSE_BASE_DIR}/bin/clickhouse-server") - local -r args=("--config-file=${CLICKHOUSE_CONF_FILE}" "--pid-file=${CLICKHOUSE_PID_FILE}" "--" "--listen_host=127.0.0.1") + local -r args=("--config-file=${CLICKHOUSE_CONF_FILE}" "--pid-file=${CLICKHOUSE_PID_FILE}" "--" "--listen_host=0.0.0.0") if am_i_root; then run_as_user "$CLICKHOUSE_DAEMON_USER" "${cmd[@]}" "${args[@]}" >"$log_file" 2>&1 & else @@ -243,7 +243,7 @@ clickhouse_start_bg() { error "ClickHouse failed to start" exit 1 fi - wait_for_log_entry "Application: Ready for connections" "$log_file" + wait_for_log_entry "Ready for connections" "$log_file" info "ClickHouse started successfully" } diff --git a/bitnami/clickhouse/24/debian-12/tags-info.yaml b/bitnami/clickhouse/24/debian-12/tags-info.yaml index 1379d567246b8..3164168bd4509 100644 --- a/bitnami/clickhouse/24/debian-12/tags-info.yaml +++ b/bitnami/clickhouse/24/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "24" - 24-debian-12 -- 24.5.1 +- 24.12.2 - latest diff --git a/bitnami/clickhouse/README.md b/bitnami/clickhouse/README.md index 435d8fa5e18ab..529673cf321d4 100644 --- a/bitnami/clickhouse/README.md +++ b/bitnami/clickhouse/README.md @@ -22,7 +22,7 @@ docker run --name clickhouse bitnami/clickhouse:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use ClickHouse in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use ClickHouse in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy ClickHouse in Kubernetes? @@ -30,9 +30,15 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -189,6 +195,8 @@ When the container is executed for the first time, it will execute the files wit In order to have your custom files inside the docker image you can mount them as a volume. +> NOTE: If you use JSON format for clickhouse logs and remove the message field of the logs, the application will fail to start if there are init or start scripts in any of those 2 folders. + ### Environment variables #### Customizable environment variables diff --git a/bitnami/clickhouse/docker-compose.yml b/bitnami/clickhouse/docker-compose.yml index 9d02502cad4fd..20195f63c434f 100644 --- a/bitnami/clickhouse/docker-compose.yml +++ b/bitnami/clickhouse/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: clickhouse: image: docker.io/bitnami/clickhouse:24 diff --git a/bitnami/cluster-autoscaler/1/debian-12/Dockerfile b/bitnami/cluster-autoscaler/1/debian-12/Dockerfile index 084087ab6760f..5dee4138c622b 100644 --- a/bitnami/cluster-autoscaler/1/debian-12/Dockerfile +++ b/bitnami/cluster-autoscaler/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T14:25:46Z" \ + org.opencontainers.image.created="2025-01-02T09:05:16Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cluster-autoscaler/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.30.1-debian-12-r0" \ + org.opencontainers.image.ref.name="1.32.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cluster-autoscaler" \ org.opencontainers.image.title="cluster-autoscaler" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.30.1" + org.opencontainers.image.version="1.32.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "cluster-autoscaler-1.30.1-0-linux-${OS_ARCH}-debian-12" \ + "cluster-autoscaler-1.32.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN chmod -R g+rwX /opt/bitnami/cluster-autoscaler/ -ENV APP_VERSION="1.30.1" \ +ENV APP_VERSION="1.32.0" \ BITNAMI_APP_NAME="cluster-autoscaler" \ PATH="/opt/bitnami/cluster-autoscaler/bin:$PATH" diff --git a/bitnami/cluster-autoscaler/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cluster-autoscaler/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index dfaa88823342e..40cc6016b0e26 100644 --- a/bitnami/cluster-autoscaler/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cluster-autoscaler/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.30.1-0" + "version": "1.32.0-0" } } \ No newline at end of file diff --git a/bitnami/cluster-autoscaler/1/debian-12/tags-info.yaml b/bitnami/cluster-autoscaler/1/debian-12/tags-info.yaml index d0bef7e8637c0..de7bafd6b0fe0 100644 --- a/bitnami/cluster-autoscaler/1/debian-12/tags-info.yaml +++ b/bitnami/cluster-autoscaler/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.30.1 +- 1.32.0 - latest diff --git a/bitnami/cluster-autoscaler/README.md b/bitnami/cluster-autoscaler/README.md index 24b24b8921d54..c5141d0f9e034 100644 --- a/bitnami/cluster-autoscaler/README.md +++ b/bitnami/cluster-autoscaler/README.md @@ -34,7 +34,7 @@ Please note that Cluster Autoscaler a series of permissions/privileges to adjust * Provide the K8s worker node which runs the cluster autoscaler with a minimum IAM policy (check [permissions docs](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider/aws#user-content-permissions) for more information). * Create a service account for Cluster Autoscaler's deployment and bind to it some roles and cluster roles that provide the corresponding RBAC privileges. -> NOTE: Find resources to deploy Cluster Autoscaler on AWS in the [aws-examples](./aws-examples) directory. +> NOTE: Find resources to deploy Cluster Autoscaler on AWS in the [aws-examples](https://github.com/bitnami/containers/tree/main/bitnami/cluster-autoscaler/aws-examples) directory. ## Why use Bitnami Images? @@ -45,15 +45,21 @@ Please note that Cluster Autoscaler a series of permissions/privileges to adjust * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Cluster Autoscaler in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Cluster Autoscaler in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -135,7 +141,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/concourse/7/debian-12/Dockerfile b/bitnami/concourse/7/debian-12/Dockerfile index 8ef37c7fa7b54..5311f318efe71 100644 --- a/bitnami/concourse/7/debian-12/Dockerfile +++ b/bitnami/concourse/7/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-06-03T06:57:14Z" \ + org.opencontainers.image.created="2025-01-10T08:47:16Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/concourse/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.11.2-debian-12-r13" \ + org.opencontainers.image.ref.name="7.12.0-debian-12-r18" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/concourse" \ org.opencontainers.image.title="concourse" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.11.2" + org.opencontainers.image.version="7.12.0" ENV OS_ARCH="${TARGETARCH:-amd64}" \ OS_FLAVOUR="debian-12" \ @@ -27,12 +28,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl iproute2 iptables libseccomp2 procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "concourse-7.11.2-6-linux-${OS_ARCH}-debian-12" \ + "concourse-7.12.0-17-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN touch /.flyrc && chmod g+rwX /.flyrc RUN update-alternatives --set iptables /usr/sbin/iptables-legacy && \ update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy -ENV APP_VERSION="7.11.2" \ +ENV APP_VERSION="7.12.0" \ BITNAMI_APP_NAME="concourse" \ PATH="/opt/bitnami/concourse/bin:$PATH" diff --git a/bitnami/concourse/7/debian-12/docker-compose.yml b/bitnami/concourse/7/debian-12/docker-compose.yml index 2ca2717ac5f8f..48392698db0c3 100644 --- a/bitnami/concourse/7/debian-12/docker-compose.yml +++ b/bitnami/concourse/7/debian-12/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:15 + image: docker.io/bitnami/postgresql:latest environment: - POSTGRESQL_DATABASE=bitnami_concourse - POSTGRESQL_USERNAME=bn_concourse diff --git a/bitnami/concourse/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/concourse/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 8f8222f17a416..ac2212a7f1291 100644 --- a/bitnami/concourse/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/concourse/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "7.11.2-6" + "version": "7.12.0-17" } } \ No newline at end of file diff --git a/bitnami/concourse/7/debian-12/tags-info.yaml b/bitnami/concourse/7/debian-12/tags-info.yaml index 218898aba77c0..5977a26d6bc93 100644 --- a/bitnami/concourse/7/debian-12/tags-info.yaml +++ b/bitnami/concourse/7/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "7" - 7-debian-12 -- 7.11.2 +- 7.12.0 - latest diff --git a/bitnami/concourse/README.md b/bitnami/concourse/README.md index aa87e3bfa7a76..2ee173669318b 100644 --- a/bitnami/concourse/README.md +++ b/bitnami/concourse/README.md @@ -23,15 +23,21 @@ docker run --name concourse bitnami/concourse:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Concourse in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Concourse in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.bitnami.com/containers/how-to/work-with-non-root-containers/). +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -223,7 +229,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/concourse/docker-compose-testing.yml b/bitnami/concourse/docker-compose-testing.yml new file mode 100644 index 0000000000000..78ab07203482d --- /dev/null +++ b/bitnami/concourse/docker-compose-testing.yml @@ -0,0 +1,62 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + postgresql: + image: docker.io/bitnami/postgresql:latest + environment: + - POSTGRESQL_DATABASE=bitnami_concourse + - POSTGRESQL_USERNAME=bn_concourse + - POSTGRESQL_PASSWORD=bitnami1 + - ALLOW_EMPTY_PASSWORD=yes + volumes: + - 'postgresql_data:/bitnami/postgresql' + concourse: + image: concourse + command: concourse web + environment: + - CONCOURSE_RUNTIME=containerd + - CONCOURSE_POSTGRES_DATABASE=bitnami_concourse + - CONCOURSE_POSTGRES_USER=bn_concourse + - CONCOURSE_POSTGRES_PASSWORD=bitnami1 + - CONCOURSE_SESSION_SIGNING_KEY=/bitnami/concourse/concourse_keys/session_signing_key + - CONCOURSE_TSA_AUTHORIZED_KEYS=/bitnami/concourse/concourse_keys/authorized_worker_keys + - CONCOURSE_TSA_HOST_KEY=/bitnami/concourse/concourse_keys/tsa_host_key + - CONCOURSE_LOG_LEVEL=debug + - CONCOURSE_POSTGRES_HOST=postgresql + - CONCOURSE_EXTERNAL_URL=http://localhost:8080 + - CONCOURSE_ADD_LOCAL_USER=user:bitnami,guest:guest + - CONCOURSE_MAIN_TEAM_LOCAL_USER=user + - CONCOURSE_CLUSTER_NAME=dev + - CONCOURSE_ENABLE_PIPELINE_INSTANCES=true + - CONCOURSE_ENABLE_ACROSS_STEP=true + - CONCOURSE_ENABLE_CACHE_STREAMED_VOLUMES=true + volumes: + - 'concourse_web_data:/bitnami/concourse' + - './concourse_keys/authorized_worker_keys:/bitnami/concourse/concourse_keys/authorized_worker_keys' + - './concourse_keys/tsa_host_key:/bitnami/concourse/concourse_keys/tsa_host_key' + - './concourse_keys/session_signing_key:/bitnami/concourse/concourse_keys/session_signing_key' + concourse_worker: + image: concourse + command: concourse worker + privileged: true + environment: + - CONCOURSE_RUNTIME=containerd + - CONCOURSE_TSA_PUBLIC_KEY=/bitnami/concourse/concourse_keys/tsa_host_key.pub + - CONCOURSE_TSA_WORKER_PRIVATE_KEY=/bitnami/concourse/concourse_keys/worker_key + - CONCOURSE_LOG_LEVEL=debug + - CONCOURSE_TSA_HOST=concourse:2222 + - CONCOURSE_BIND_IP=0.0.0.0 + - CONCOURSE_BAGGAGECLAIM_BIND_IP=0.0.0.0 + - CONCOURSE_BAGGAGECLAIM_DRIVER=overlay + - CONCOURSE_CONTAINERD_DNS_PROXY_ENABLE=true + - CONCOURSE_WEB_PUBLIC_DIR=/opt/bitnami/concourse/web/public + - CONCOURSE_WORK_DIR=/opt/bitnami/concourse + volumes: + - './concourse_keys/worker_key:/bitnami/concourse/concourse_keys/worker_key' + - './concourse_keys/tsa_host_key.pub:/bitnami/concourse/concourse_keys/tsa_host_key.pub' +volumes: + postgresql_data: + driver: local + concourse_web_data: + driver: local diff --git a/bitnami/concourse/docker-compose.yml b/bitnami/concourse/docker-compose.yml index 2ca2717ac5f8f..48392698db0c3 100644 --- a/bitnami/concourse/docker-compose.yml +++ b/bitnami/concourse/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:15 + image: docker.io/bitnami/postgresql:latest environment: - POSTGRESQL_DATABASE=bitnami_concourse - POSTGRESQL_USERNAME=bn_concourse diff --git a/bitnami/configmap-reload/0/debian-12/Dockerfile b/bitnami/configmap-reload/0/debian-12/Dockerfile index f2c99a11b6d7c..3761c0a797366 100644 --- a/bitnami/configmap-reload/0/debian-12/Dockerfile +++ b/bitnami/configmap-reload/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:02:23Z" \ + org.opencontainers.image.created="2025-01-02T20:32:27Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/configmap-reload/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.13.0-debian-12-r3" \ + org.opencontainers.image.ref.name="0.14.0-debian-12-r6" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/configmap-reload" \ org.opencontainers.image.title="configmap-reload" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.13.0" + org.opencontainers.image.version="0.14.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "configmap-reload-0.13.0-2-linux-${OS_ARCH}-debian-12" \ + "configmap-reload-0.14.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN chmod g+rwX /opt/bitnami RUN ln -sf /opt/bitnami/configmap-reload/bin/configmap-reload /bin/configmap-reload RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="0.13.0" \ +ENV APP_VERSION="0.14.0" \ BITNAMI_APP_NAME="configmap-reload" \ PATH="/opt/bitnami/configmap-reload/bin:$PATH" diff --git a/bitnami/configmap-reload/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/configmap-reload/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 3797546a4edb5..03f34cfbc47b9 100644 --- a/bitnami/configmap-reload/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/configmap-reload/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.13.0-2" + "version": "0.14.0-4" } } \ No newline at end of file diff --git a/bitnami/configmap-reload/0/debian-12/tags-info.yaml b/bitnami/configmap-reload/0/debian-12/tags-info.yaml index 3e31067460f28..98ed45467d560 100644 --- a/bitnami/configmap-reload/0/debian-12/tags-info.yaml +++ b/bitnami/configmap-reload/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.13.0 +- 0.14.0 - latest diff --git a/bitnami/configmap-reload/README.md b/bitnami/configmap-reload/README.md index c664636db61d6..55d1821d61b9c 100644 --- a/bitnami/configmap-reload/README.md +++ b/bitnami/configmap-reload/README.md @@ -20,15 +20,21 @@ Deploy [ConfigMap Reload](https://github.com/jimmidyson/configmap-reload/blob/ma * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use ConfigMap Reload in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use ConfigMap Reload in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -76,7 +82,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/configurable-http-proxy/4/debian-12/Dockerfile b/bitnami/configurable-http-proxy/4/debian-12/Dockerfile index a40d9695a95ec..dd7e3c555939c 100644 --- a/bitnami/configurable-http-proxy/4/debian-12/Dockerfile +++ b/bitnami/configurable-http-proxy/4/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T16:07:34Z" \ + org.opencontainers.image.created="2025-01-12T16:49:57Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/configurable-http-proxy/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="4.6.1-debian-12-r25" \ + org.opencontainers.image.ref.name="4.6.3-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/configurable-http-proxy" \ org.opencontainers.image.title="configurable-http-proxy" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="4.6.1" + org.opencontainers.image.version="4.6.3" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,17 +26,17 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 procps zlib1g +RUN install_packages ca-certificates curl libbz2-1.0 libffi8 libgcc-s1 liblzma5 libncursesw6 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "node-18.20.3-0-linux-${OS_ARCH}-debian-12" \ - "configurable-http-proxy-4.6.1-3-linux-${OS_ARCH}-debian-12" \ + "python-3.13.1-1-linux-${OS_ARCH}-debian-12" \ + "node-22.13.0-1-linux-${OS_ARCH}-debian-12" \ + "configurable-http-proxy-4.6.3-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="4.6.1" \ +ENV APP_VERSION="4.6.3" \ BITNAMI_APP_NAME="configurable-http-proxy" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/node/bin:/opt/bitnami/configurable-http-proxy/bin:$PATH" diff --git a/bitnami/configurable-http-proxy/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/configurable-http-proxy/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 7299129150b9b..93375d904bde5 100644 --- a/bitnami/configurable-http-proxy/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/configurable-http-proxy/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.6.1-3" + "version": "4.6.3-0" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "18.20.3-0" + "version": "22.13.0-1" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.13.1-1" } } \ No newline at end of file diff --git a/bitnami/configurable-http-proxy/4/debian-12/tags-info.yaml b/bitnami/configurable-http-proxy/4/debian-12/tags-info.yaml index 8ff4b7bff1e96..a3fcdc6885882 100644 --- a/bitnami/configurable-http-proxy/4/debian-12/tags-info.yaml +++ b/bitnami/configurable-http-proxy/4/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "4" - 4-debian-12 -- 4.6.1 +- 4.6.3 - latest diff --git a/bitnami/configurable-http-proxy/README.md b/bitnami/configurable-http-proxy/README.md index e0b4a22c3966b..212b7ad260d1c 100644 --- a/bitnami/configurable-http-proxy/README.md +++ b/bitnami/configurable-http-proxy/README.md @@ -22,11 +22,17 @@ docker run --name configurable-http-proxy bitnami/configurable-http-proxy:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Configurable HTTP Proxy in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Configurable HTTP Proxy in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -56,7 +62,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -86,7 +92,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/consul-exporter/0/debian-12/Dockerfile b/bitnami/consul-exporter/0/debian-12/Dockerfile index e7c697ca6959c..65314ed609283 100644 --- a/bitnami/consul-exporter/0/debian-12/Dockerfile +++ b/bitnami/consul-exporter/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:07:50Z" \ + org.opencontainers.image.created="2025-01-02T20:38:03Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/consul-exporter/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.12.0-debian-12-r4" \ + org.opencontainers.image.ref.name="0.13.0-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/consul-exporter" \ org.opencontainers.image.title="consul-exporter" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.12.0" + org.opencontainers.image.version="0.13.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "consul-exporter-0.12.0-2-linux-${OS_ARCH}-debian-12" \ + "consul-exporter-0.13.0-2-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN chmod g+rwX /opt/bitnami RUN ln -sf /opt/bitnami/consul-exporter/bin/consul_exporter /bin/consul_exporter RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="0.12.0" \ +ENV APP_VERSION="0.13.0" \ BITNAMI_APP_NAME="consul-exporter" \ PATH="/opt/bitnami/consul-exporter/bin:$PATH" diff --git a/bitnami/consul-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/consul-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index f4f79dc8f9474..a5cc74b30b7de 100644 --- a/bitnami/consul-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/consul-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.12.0-2" + "version": "0.13.0-2" } } \ No newline at end of file diff --git a/bitnami/consul-exporter/0/debian-12/tags-info.yaml b/bitnami/consul-exporter/0/debian-12/tags-info.yaml index 0ae408e66a8ad..3e31067460f28 100644 --- a/bitnami/consul-exporter/0/debian-12/tags-info.yaml +++ b/bitnami/consul-exporter/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.12.0 +- 0.13.0 - latest diff --git a/bitnami/consul-exporter/README.md b/bitnami/consul-exporter/README.md index d6add82a828a2..92812cbe0a812 100644 --- a/bitnami/consul-exporter/README.md +++ b/bitnami/consul-exporter/README.md @@ -22,15 +22,21 @@ docker run --name consul-exporter bitnami/consul-exporter:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Consul Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Consul Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -148,7 +154,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/consul/1/debian-12/Dockerfile b/bitnami/consul/1/debian-12/Dockerfile index 78363955f4550..9724f52788067 100644 --- a/bitnami/consul/1/debian-12/Dockerfile +++ b/bitnami/consul/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-19T16:16:46Z" \ + org.opencontainers.image.created="2025-01-11T18:41:56Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/consul/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.18.2-debian-12-r0" \ + org.opencontainers.image.ref.name="1.20.2-debian-12-r2" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/consul" \ org.opencontainers.image.title="consul" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.18.2" + org.opencontainers.image.version="1.20.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl iproute2 procps zlib1g-dev RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "consul-1.18.2-0-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "consul-1.20.2-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/consul/postunpack.sh -ENV APP_VERSION="1.18.2" \ +ENV APP_VERSION="1.20.2" \ BITNAMI_APP_NAME="consul" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/consul/bin:$PATH" diff --git a/bitnami/consul/1/debian-12/docker-compose.yml b/bitnami/consul/1/debian-12/docker-compose.yml index 61181e28dee07..4be1ed8626dee 100644 --- a/bitnami/consul/1/debian-12/docker-compose.yml +++ b/bitnami/consul/1/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: consul: image: docker.io/bitnami/consul:1 diff --git a/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index f32b5f1282f05..248a938291f3d 100644 --- a/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.18.2-0" + "version": "1.20.2-0" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" } } \ No newline at end of file diff --git a/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/consul/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/consul/1/debian-12/tags-info.yaml b/bitnami/consul/1/debian-12/tags-info.yaml index 1122c98a37b08..753632575d00f 100644 --- a/bitnami/consul/1/debian-12/tags-info.yaml +++ b/bitnami/consul/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.18.2 +- 1.20.2 - latest diff --git a/bitnami/consul/README.md b/bitnami/consul/README.md index 6e14a27a0efc6..7e378f0236a67 100644 --- a/bitnami/consul/README.md +++ b/bitnami/consul/README.md @@ -24,7 +24,7 @@ You can find the available configuration options in the [Environment Variables]( * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use HashiCorp Consul in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use HashiCorp Consul in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy HashiCorp Consul in Kubernetes? @@ -34,11 +34,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -531,7 +537,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/consul/docker-compose-cluster.yml b/bitnami/consul/docker-compose-cluster.yml index ff976eac83944..e4374a7e31e5d 100644 --- a/bitnami/consul/docker-compose-cluster.yml +++ b/bitnami/consul/docker-compose-cluster.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: consul-node1: image: docker.io/bitnami/consul:1 diff --git a/bitnami/consul/docker-compose.yml b/bitnami/consul/docker-compose.yml index 61181e28dee07..4be1ed8626dee 100644 --- a/bitnami/consul/docker-compose.yml +++ b/bitnami/consul/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: consul: image: docker.io/bitnami/consul:1 diff --git a/bitnami/contour/1.27/debian-12/Dockerfile b/bitnami/contour/1.27/debian-12/Dockerfile deleted file mode 100644 index 8a2b79410ae43..0000000000000 --- a/bitnami/contour/1.27/debian-12/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-16T11:58:11Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/contour/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.27.3-debian-12-r2" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/contour" \ - org.opencontainers.image.title="contour" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.27.3" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "contour-1.27.3-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/contour/bin/contour /bin/contour - -ENV APP_VERSION="1.27.3" \ - BITNAMI_APP_NAME="contour" \ - PATH="/opt/bitnami/contour/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "contour" ] diff --git a/bitnami/contour/1.27/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/contour/1.27/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index abd510e9dddd8..0000000000000 --- a/bitnami/contour/1.27/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "contour": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.27.3-2" - } -} \ No newline at end of file diff --git a/bitnami/contour/1.27/debian-12/tags-info.yaml b/bitnami/contour/1.27/debian-12/tags-info.yaml deleted file mode 100644 index a921f10ef4330..0000000000000 --- a/bitnami/contour/1.27/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "1.27" -- 1.27-debian-12 -- 1.27.3 diff --git a/bitnami/contour/1.28/README.md b/bitnami/contour/1.28/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/contour/1.28/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/contour/1.28/debian-12/Dockerfile b/bitnami/contour/1.28/debian-12/Dockerfile deleted file mode 100644 index 99a66e3db58b6..0000000000000 --- a/bitnami/contour/1.28/debian-12/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-16T11:45:25Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/contour/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.28.4-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/contour" \ - org.opencontainers.image.title="contour" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.28.4" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "contour-1.28.4-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/contour/bin/contour /bin/contour - -ENV APP_VERSION="1.28.4" \ - BITNAMI_APP_NAME="contour" \ - PATH="/opt/bitnami/contour/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "contour" ] diff --git a/bitnami/contour/1.28/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/contour/1.28/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 6b452c3e4c924..0000000000000 --- a/bitnami/contour/1.28/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "contour": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.28.4-2" - } -} \ No newline at end of file diff --git a/bitnami/contour/1.28/debian-12/tags-info.yaml b/bitnami/contour/1.28/debian-12/tags-info.yaml deleted file mode 100644 index f817d83564535..0000000000000 --- a/bitnami/contour/1.28/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "1.28" -- 1.28-debian-12 -- 1.28.4 -- latest diff --git a/bitnami/contour/1.29/README.md b/bitnami/contour/1.29/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/contour/1.29/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/contour/1.29/debian-12/Dockerfile b/bitnami/contour/1.29/debian-12/Dockerfile deleted file mode 100644 index 5af041c0ae32c..0000000000000 --- a/bitnami/contour/1.29/debian-12/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-16T16:07:34Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/contour/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.29.0-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/contour" \ - org.opencontainers.image.title="contour" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.29.0" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "contour-1.29.0-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/contour/bin/contour /bin/contour - -ENV APP_VERSION="1.29.0" \ - BITNAMI_APP_NAME="contour" \ - PATH="/opt/bitnami/contour/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "contour" ] diff --git a/bitnami/contour/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/contour/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index bfed19f21202b..0000000000000 --- a/bitnami/contour/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "contour": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.29.0-0" - } -} \ No newline at end of file diff --git a/bitnami/contour/1.29/debian-12/tags-info.yaml b/bitnami/contour/1.29/debian-12/tags-info.yaml deleted file mode 100644 index 5b9b9964149fd..0000000000000 --- a/bitnami/contour/1.29/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "1.29" -- 1.29-debian-12 -- 1.29.0 -- latest diff --git a/bitnami/contour/1.30/debian-12/Dockerfile b/bitnami/contour/1.30/debian-12/Dockerfile new file mode 100644 index 0000000000000..e8d3c946d862a --- /dev/null +++ b/bitnami/contour/1.30/debian-12/Dockerfile @@ -0,0 +1,55 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-02T21:31:13Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/contour/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="1.30.1-debian-12-r4" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/contour" \ + org.opencontainers.image.title="contour" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="1.30.1" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "contour-1.30.1-2-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN ln -s /opt/bitnami/contour/bin/contour /bin/contour + +ENV APP_VERSION="1.30.1" \ + BITNAMI_APP_NAME="contour" \ + PATH="/opt/bitnami/contour/bin:$PATH" + +USER 1001 +ENTRYPOINT [ "contour" ] diff --git a/bitnami/contour/1.30/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/contour/1.30/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..83e771b74035a --- /dev/null +++ b/bitnami/contour/1.30/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "contour": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.30.1-2" + } +} \ No newline at end of file diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/contour/1.30/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/contour/1.30/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/contour/1.30/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/contour/1.30/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/contour/1.30/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/contour/1.30/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/envoy/1.30/debian-12/tags-info.yaml b/bitnami/contour/1.30/debian-12/tags-info.yaml similarity index 100% rename from bitnami/envoy/1.30/debian-12/tags-info.yaml rename to bitnami/contour/1.30/debian-12/tags-info.yaml diff --git a/bitnami/contour/README.md b/bitnami/contour/README.md index 9e673889a0af1..66abc66b3a21c 100644 --- a/bitnami/contour/README.md +++ b/bitnami/contour/README.md @@ -22,15 +22,21 @@ docker run --name contour bitnami/contour:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Contour in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Contour in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.bitnami.com/containers/how-to/work-with-non-root-containers/). +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -164,7 +170,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/cosign/2/debian-12/Dockerfile b/bitnami/cosign/2/debian-12/Dockerfile index 24be2621f806e..8c8bbf4bf36f3 100644 --- a/bitnami/cosign/2/debian-12/Dockerfile +++ b/bitnami/cosign/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:14:17Z" \ + org.opencontainers.image.created="2025-01-02T21:36:38Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cosign/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.2.4-debian-12-r4" \ + org.opencontainers.image.ref.name="2.4.1-debian-12-r5" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cosign" \ org.opencontainers.image.title="cosign" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.2.4" + org.opencontainers.image.version="2.4.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "cosign-2.2.4-2-linux-${OS_ARCH}-debian-12" \ + "cosign-2.4.1-3-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir "/.docker" && chmod g+rwX "/.docker" RUN mkdir "/.sigstore" && chmod g+rwX "/.sigstore" -ENV APP_VERSION="2.2.4" \ +ENV APP_VERSION="2.4.1" \ BITNAMI_APP_NAME="cosign" \ PATH="/opt/bitnami/cosign/bin:$PATH" diff --git a/bitnami/cosign/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cosign/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 42b1f8f507999..515c9dbd700fc 100644 --- a/bitnami/cosign/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cosign/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.2.4-2" + "version": "2.4.1-3" } } \ No newline at end of file diff --git a/bitnami/cosign/2/debian-12/tags-info.yaml b/bitnami/cosign/2/debian-12/tags-info.yaml index b008eb1f9a857..5f1117b6e64c2 100644 --- a/bitnami/cosign/2/debian-12/tags-info.yaml +++ b/bitnami/cosign/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.2.4 +- 2.4.1 - latest diff --git a/bitnami/cosign/README.md b/bitnami/cosign/README.md index 2de108c2a69c1..c3c2ae41bd48d 100644 --- a/bitnami/cosign/README.md +++ b/bitnami/cosign/README.md @@ -22,11 +22,17 @@ docker run -it --name cosign bitnami/cosign * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Cosign in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Cosign in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/couchdb/3/debian-12/Dockerfile b/bitnami/couchdb/3/debian-12/Dockerfile index 0960cca066b79..9fbb7b05f1fb6 100644 --- a/bitnami/couchdb/3/debian-12/Dockerfile +++ b/bitnami/couchdb/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:15:00Z" \ + org.opencontainers.image.created="2025-01-08T21:08:12Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/couchdb/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.3.3-debian-12-r16" \ + org.opencontainers.image.ref.name="3.4.2-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/couchdb" \ org.opencontainers.image.title="couchdb" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.3.3" + org.opencontainers.image.version="3.4.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,15 +29,15 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libgcc-s1 libicu72 libssl3 libstdc++6 libtinfo6 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "erlang-25.3.2-12-1-linux-${OS_ARCH}-debian-12" \ - "couchdb-3.3.3-4-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "ini-file-1.4.7-8-linux-${OS_ARCH}-debian-12" \ + "erlang-25.3.2-16-0-linux-${OS_ARCH}-debian-12" \ + "couchdb-3.4.2-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/couchdb/postunpack.sh -ENV APP_VERSION="3.3.3" \ +ENV APP_VERSION="3.4.2" \ BITNAMI_APP_NAME="couchdb" \ LD_LIBRARY_PATH="/opt/bitnami/common/lib:$LD_LIBRARY_PATH" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/erlang/bin:/opt/bitnami/couchdb/bin:$PATH" diff --git a/bitnami/couchdb/3/debian-12/docker-compose.yml b/bitnami/couchdb/3/debian-12/docker-compose.yml index 4fc2fb3e53cb0..05ffc38ab9b5d 100644 --- a/bitnami/couchdb/3/debian-12/docker-compose.yml +++ b/bitnami/couchdb/3/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: couchdb: image: docker.io/bitnami/couchdb:3 diff --git a/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 99091b0427919..f16e40d2470a0 100644 --- a/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,24 +3,24 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.3.3-4" + "version": "3.4.2-1" }, "erlang": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "25.3.2-12-1" + "version": "25.3.2-16-0" }, "ini-file": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.4.6-13" + "version": "1.4.7-8" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-12" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/couchdb/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/couchdb/3/debian-12/tags-info.yaml b/bitnami/couchdb/3/debian-12/tags-info.yaml index b4cb9136558b1..196b3dd7cc385 100644 --- a/bitnami/couchdb/3/debian-12/tags-info.yaml +++ b/bitnami/couchdb/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.3.3 +- 3.4.2 - latest diff --git a/bitnami/couchdb/README.md b/bitnami/couchdb/README.md index eedd1eb318a2e..da68d7e053dbe 100644 --- a/bitnami/couchdb/README.md +++ b/bitnami/couchdb/README.md @@ -22,15 +22,21 @@ docker run --name couchdb bitnami/couchdb:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use CouchDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use CouchDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -341,7 +347,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/couchdb/docker-compose.yml b/bitnami/couchdb/docker-compose.yml index 4fc2fb3e53cb0..05ffc38ab9b5d 100644 --- a/bitnami/couchdb/docker-compose.yml +++ b/bitnami/couchdb/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: couchdb: image: docker.io/bitnami/couchdb:3 diff --git a/bitnami/cypress/13/debian-12/Dockerfile b/bitnami/cypress/13/debian-12/Dockerfile index 52c66576ce598..1631c4397ad9c 100644 --- a/bitnami/cypress/13/debian-12/Dockerfile +++ b/bitnami/cypress/13/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T06:46:16Z" \ + org.opencontainers.image.created="2025-01-11T18:19:33Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cypress/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="13.10.0-debian-12-r1" \ + org.opencontainers.image.ref.name="13.17.0-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cypress" \ org.opencontainers.image.title="cypress" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="13.10.0" + org.opencontainers.image.version="13.17.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,17 +26,17 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates chromium curl libasound2 libavahi-client3 libavahi-common3 libblkid1 libbsd0 libbz2-1.0 libcap2 libcom-err2 libcrypt1 libcups2 libdbus-1-3 libexpat1 libffi8 libgbm-dev libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgpg-error0 libgssapi-krb5-2 libgtk-3-0 libgtk2.0-0 libhogweed6 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblz4-1 liblzma5 libmd0 libmount1 libncursesw6 libnettle8 libnotify-dev libnsl2 libnss3 libp11-kit0 libpcre2-8-0 libreadline8 libselinux1 libsqlite3-0 libssl3 libstdc++6 libsystemd0 libtasn1-6 libtinfo6 libtirpc3 libunistring2 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxss1 libxtst6 libzstd1 procps xauth xvfb zlib1g +RUN install_packages ca-certificates chromium curl libasound2 libavahi-client3 libavahi-common3 libblkid1 libbsd0 libbz2-1.0 libcap2 libcom-err2 libcups2 libdbus-1-3 libexpat1 libffi8 libgbm-dev libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgpg-error0 libgssapi-krb5-2 libgtk-3-0 libgtk2.0-0 libhogweed6 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblz4-1 liblzma5 libmd0 libmount1 libncursesw6 libnettle8 libnotify-dev libnss3 libp11-kit0 libpcre2-8-0 libreadline8 libselinux1 libsqlite3-0 libssl3 libstdc++6 libsystemd0 libtasn1-6 libtinfo6 libunistring2 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxss1 libxtst6 libzstd1 procps xauth xvfb zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "node-18.20.3-0-linux-${OS_ARCH}-debian-12" \ - "cypress-13.10.0-0-linux-${OS_ARCH}-debian-12" \ + "python-3.13.1-1-linux-${OS_ARCH}-debian-12" \ + "node-22.13.0-1-linux-${OS_ARCH}-debian-12" \ + "cypress-13.17.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir /.local && chmod g+rwX /.local RUN mkdir /app && chmod g+rwX -R /app /opt/bitnami/node/cypress-cache && ln -s /app /e2e && mkdir -p /usr/local/lib /usr/local/bin && ln -s /opt/bitnami/node/node_modules /usr/local/lib/node_modules && ln -s /usr/local/lib/node_modules/cypress/bin/cypress /usr/local/bin/cypress && mkdir -p /.pki /.local /.config /.cache /.fontconfig && chmod g+rwX -R /.pki /.local /.cache /.config /.fontconfig -ENV APP_VERSION="13.10.0" \ +ENV APP_VERSION="13.17.0" \ BITNAMI_APP_NAME="cypress" \ CYPRESS_CACHE_FOLDER="/opt/bitnami/node/cypress-cache" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/node/bin:/opt/bitnami/node/lib/node_modules/cypress/bin:$PATH" diff --git a/bitnami/cypress/13/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/cypress/13/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 2c93374a5c2b8..c60cd5a336266 100644 --- a/bitnami/cypress/13/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/cypress/13/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "13.10.0-0" + "version": "13.17.0-0" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "18.20.3-0" + "version": "22.13.0-1" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.13.1-1" } } \ No newline at end of file diff --git a/bitnami/cypress/13/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/cypress/13/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/cypress/13/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/cypress/13/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/cypress/13/debian-12/tags-info.yaml b/bitnami/cypress/13/debian-12/tags-info.yaml index 25505a660c766..51dd13e7c4dd4 100644 --- a/bitnami/cypress/13/debian-12/tags-info.yaml +++ b/bitnami/cypress/13/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "13" - 13-debian-12 -- 13.10.0 +- 13.17.0 - latest diff --git a/bitnami/cypress/README.md b/bitnami/cypress/README.md index ef26fa0cd76b2..82f7c36adc8c4 100644 --- a/bitnami/cypress/README.md +++ b/bitnami/cypress/README.md @@ -22,15 +22,21 @@ docker run -it --name cypress bitnami/cypress * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Cypress in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Cypress in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -125,7 +131,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/deepspeed/0/debian-12/Dockerfile b/bitnami/deepspeed/0/debian-12/Dockerfile index bd626d0923165..3c7106fc27a67 100644 --- a/bitnami/deepspeed/0/debian-12/Dockerfile +++ b/bitnami/deepspeed/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-21T17:33:06Z" \ + org.opencontainers.image.created="2025-01-11T18:19:26Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/deepspeed/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.14.2-debian-12-r4" \ + org.opencontainers.image.ref.name="0.16.2-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/deepspeed" \ org.opencontainers.image.title="deepspeed" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.14.2" + org.opencontainers.image.version="0.16.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,14 +29,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages build-essential ca-certificates curl git jq libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgomp1 libgssapi-krb5-2 libjemalloc2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 libuuid1 numactl openssh-server pkg-config procps unzip zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "python-3.10.14-12-linux-${OS_ARCH}-debian-12" \ - "deepspeed-0.14.2-2-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "python-3.11.11-1-linux-${OS_ARCH}-debian-12" \ + "deepspeed-0.16.2-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -50,7 +51,7 @@ RUN mkdir /.local && chmod g+rwX /.local COPY rootfs / RUN mkdir /app /.cache && mkdir -p /home/deepspeed/.local && mkdir -p /home/deepspeed/.ssh && mkdir /home/deepspeed/.cache && ln -s /home/deepspeed/.local /opt/bitnami/deepspeed && ln -s /home/deepspeed/.ssh /opt/bitnami/deepspeed && ln -s /home/deepspeed/.cache /opt/bitnami/deepspeed && chmod g+rwX /app /.cache /home/deepspeed/.cache /home/deepspeed/.local -ENV APP_VERSION="0.14.2" \ +ENV APP_VERSION="0.16.2" \ BITNAMI_APP_NAME="deepspeed" \ CFLAGS="-s -I/opt/bitnami/python/include -I/opt/bitnami/common/include" \ CPLUS_INCLUDE_PATH="/opt/bitnami/common/include" \ diff --git a/bitnami/deepspeed/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/deepspeed/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 48e13554e2763..d1c664aa270ae 100644 --- a/bitnami/deepspeed/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/deepspeed/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.14.2-2" + "version": "0.16.2-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.10.14-12" + "version": "3.11.11-1" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" } } \ No newline at end of file diff --git a/bitnami/deepspeed/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/deepspeed/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/deepspeed/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/deepspeed/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/deepspeed/0/debian-12/tags-info.yaml b/bitnami/deepspeed/0/debian-12/tags-info.yaml index 1d5a1a05d0b4d..699a04500e59b 100644 --- a/bitnami/deepspeed/0/debian-12/tags-info.yaml +++ b/bitnami/deepspeed/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.14.2 +- 0.16.2 - latest diff --git a/bitnami/deepspeed/README.md b/bitnami/deepspeed/README.md index 0615489fd5aca..d1380e5972f18 100644 --- a/bitnami/deepspeed/README.md +++ b/bitnami/deepspeed/README.md @@ -22,11 +22,17 @@ docker run -it --name deepspeed bitnami/deepspeed:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use DeepSpeed in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use DeepSpeed in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/dex/2/debian-12/Dockerfile b/bitnami/dex/2/debian-12/Dockerfile index 82fc54732b8c1..b66961ed6bfc0 100644 --- a/bitnami/dex/2/debian-12/Dockerfile +++ b/bitnami/dex/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:14:34Z" \ + org.opencontainers.image.created="2025-01-02T21:40:16Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/dex/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.39.1-debian-12-r6" \ + org.opencontainers.image.ref.name="2.41.1-debian-12-r10" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dex" \ org.opencontainers.image.title="dex" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.39.1" + org.opencontainers.image.version="2.41.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "dex-2.39.1-3-linux-${OS_ARCH}-debian-12" \ + "dex-2.41.1-6-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -44,7 +45,7 @@ RUN apt-get update && apt-get upgrade -y && \ RUN useradd -r -u 1001 -g root dex RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="2.39.1" \ +ENV APP_VERSION="2.41.1" \ BITNAMI_APP_NAME="dex" \ DEX_FRONTEND_DIR="/opt/bitnami/dex/web" \ PATH="/opt/bitnami/dex/bin:$PATH" diff --git a/bitnami/dex/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/dex/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 71d94242bf0d1..8f8100a6ca181 100644 --- a/bitnami/dex/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/dex/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.39.1-3" + "version": "2.41.1-6" } } \ No newline at end of file diff --git a/bitnami/dex/2/debian-12/tags-info.yaml b/bitnami/dex/2/debian-12/tags-info.yaml index 2ea8054337c0d..f5748e18a8fd5 100644 --- a/bitnami/dex/2/debian-12/tags-info.yaml +++ b/bitnami/dex/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.39.1 +- 2.41.1 - latest diff --git a/bitnami/dex/README.md b/bitnami/dex/README.md index 0ce338db25b0e..6f64d962fbed7 100644 --- a/bitnami/dex/README.md +++ b/bitnami/dex/README.md @@ -22,11 +22,17 @@ docker run -it --name dex bitnami/dex * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Dex in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Dex in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/discourse/3/debian-12/Dockerfile b/bitnami/discourse/3/debian-12/Dockerfile index 89f171d8b4dff..5be434fb57116 100644 --- a/bitnami/discourse/3/debian-12/Dockerfile +++ b/bitnami/discourse/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-15T18:08:20Z" \ + org.opencontainers.image.created="2025-01-11T18:29:07Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/discourse/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.2.2-debian-12-r0" \ + org.opencontainers.image.ref.name="3.3.3-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/discourse" \ org.opencontainers.image.title="discourse" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.2.2" + org.opencontainers.image.version="3.3.3" ENV OS_ARCH="${TARGETARCH:-amd64}" \ OS_FLAVOUR="debian-12" \ @@ -27,18 +28,18 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages acl advancecomp ca-certificates curl file gifsicle git hostname imagemagick jhead jpegoptim libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libcurl4 libedit2 libffi8 libgcc-s1 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libicu72 libidn2-0 libjpeg-turbo-progs libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.5-0 liblz4-1 liblzma5 libmd0 libncursesw6 libnettle8 libnghttp2-14 libnsl2 libp11-kit0 libpcre2-8-0 libpq5 libpsl5 libreadline-dev libreadline8 librtmp1 libsasl2-2 libsqlite3-0 libssh2-1 libssl-dev libssl3 libstdc++6 libtasn1-6 libtinfo6 libtirpc3 libunistring2 libuuid1 libxml2 libxslt1.1 libyaml-0-2 libyaml-dev libzstd1 optipng pngcrush pngquant procps rsync sqlite3 zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "ruby-3.2.4-10-linux-${OS_ARCH}-debian-12" \ - "postgresql-client-16.3.0-2-linux-${OS_ARCH}-debian-12" \ - "node-18.20.2-2-linux-${OS_ARCH}-debian-12" \ - "brotli-1.1.0-3-linux-${OS_ARCH}-debian-12" \ - "discourse-3.2.2-0-linux-${OS_ARCH}-debian-12" \ + "python-3.12.8-1-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "ruby-3.2.6-0-linux-${OS_ARCH}-debian-12" \ + "postgresql-client-17.2.0-0-linux-${OS_ARCH}-debian-12" \ + "node-18.20.5-1-linux-${OS_ARCH}-debian-12" \ + "brotli-1.1.0-4-linux-${OS_ARCH}-debian-12" \ + "discourse-3.3.3-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -52,7 +53,7 @@ RUN /opt/bitnami/ruby/bin/gem install --force bundler -v '< 2' COPY rootfs / RUN /opt/bitnami/scripts/discourse/postunpack.sh -ENV APP_VERSION="3.2.2" \ +ENV APP_VERSION="3.3.3" \ BITNAMI_APP_NAME="discourse" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/common/bin:/opt/bitnami/ruby/bin:/opt/bitnami/postgresql/bin:/opt/bitnami/node/bin:/opt/bitnami/brotli/bin:/opt/bitnami/discourse/app/assets/javascripts/node_modules/ember-cli/bin:$PATH" diff --git a/bitnami/discourse/3/debian-12/docker-compose.yml b/bitnami/discourse/3/debian-12/docker-compose.yml index 8e51d4b862bfc..8fa5ffdbc24f0 100644 --- a/bitnami/discourse/3/debian-12/docker-compose.yml +++ b/bitnami/discourse/3/debian-12/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: @@ -13,7 +12,7 @@ services: - POSTGRESQL_USERNAME=bn_discourse - POSTGRESQL_DATABASE=bitnami_discourse redis: - image: docker.io/bitnami/redis:7.0 + image: docker.io/bitnami/redis:latest environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes diff --git a/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index ce7f3140a9a5c..29e0daadf4a6d 100644 --- a/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,42 +3,42 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.1.0-3" + "version": "1.1.0-4" }, "discourse": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.2.2-0" + "version": "3.3.3-0" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "18.20.2-2" + "version": "18.20.5-1" }, "postgresql-client": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "16.3.0-2" + "version": "17.2.0-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.12.8-1" }, "ruby": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.2.4-10" + "version": "3.2.6-0" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/discourse/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/discourse-env.sh b/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/discourse-env.sh index 525ba6c42828a..429c7410ff6a0 100644 --- a/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/discourse-env.sh +++ b/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/discourse-env.sh @@ -62,6 +62,7 @@ discourse_env_vars=( DISCOURSE_REDIS_PORT_NUMBER DISCOURSE_REDIS_PASSWORD DISCOURSE_REDIS_USE_SSL + DISCOURSE_REDIS_DB DISCOURSE_HOSTNAME DISCOURSE_SKIP_INSTALL SMTP_HOST @@ -80,6 +81,7 @@ discourse_env_vars=( REDIS_PORT_NUMBER REDIS_PASSWORD REDIS_USE_SSL + REDIS_DB ) for env_var in "${discourse_env_vars[@]}"; do file_env_var="${env_var}_FILE" @@ -174,5 +176,7 @@ DISCOURSE_REDIS_PASSWORD="${DISCOURSE_REDIS_PASSWORD:-"${REDIS_PASSWORD:-}"}" export DISCOURSE_REDIS_PASSWORD="${DISCOURSE_REDIS_PASSWORD:-}" DISCOURSE_REDIS_USE_SSL="${DISCOURSE_REDIS_USE_SSL:-"${REDIS_USE_SSL:-}"}" export DISCOURSE_REDIS_USE_SSL="${DISCOURSE_REDIS_USE_SSL:-no}" +DISCOURSE_REDIS_DB="${DISCOURSE_REDIS_DB:-"${REDIS_DB:-}"}" +export DISCOURSE_REDIS_DB="${DISCOURSE_REDIS_DB:-0}" # Custom environment variables may be defined below diff --git a/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/discourse/postunpack.sh b/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/discourse/postunpack.sh index f970020fcb716..9ec0ef06e1ef5 100755 --- a/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/discourse/postunpack.sh +++ b/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/discourse/postunpack.sh @@ -48,6 +48,13 @@ done # We need to remove the broken symlink for chown to succeed find "${DISCOURSE_BASE_DIR}/vendor/bundle/ruby" -wholename "*/sprockets-*/test/fixtures/errors/symlink" -type l -exec rm -f {} \; +# Add execution permissions to esbuild and ember binaries +chmod +x "${DISCOURSE_BASE_DIR}/node_modules/@esbuild/"linux-*"/bin/esbuild" "${DISCOURSE_BASE_DIR}/node_modules/ember-cli/bin/ember" "${DISCOURSE_BASE_DIR}/node_modules/.bin"/* + +# HACK: The discourse source code is trying to access the deprecated Imagemagick "magick". In newer versions it was changed to "convert". Creating +# a symlink to avoid any issue +# https://github.com/discourse/discourse/blob/3f5b0dc98d0235adeea5b91c1656420418de6589/lib/upload_creator.rb#L421 +ln -sf "$(which convert)" "/usr/bin/magick" # Required for running as non-root users, for persistence logic to work properly # Using g+rwx/g+rw instead of explicit 775/664 permissions because Discourse includes executable binaries in different subfolders configure_permissions_ownership "$DISCOURSE_BASE_DIR" -d "g+rwx" -f "g+rw" -u "$DISCOURSE_DAEMON_USER" -g "root" diff --git a/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/libdiscourse.sh b/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/libdiscourse.sh index 0e6291450f792..6c620d143b958 100644 --- a/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/libdiscourse.sh +++ b/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/libdiscourse.sh @@ -91,6 +91,7 @@ discourse_validate() { ! is_empty_value "$DISCOURSE_REDIS_HOST" && check_resolved_hostname "$DISCOURSE_REDIS_HOST" ! is_empty_value "$DISCOURSE_REDIS_PORT_NUMBER" && check_valid_port "DISCOURSE_REDIS_PORT_NUMBER" ! is_empty_value "$DISCOURSE_REDIS_USE_SSL" && check_yes_no_value "DISCOURSE_REDIS_USE_SSL" + ! is_empty_value "$DISCOURSE_REDIS_DB" && is_positive_int "$DISCOURSE_REDIS_DB" if ! is_file_writable "$DISCOURSE_CONF_FILE"; then warn "The Discourse configuration file ${DISCOURSE_CONF_FILE} is not writable. Configurations specified via environment variables will not be applied to this file." is_boolean_yes "$DISCOURSE_ENABLE_CONF_PERSISTENCE" && warn "The DISCOURSE_ENABLE_CONF_PERSISTENCE configuration is enabled but the ${DISCOURSE_CONF_FILE} file is not writable. The file will not be persisted." @@ -187,10 +188,6 @@ discourse_initialize() { discourse_rake_execute db:migrate fi - # Set execution permissions to ember's binary (required for assets precompile) - # Add symlink to discourse/bin for simplicity - chmod +x "${DISCOURSE_BASE_DIR}/app/assets/javascripts/node_modules/ember-cli/bin/ember" - ln -sf "${DISCOURSE_BASE_DIR}/app/assets/javascripts/node_modules/ember-cli/bin/ember" "${DISCOURSE_BASE_DIR}/bin/ember" if is_boolean_yes "$DISCOURSE_PRECOMPILE_ASSETS"; then info "Precompiling assets, this may take some time..." discourse_rake_execute assets:precompile @@ -259,6 +256,7 @@ discourse_create_conf_file() { discourse_conf_set "redis_host" "$DISCOURSE_REDIS_HOST" discourse_conf_set "redis_port" "$DISCOURSE_REDIS_PORT_NUMBER" discourse_conf_set "redis_password" "$DISCOURSE_REDIS_PASSWORD" + discourse_conf_set "redis_db" "$DISCOURSE_REDIS_DB" is_boolean_yes "$DISCOURSE_REDIS_USE_SSL" && discourse_conf_set "redis_use_ssl" true # SMTP credentials if ! is_empty_value "$DISCOURSE_SMTP_HOST"; then diff --git a/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh b/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh index 3c8c53037a6af..65238dfff60bc 100644 --- a/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh +++ b/bitnami/discourse/3/debian-12/rootfs/opt/bitnami/scripts/libpostgresqlclient.sh @@ -176,7 +176,7 @@ postgresql_execute_print_output() { local opts read -r -a opts <<<"${@:4}" - local args=("-U" "$user" "-p" "${POSTGRESQL_PORT_NUMBER:-5432}") + local args=("-U" "$user" "-p" "${POSTGRESQL_PORT_NUMBER:-5432}" "-h" "127.0.0.1") [[ -n "$db" ]] && args+=("-d" "$db") [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") diff --git a/bitnami/discourse/3/debian-12/tags-info.yaml b/bitnami/discourse/3/debian-12/tags-info.yaml index 2d08161276f09..b4cb9136558b1 100644 --- a/bitnami/discourse/3/debian-12/tags-info.yaml +++ b/bitnami/discourse/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.2.2 +- 3.3.3 - latest diff --git a/bitnami/discourse/README.md b/bitnami/discourse/README.md index c845d9c5537fe..2a70d4625918a 100644 --- a/bitnami/discourse/README.md +++ b/bitnami/discourse/README.md @@ -25,11 +25,17 @@ eployment. * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Discourse® in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Discourse® in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -300,6 +306,7 @@ The set of default standard configuration files may be found [here](https://gith | `DISCOURSE_REDIS_PORT_NUMBER` | Redis(R) server port. | `6379` | | `DISCOURSE_REDIS_PASSWORD` | Redis(R) user password. | `nil` | | `DISCOURSE_REDIS_USE_SSL` | Whether to enable SSL for Redis(R). | `no` | +| `DISCOURSE_REDIS_DB` | Redis(R) database number. | `0` | #### Read-only environment variables @@ -584,7 +591,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/discourse/docker-compose.yml b/bitnami/discourse/docker-compose.yml index 8e51d4b862bfc..8fa5ffdbc24f0 100644 --- a/bitnami/discourse/docker-compose.yml +++ b/bitnami/discourse/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: @@ -13,7 +12,7 @@ services: - POSTGRESQL_USERNAME=bn_discourse - POSTGRESQL_DATABASE=bitnami_discourse redis: - image: docker.io/bitnami/redis:7.0 + image: docker.io/bitnami/redis:latest environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes diff --git a/bitnami/dokuwiki/20240206/debian-12/Dockerfile b/bitnami/dokuwiki/20240206/debian-12/Dockerfile deleted file mode 100644 index cb4f5ba7d8723..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/Dockerfile +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-28T16:55:04Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/dokuwiki/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="20240206.1.0-debian-12-r18" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dokuwiki" \ - org.opencontainers.image.title="dokuwiki" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="20240206.1.0" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages acl ca-certificates curl ldap-utils libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 libldap-common liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam-ldapd libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 nslcd openssl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "php-8.2.19-1-linux-${OS_ARCH}-debian-12" \ - "apache-2.4.59-2-linux-${OS_ARCH}-debian-12" \ - "libphp-8.2.19-1-linux-${OS_ARCH}-debian-12" \ - "dokuwiki-20240206.1.0-10-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/apache/postunpack.sh -RUN /opt/bitnami/scripts/php/postunpack.sh -RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh -RUN /opt/bitnami/scripts/dokuwiki/postunpack.sh -ENV APACHE_HTTPS_PORT_NUMBER="" \ - APACHE_HTTP_PORT_NUMBER="" \ - APP_VERSION="20240206.1.0" \ - BITNAMI_APP_NAME="dokuwiki" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:$PATH" - -EXPOSE 8080 8443 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/dokuwiki/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/apache/run.sh" ] diff --git a/bitnami/dokuwiki/20240206/debian-12/docker-compose.yml b/bitnami/dokuwiki/20240206/debian-12/docker-compose.yml deleted file mode 100644 index 8da69b492f412..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - dokuwiki: - image: docker.io/bitnami/dokuwiki:20240206 - ports: - - '80:8080' - - '443:8443' - volumes: - - 'dokuwiki_data:/bitnami/dokuwiki' -volumes: - dokuwiki_data: - driver: local diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 10a270e993c0e..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "apache": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.4.59-2" - }, - "dokuwiki": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "20240206.1.0-10" - }, - "libphp": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.2.19-1" - }, - "php": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.2.19-1" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - } -} \ No newline at end of file diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh deleted file mode 100755 index eb8f766a37bf1..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh - -######################## -# Sets up the default Bitnami configuration -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_setup_bitnami_config() { - local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" - - # Enable Apache modules - local -a modules_to_enable=( - "deflate_module" - "negotiation_module" - "proxy[^\s]*_module" - "rewrite_module" - "slotmem_shm_module" - "socache_shmcb_module" - "ssl_module" - "status_module" - "version_module" - ) - for module in "${modules_to_enable[@]}"; do - apache_enable_module "$module" - done - - # Disable Apache modules - local -a modules_to_disable=( - "http2_module" - "proxy_hcheck_module" - "proxy_html_module" - "proxy_http2_module" - ) - for module in "${modules_to_disable[@]}"; do - apache_disable_module "$module" - done - - # Bitnami customizations - ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" - render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" - render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - - # Add new configuration only once, to avoid a second postunpack run breaking Apache - local apache_conf_add - apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < - RequestHeader unset Proxy - -EOF - fi -} - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -apache_setup_bitnami_config - -# Ensure non-root user has write permissions on a set of directories -for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides -ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" - -ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" -ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" - -# This file is necessary for avoiding the error -# "unable to write random state" -# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean - -touch /.rnd && chmod g+rw /.rnd - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki-env.sh b/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki-env.sh deleted file mode 100644 index e9f79b347741e..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki-env.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for dokuwiki - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-dokuwiki}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -dokuwiki_env_vars=( - DOKUWIKI_DATA_TO_PERSIST - DOKUWIKI_USERNAME - DOKUWIKI_FULL_NAME - DOKUWIKI_EMAIL - DOKUWIKI_PASSWORD - DOKUWIKI_WIKI_NAME -) -for env_var in "${dokuwiki_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset dokuwiki_env_vars - -# Paths -export DOKUWIKI_BASE_DIR="${BITNAMI_ROOT_DIR}/dokuwiki" - -# DokuWiki persistence configuration -export DOKUWIKI_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/dokuwiki" -export DOKUWIKI_DATA_TO_PERSIST="${DOKUWIKI_DATA_TO_PERSIST:-data conf lib/plugins lib/tpl lib/images/smileys/local lib/images/interwiki}" - -# DokuWiki configuration -export DOKUWIKI_USERNAME="${DOKUWIKI_USERNAME:-user}" -export DOKUWIKI_FULL_NAME="${DOKUWIKI_FULL_NAME:-FirstName LastName}" -export DOKUWIKI_EMAIL="${DOKUWIKI_EMAIL:-user@example.com}" -export DOKUWIKI_PASSWORD="${DOKUWIKI_PASSWORD:-bitnami1}" -export DOKUWIKI_WIKI_NAME="${DOKUWIKI_WIKI_NAME:-Bitnami DokuWiki}" - -# PHP configuration -export PHP_DEFAULT_MEMORY_LIMIT="256M" # only used at build time - -# Custom environment variables may be defined below diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/entrypoint.sh b/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/entrypoint.sh deleted file mode 100755 index a6b9bbdef4c16..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/entrypoint.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load DokuWiki environment -. /opt/bitnami/scripts/dokuwiki-env.sh - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libwebserver.sh - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/$(web_server_type)/run.sh" || "$1" = "/opt/bitnami/scripts/nginx-php-fpm/run.sh" ]]; then - info "** Starting DokuWiki setup **" - /opt/bitnami/scripts/"$(web_server_type)"/setup.sh - /opt/bitnami/scripts/php/setup.sh - /opt/bitnami/scripts/dokuwiki/setup.sh - /post-init.sh - info "** DokuWiki setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/postunpack.sh b/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/postunpack.sh deleted file mode 100755 index 3b7925f031089..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/postunpack.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load DokuWiki environment -. /opt/bitnami/scripts/dokuwiki-env.sh - -# Load PHP environment for 'php_conf_set' (after 'dokuwiki-env.sh' so that MODULE is not set to a wrong value) -. /opt/bitnami/scripts/php-env.sh - -# Load libraries -. /opt/bitnami/scripts/libdokuwiki.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load web server environment and functions (after DokuWiki environment file so MODULE is not set to a wrong value) -. "/opt/bitnami/scripts/$(web_server_type)-env.sh" - -# Ensure the DokuWiki base directory exists and has proper permissions -info "Configuring file permissions for DokuWiki" -ensure_user_exists "$WEB_SERVER_DAEMON_USER" --group "$WEB_SERVER_DAEMON_GROUP" -for dir in "$DOKUWIKI_BASE_DIR" "$DOKUWIKI_VOLUME_DIR" "${DOKUWIKI_BASE_DIR}/lib/images/smileys/local" "${DOKUWIKI_BASE_DIR}/uploads"; do - ensure_dir_exists "$dir" - # Use daemon:root ownership for compatibility when running as a non-root user - configure_permissions_ownership "$dir" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" -done - -# Configure memory limit for PHP -info "Configuring default PHP options for DokuWiki" -php_conf_set memory_limit "$PHP_DEFAULT_MEMORY_LIMIT" - -# Enable default web server configuration for DokuWiki -info "Creating default web server configuration for DokuWiki" -web_server_validate -# shellcheck disable=SC2016 -ensure_web_server_app_configuration_exists "dokuwiki" --type php --apache-extra-directory-configuration ' -# Enable DokuWiki friendly URLs - Based on https://www.dokuwiki.org/rewrite -RewriteEngine on -RewriteRule ^_media/(.*) lib/exe/fetch.php?media=$1 [QSA,L] -RewriteRule ^_detail/(.*) lib/exe/detail.php?media=$1 [QSA,L] -RewriteRule ^_export/([^/]+)/(.*) doku.php?do=export_$1&id=$2 [QSA,L] -RewriteRule ^$ doku.php [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteCond %{REQUEST_FILENAME} !-d -# Fix: DokuWiki rewrite rule affects Apache server-status page and makes it return a DokuWiki 404 page instead -RewriteCond %{REQUEST_URI} !^/server-status$ -RewriteRule (.*) doku.php?id=$1 [QSA,L] -RewriteRule ^index.php$ doku.php -' - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "/opt/bitnami/$(web_server_type)/conf"/* "/opt/bitnami/$(web_server_type)/conf.default" diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/setup.sh b/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/setup.sh deleted file mode 100755 index 50bda13d10e88..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/dokuwiki/setup.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load DokuWiki environment -. /opt/bitnami/scripts/dokuwiki-env.sh - -# Load libraries -. /opt/bitnami/scripts/libdokuwiki.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load web server environment and functions (after DokuWiki environment file so MODULE is not set to a wrong value) -. "/opt/bitnami/scripts/$(web_server_type)-env.sh" - -# Ensure DokuWiki environment variables are valid -dokuwiki_validate - -# Update web server configuration with runtime environment (needs to happen before the initialization) -web_server_update_app_configuration "dokuwiki" - -# Ensure DokuWiki is initialized -dokuwiki_initialize diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libdokuwiki.sh b/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libdokuwiki.sh deleted file mode 100644 index 2d22268d0857c..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libdokuwiki.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami DokuWiki library - -# shellcheck disable=SC1091 -. /opt/bitnami/scripts/php-env.sh - -# Load generic libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libpersistence.sh -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libwebserver.sh - -######################## -# Validate settings in DOKUWIKI_* env vars -# Globals: -# DOKUWIKI_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -dokuwiki_validate() { - debug "Validating settings in DOKUWIKI_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - # Check that the web server is properly set up - web_server_validate || print_validation_error "Web server validation failed" - - return "$error_code" -} - -######################## -# Ensure DokuWiki is initialized -# Globals: -# DOKUWIKI_* -# Arguments: -# None -# Returns: -# None -######################### -dokuwiki_initialize() { - # Check if dokuwiki has already been initialized and persisted in a previous run - local -r app_name="dokuwiki" - if ! is_app_initialized "$app_name"; then - # Ensure the DokuWikiWiki base directory exists and has proper permissions - info "Configuring file permissions for DokuWiki" - ensure_dir_exists "$DOKUWIKI_VOLUME_DIR" - # Use daemon:root ownership for compatibility when running as a non-root user - am_i_root && configure_permissions_ownership "$DOKUWIKI_VOLUME_DIR" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" - - if ! is_boolean_yes "${DOKUWIKI_SKIP_BOOTSTRAP:-}"; then - web_server_start - dokuwiki_pass_wizard - web_server_stop - dokuwiki_enable_friendly_urls - fi - - info "Persisting DokuWiki installation" - persist_app "$app_name" "$DOKUWIKI_DATA_TO_PERSIST" - else - info "Restoring persisted DokuWiki installation" - restore_persisted_app "$app_name" "$DOKUWIKI_DATA_TO_PERSIST" - fi - dokuwiki_configure_DOKU_INC - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Pass Dokiwiki wizzard -# Globals: -# DOKUWIKI_* -# Arguments: -# None -# Returns: -# None -######################### -dokuwiki_pass_wizard() { - local -r port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" - local wizard_url curl_output - local -a curl_opts curl_data_opts - wizard_url="http://127.0.0.1:${port}/install.php" - curl_opts=("--location" "--silent") - curl_data_opts=( - "--data-urlencode" "l=en" - "--data-urlencode" "d[acl]=on" - "--data-urlencode" "d[policy]=0" - "--data-urlencode" "d[allowreg]=on" - "--data-urlencode" "d[license]=cc-by-sa" - "--data-urlencode" "d[pop]=on" - "--data-urlencode" "submit=" - "--data-urlencode" "d[title]=${DOKUWIKI_WIKI_NAME}" - "--data-urlencode" "d[superuser]=${DOKUWIKI_USERNAME}" - "--data-urlencode" "d[fullname]=${DOKUWIKI_FULL_NAME}" - "--data-urlencode" "d[email]=${DOKUWIKI_EMAIL}" - "--data-urlencode" "d[password]=${DOKUWIKI_PASSWORD}" - "--data-urlencode" "d[confirm]=${DOKUWIKI_PASSWORD}" - ) - curl_output="$(curl "${curl_opts[@]}" "${curl_data_opts[@]}" "${wizard_url}" 2>&1)" - if [[ "$curl_output" != *"The configuration was finished successfully."* ]]; then - error "An error occurred while installing DokuWiki" - return 1 - fi -} - -######################## -# Enable DokuWiki friendly URLs -# Globals: -# DOKUWIKI_* -# Arguments: -# None -# Returns: -# None -######################### -dokuwiki_enable_friendly_urls() { - # Based on: https://www.dokuwiki.org/rewrite - echo "\$conf['userewrite'] = 1; // URL rewriting is handled by the webserver" >>"${DOKUWIKI_BASE_DIR}/conf/local.php" -} - -######################## -# Configure DOKU_INC -# Globals: -# DOKUWIKI_* -# Arguments: -# None -# Returns: -# None -######################### -dokuwiki_configure_DOKU_INC() { - # Based on: https://github.com/bitnami/containers/pull/12535 - # Fix DOKU_INC, since we split application from state, DokuWiki's plugins and templates need to know where they live - info "Fix DOKU_INC variable" - auto_prepend_file="$DOKUWIKI_BASE_DIR/conf/auto_prepend.php" - printf '"$auto_prepend_file" - php_conf_set auto_prepend_file "$auto_prepend_file" -} diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/post-init.sh b/bitnami/dokuwiki/20240206/debian-12/rootfs/post-init.sh deleted file mode 100755 index a733e11fd6b2e..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/rootfs/post-init.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Only execute init scripts once -if [[ ! -f "/bitnami/dokuwiki/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then - read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)" - if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/dokuwiki/.user_scripts_initialized" ]]; then - mkdir -p "/bitnami/dokuwiki" - for init_script in "${init_scripts[@]}"; do - for init_script_type_handler in /post-init.d/*.sh; do - "$init_script_type_handler" "$init_script" - done - done - fi - - touch "/bitnami/dokuwiki/.user_scripts_initialized" -fi diff --git a/bitnami/dokuwiki/20240206/debian-12/tags-info.yaml b/bitnami/dokuwiki/20240206/debian-12/tags-info.yaml deleted file mode 100644 index 11ba3c1d4d3bc..0000000000000 --- a/bitnami/dokuwiki/20240206/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "20240206" -- 20240206-debian-12 -- 20240206.1.0 -- latest diff --git a/bitnami/dokuwiki/README.md b/bitnami/dokuwiki/README.md deleted file mode 100644 index 6cd5e20f7fd13..0000000000000 --- a/bitnami/dokuwiki/README.md +++ /dev/null @@ -1,376 +0,0 @@ -# Bitnami package for DokuWiki - -## What is DokuWiki? - -> DokuWiki is a standards-compliant wiki optimized for creating documentation. Designed to be simple to use for small organizations, it stores all data in plain text files so no database is required. - -[Overview of DokuWiki](https://www.splitbrain.org/projects/dokuwiki) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -docker run --name dokuwiki bitnami/dokuwiki:latest -``` - -You can find the default credentials and available configuration options in the [Environment Variables](#environment-variables) section. - -## Why use Bitnami Images? - -* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. -* With Bitnami images the latest bug fixes and features are available as soon as possible. -* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. -* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. -* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. -* Bitnami container images are released on a regular basis with the latest distribution packages available. - -Looking to use DokuWiki in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## Why use a non-root container? - -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). - -## Supported tags and respective `Dockerfile` links - -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). - -You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. - -Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). - -## Get this image - -The recommended way to get the Bitnami DokuWiki Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/dokuwiki). - -```console -docker pull bitnami/dokuwiki:latest -``` - -To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/dokuwiki/tags/) in the Docker Hub Registry. - -```console -docker pull bitnami/dokuwiki:[TAG] -``` - -If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. - -```console -git clone https://github.com/bitnami/containers.git -cd bitnami/APP/VERSION/OPERATING-SYSTEM -docker build -t bitnami/APP:latest . -``` - -## Persisting your application - -If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed. - -For persistence you should mount a directory at the `/bitnami/dokuwiki` path. If the mounted directory is empty, it will be initialized on the first run. - -The above examples define the Docker volumes named dokuwiki_data. The DokuWiki application state will persist as long as volumes are not removed. - -To avoid inadvertent removal of volumes, you can mount host directories as data volumes. Alternatively you can make use of volume plugins to host the volume data. - -### Mount host directories as data volumes with Docker Compose - -This requires a minor change to the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/dokuwiki/docker-compose.yml) file present in this repository: - -```diff - dokuwiki: - ... - volumes: -- - 'dokuwiki_data:/bitnami/dokuwiki' -+ - /path/to/dokuwiki-persistence:/bitnami/dokuwiki - ... --volumes: -- dokuwiki_data: -- driver: local -``` - -> NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID `1001`. - -### Mount host directories as data volumes using the Docker command line - -#### Step 1: Create a network (if it does not exist) - -```console -docker network create dokuwiki-network -``` - -#### Step 2. Create the DokuWiki container with host volumes - -```console -docker run -d --name dokuwiki \ - -p 8080:8080 -p 8443:8443 \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --network dokuwiki-network \ - --volume /path/to/dokuwiki-persistence:/bitnami/dokuwiki \ - bitnami/dokuwiki:latest -``` - -## Configuration - -### Environment variables - -#### Customizable environment variables - -| Name | Description | Default Value | -|----------------------------|--------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------| -| `DOKUWIKI_DATA_TO_PERSIST` | Files to persist relative to the DokuWiki installation directory. To provide multiple values, separate them with a whitespace. | `data conf lib/plugins lib/tpl lib/images/smileys/local lib/images/interwiki` | -| `DOKUWIKI_USERNAME` | DokuWiki superuser username | `user` | -| `DOKUWIKI_FULL_NAME` | Full Name of the DokuWiki superuser | `FirstName LastName` | -| `DOKUWIKI_EMAIL` | Email for the application superuser | `user@example.com` | -| `DOKUWIKI_PASSWORD` | DokuWiki password | `bitnami1` | -| `DOKUWIKI_WIKI_NAME` | Name for the wiki | `Bitnami DokuWiki` | - -#### Read-only environment variables - -| Name | Description | Value | -|----------------------------|-----------------------------------------------------|----------------------------------| -| `DOKUWIKI_BASE_DIR` | DokuWiki installation directory. | `${BITNAMI_ROOT_DIR}/dokuwiki` | -| `DOKUWIKI_VOLUME_DIR` | DokuWiki directory for mounted configuration files. | `${BITNAMI_VOLUME_DIR}/dokuwiki` | -| `PHP_DEFAULT_MEMORY_LIMIT` | Default PHP memory limit. | `256M` | - -When you start the DokuWiki image, you can adjust the configuration of the instance by passing one or more environment variables either on the docker-compose file or on the `docker run` command line. If you want to add a new environment variable: - -* For docker-compose add the variable name and value under the application section in the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/dokuwiki/docker-compose.yml) file present in this repository: - -```yaml -dokuwiki: - ... - environment: - - DOKUWIKI_PASSWORD=my_password - ... -``` - -* For manual execution add a `--env` option with each variable and value: - - ```console - docker run -d --name dokuwiki -p 80:8080 -p 443:8443 \ - --env DOKUWIKI_PASSWORD=my_password \ - --network dokuwiki-tier \ - --volume /path/to/dokuwiki-persistence:/bitnami/dokuwiki \ - bitnami/dokuwiki:latest - ``` - -## Logging - -The Bitnami DokuWiki Docker image sends the container logs to `stdout`. To view the logs: - -```console -docker logs dokuwiki -``` - -Or using Docker Compose: - -```console -docker-compose logs dokuwiki -``` - -You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver. - -## Maintenance - -### Backing up your container - -To backup your data, configuration and logs, follow these simple steps: - -#### Step 1: Stop the currently running container - -```console -docker stop dokuwiki -``` - -Or using Docker Compose: - -```console -docker-compose stop dokuwiki -``` - -#### Step 2: Run the backup command - -We need to mount two volumes in a container we will use to create the backup: a directory on your host to store the backup in, and the volumes from the container we just stopped so we can access the data. - -```console -docker run --rm -v /path/to/dokuwiki-backups:/backups --volumes-from dokuwiki busybox \ - cp -a /bitnami/dokuwiki /backups/latest -``` - -### Restoring a backup - -Restoring a backup is as simple as mounting the backup as volumes in the containers. - -For the DokuWiki container: - -```diff - $ docker run -d --name \ - ... -- --volume /path/to/-persistence:/bitnami/dokuwiki \ -+ --volume /path/to/-backups/latest:/bitnami/dokuwiki \ - bitnami/:latest -``` - -### Upgrade this image - -Bitnami provides up-to-date versions of DokuWiki, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container. We will cover here the upgrade of the DokuWiki container. - -#### Step 1: Get the updated image - -```console -docker pull bitnami/dokuwiki:latest -``` - -#### Step 2: Stop the running container - -Stop the currently running container using the command - -```console -docker-compose stop dokuwiki -``` - -#### Step 3: Take a snapshot of the application state - -Follow the steps in [Backing up your container](#backing-up-your-container) to take a snapshot of the current application state. - -#### Step 4: Remove the currently running container - -Remove the currently running container by executing the following command: - -```console -docker-compose rm -v dokuwiki -``` - -#### Step 5: Run the new image - -Update the image tag in `docker-compose.yml` and re-create your container with the new image: - -```console -docker-compose up -d -``` - -## Customize this image - -The Bitnami DokuWiki Docker image is designed to be extended so it can be used as the base image for your custom web applications. - -### Extend this image - -Before extending this image, please note there are certain configuration settings you can modify using the original image: - -* Settings that can be adapted using environment variables. For instance, you can change the ports used by Apache for HTTP and HTTPS, by setting the environment variables `APACHE_HTTP_PORT_NUMBER` and `APACHE_HTTPS_PORT_NUMBER` respectively. -* [Adding custom virtual hosts](https://github.com/bitnami/containers/blob/main/bitnami/apache#adding-custom-virtual-hosts). -* [Replacing the 'httpd.conf' file](https://github.com/bitnami/containers/blob/main/bitnami/apache#full-configuration). -* [Using custom SSL certificates](https://github.com/bitnami/containers/blob/main/bitnami/apache#using-custom-ssl-certificates). - -If your desired customizations cannot be covered using the methods mentioned above, extend the image. To do so, create your own image using a Dockerfile with the format below: - -```Dockerfile -FROM bitnami/dokuwiki -## Put your customizations below -... -``` - -Here is an example of extending the image with the following modifications: - -* Install the `vim` editor -* Modify the Apache configuration file -* Modify the ports used by Apache - -```Dockerfile -FROM bitnami/dokuwiki - -## Change user to perform privileged actions -USER 0 -## Install 'vim' -RUN install_packages vim -## Revert to the original non-root user -USER 1001 - -## Enable mod_ratelimit module -RUN sed -i -r 's/#LoadModule ratelimit_module/LoadModule ratelimit_module/' /opt/bitnami/apache/conf/httpd.conf - -## Modify the ports used by Apache by default -# It is also possible to change these environment variables at runtime -ENV APACHE_HTTP_PORT_NUMBER=8181 -ENV APACHE_HTTPS_PORT_NUMBER=8143 -EXPOSE 8181 8143 -``` - -Based on the extended image, you can update the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/dokuwiki/docker-compose.yml) file present in this repository to add other features: - -```diff - dokuwiki: -- image: bitnami/dokuwiki:latest -+ build: . - ports: -- - '80:8080' -- - '443:8443' -+ - '80:8181' -+ - '443:8143' - environment: -+ - PHP_MEMORY_LIMIT=512m - ... -``` - -## Notable Changes - -### 20200729.0.0-debian-10-r6 - -* Enabled nice/friendly URLs (#52) - -### 20180422.4.0-debian-10-r0 - -* Changed versionioning to be shorter and more similar to the official version name. - -### 0.20180422.202005011246-debian-10-r68 - -* The size of the container image has been decreased. -* The configuration logic is now based on Bash scripts in the *rootfs/* folder. -* The DokuWiki container image has been migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by changing `USER 1001` to `USER root` in the Dockerfile, or `user: root` in `docker-compose.yml`. Consequences: - * The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. - * Backwards compatibility is not guaranteed when data is persisted using docker or docker-compose. We highly recommend migrating the DokuWiki site by exporting its content, and importing it on a new DokuWiki container. Follow the steps in [Backing up your container](#backing-up-your-container) and [Restoring a backup](#restoring-a-backup) to migrate the data between the old and new container. - -### 0.20180422.201901061035-debian-9-r114 and 0.20180422.201901061035-ol-7-r128 - -* This image has been adapted so it's easier to customize. See the [Customize this image](#customize-this-image) section for more information. -* The Apache configuration volume (`/bitnami/apache`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the Apache configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom Apache configuration files are advised to mount a volume for the configuration at `/opt/bitnami/apache/conf`, or mount specific configuration files individually. -* The PHP configuration volume (`/bitnami/php`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the PHP configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom PHP configuration files are advised to mount a volume for the configuration at `/opt/bitnami/php/conf`, or mount specific configuration files individually. -* Enabling custom Apache certificates by placing them at `/opt/bitnami/apache/certs` has been deprecated, and support for this functionality will be dropped in the near future. Users wanting to enable custom certificates are advised to mount their certificate files on top of the preconfigured ones at `/certs`. - -### 0.20170219.201708232029-r3 - -* Custom smileys, available in `lib/images/smileys/local`, are now persisted. -* In order to upgrade your image from previous versions. - -### 0.20180422.201805030840-r5 - -* Custom InterWiki shortcut icons, available in `lib/images/interwiki/`, are now persisted. -* In order to upgrade your image from previous versions. - -## Using `docker-compose.yaml` - -Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/dokuwiki). - -If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). - -## Contributing - -We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. - -## Issues - -If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/bitnami/dokuwiki/docker-compose.yml b/bitnami/dokuwiki/docker-compose.yml deleted file mode 100644 index 8da69b492f412..0000000000000 --- a/bitnami/dokuwiki/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - dokuwiki: - image: docker.io/bitnami/dokuwiki:20240206 - ports: - - '80:8080' - - '443:8443' - volumes: - - 'dokuwiki_data:/bitnami/dokuwiki' -volumes: - dokuwiki_data: - driver: local diff --git a/bitnami/dotnet-sdk/6/debian-12/Dockerfile b/bitnami/dotnet-sdk/6/debian-12/Dockerfile deleted file mode 100644 index f9261a3e0ab4c..0000000000000 --- a/bitnami/dotnet-sdk/6/debian-12/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-30T23:09:36Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/dotnet-sdk/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="6.0.423-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dotnet-sdk" \ - org.opencontainers.image.title="dotnet-sdk" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="6.0.423" - -ENV HOME="/app" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages build-essential ca-certificates curl git libcap2-bin libgcc-s1 libicu-dev liblttng-ust-dev libsqlite3-dev libssl-dev libstdc++6 pkg-config procps unzip wget zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "dotnet-sdk-6.0.423-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ - sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 0/' /etc/login.defs && \ - sed -i 's/sha512/sha512 minlen=8/' /etc/pam.d/common-password - -COPY rootfs / -RUN /opt/bitnami/scripts/dotnet-sdk/postunpack.sh -ENV APP_VERSION="6.0.423" \ - BITNAMI_APP_NAME="dotnet-sdk" \ - DOTNET_CLI_HOME="/app" \ - DOTNET_ROOT="/opt/bitnami/dotnet-sdk/bin" \ - PATH="/opt/bitnami/dotnet-sdk/bin:$PATH" - -WORKDIR /app -ENTRYPOINT [ "/opt/bitnami/scripts/dotnet-sdk/entrypoint.sh" ] -CMD [ "/bin/bash" ] diff --git a/bitnami/dotnet-sdk/6/debian-12/docker-compose.yml b/bitnami/dotnet-sdk/6/debian-12/docker-compose.yml deleted file mode 100644 index 30843ad3ad7f1..0000000000000 --- a/bitnami/dotnet-sdk/6/debian-12/docker-compose.yml +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - dotnet-sdk: - image: docker.io/bitnami/dotnet-sdk:6 - command: ["tail", "-f", "/dev/null"] # To keep the container running - volumes: - - dotnet_data:/app -volumes: - dotnet_data: - driver: local diff --git a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index e60e276396e18..0000000000000 --- a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "dotnet-sdk": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "6.0.423-0" - } -} \ No newline at end of file diff --git a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/base/functions b/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/base/functions deleted file mode 100644 index b8b756d42617a..0000000000000 --- a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/base/functions +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -[[ ${BASH_DEBUG:-false} = true ]] && set -x - -# Constants -MODULE="$(basename "$0")" -BITNAMI_PREFIX=/opt/bitnami - -# Color Palette -RESET='\033[0m' -BOLD='\033[1m' - -## Foreground -BLACK='\033[38;5;0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -BLUE='\033[38;5;4m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' -WHITE='\033[38;5;7m' - -## Background -ON_BLACK='\033[48;5;0m' -ON_RED='\033[48;5;1m' -ON_GREEN='\033[48;5;2m' -ON_YELLOW='\033[48;5;3m' -ON_BLUE='\033[48;5;4m' -ON_MAGENTA='\033[48;5;5m' -ON_CYAN='\033[48;5;6m' -ON_WHITE='\033[48;5;7m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - printf "%b\\n" "${*}" >&2 -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${NAMI_DEBUG:+${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")}${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - log "" - log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - log "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - log "" -} diff --git a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/base/helpers b/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/base/helpers deleted file mode 100644 index a6d909869eca3..0000000000000 --- a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/base/helpers +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -. /opt/bitnami/base/functions - -######################## -# Helper function to initialize a single nami module -# Arguments: -# Module to initialize -# Returns: -# None -# Description: -# Initialize an unpacked nami module with the `nami initialize` command. -# Command arguments can be specified as function argumnts after the module name. -# `--log-level trace` flag is added to the command if `NAMI_DEBUG` env variable exists. -# The log level can be overridden using the `NAMI_LOG_LEVEL` env variable. -######################### -nami_initialize_one() { - local module="${1:?module not specified}" - if nami inspect $module | grep -q '"lifecycle": "unpacked"'; then - local inputs= - if [[ -f "/${module}-inputs.json" ]]; then - inputs="--inputs-file=/${module}-inputs.json" - fi - nami ${NAMI_DEBUG:+--log-level ${NAMI_LOG_LEVEL:-trace}} initialize $module $inputs "${@:2}" - fi -} - -######################## -# Helper function to initialize one or more nami modules -# Arguments: -# Module to initialize -# Returns: -# None -######################### -nami_initialize() { - local module="${1:?module not specified}" - for module in "${@}"; do - nami_initialize_one $module - done -} diff --git a/bitnami/dotnet-sdk/6/debian-12/rootfs/opt/bitnami/scripts/dotnet-sdk/entrypoint.sh b/bitnami/dotnet-sdk/6/debian-12/rootfs/opt/bitnami/scripts/dotnet-sdk/entrypoint.sh deleted file mode 100755 index b9a949e6c0809..0000000000000 --- a/bitnami/dotnet-sdk/6/debian-12/rootfs/opt/bitnami/scripts/dotnet-sdk/entrypoint.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -e -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -. /opt/bitnami/base/functions -. /opt/bitnami/base/helpers - -print_welcome_page - -exec "$@" diff --git a/bitnami/dotnet-sdk/6/debian-12/rootfs/opt/bitnami/scripts/dotnet-sdk/postunpack.sh b/bitnami/dotnet-sdk/6/debian-12/rootfs/opt/bitnami/scripts/dotnet-sdk/postunpack.sh deleted file mode 100755 index 3d1ee85bfacef..0000000000000 --- a/bitnami/dotnet-sdk/6/debian-12/rootfs/opt/bitnami/scripts/dotnet-sdk/postunpack.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose -mkdir /app -chmod g+rwx /app -setcap CAP_NET_BIND_SERVICE=+eip /opt/bitnami/dotnet-sdk/bin/dotnet diff --git a/bitnami/dotnet-sdk/6/debian-12/tags-info.yaml b/bitnami/dotnet-sdk/6/debian-12/tags-info.yaml deleted file mode 100644 index 0e9ac19274280..0000000000000 --- a/bitnami/dotnet-sdk/6/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "6" -- 6-debian-12 -- 6.0.423 diff --git a/bitnami/dotnet-sdk/8/debian-12/Dockerfile b/bitnami/dotnet-sdk/8/debian-12/Dockerfile index 777caeb43ef65..9e2cad18e4bfb 100644 --- a/bitnami/dotnet-sdk/8/debian-12/Dockerfile +++ b/bitnami/dotnet-sdk/8/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T23:12:37Z" \ + org.opencontainers.image.created="2025-01-11T18:19:37Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/dotnet-sdk/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="8.0.301-debian-12-r0" \ + org.opencontainers.image.ref.name="8.0.404-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dotnet-sdk" \ org.opencontainers.image.title="dotnet-sdk" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="8.0.301" + org.opencontainers.image.version="8.0.404" ENV HOME="/app" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,15 +26,15 @@ ENV HOME="/app" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages build-essential ca-certificates curl git libcap2-bin libgcc-s1 libicu-dev liblttng-ust-dev libsqlite3-dev libssl-dev libstdc++6 pkg-config procps unzip wget zlib1g +RUN install_packages ca-certificates curl libcap2-bin libgcc-s1 libicu-dev liblttng-ust-dev libstdc++6 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "dotnet-sdk-8.0.301-0-linux-${OS_ARCH}-debian-12" \ + "dotnet-sdk-8.0.404-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ COPY rootfs / RUN /opt/bitnami/scripts/dotnet-sdk/postunpack.sh -ENV APP_VERSION="8.0.301" \ +ENV APP_VERSION="8.0.404" \ BITNAMI_APP_NAME="dotnet-sdk" \ DOTNET_CLI_HOME="/app" \ DOTNET_ROOT="/opt/bitnami/dotnet-sdk/bin" \ diff --git a/bitnami/dotnet-sdk/8/debian-12/docker-compose.yml b/bitnami/dotnet-sdk/8/debian-12/docker-compose.yml index 8b3d2fdb9bea5..bfde636ae2458 100644 --- a/bitnami/dotnet-sdk/8/debian-12/docker-compose.yml +++ b/bitnami/dotnet-sdk/8/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: dotnet-sdk: image: docker.io/bitnami/dotnet-sdk:8 diff --git a/bitnami/dotnet-sdk/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/dotnet-sdk/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 75a946ea2bbcb..3672a04e88005 100644 --- a/bitnami/dotnet-sdk/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/dotnet-sdk/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.0.301-0" + "version": "8.0.404-0" } } \ No newline at end of file diff --git a/bitnami/dotnet-sdk/8/debian-12/prebuildfs/opt/bitnami/base/functions b/bitnami/dotnet-sdk/8/debian-12/prebuildfs/opt/bitnami/base/functions index b8b756d42617a..844d8ab3f3bbe 100644 --- a/bitnami/dotnet-sdk/8/debian-12/prebuildfs/opt/bitnami/base/functions +++ b/bitnami/dotnet-sdk/8/debian-12/prebuildfs/opt/bitnami/base/functions @@ -117,7 +117,6 @@ print_image_welcome_page() { log "" log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - log "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + log "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." log "" } diff --git a/bitnami/dotnet-sdk/8/debian-12/tags-info.yaml b/bitnami/dotnet-sdk/8/debian-12/tags-info.yaml index 67ec993f2d1b6..ac3560f87e8f0 100644 --- a/bitnami/dotnet-sdk/8/debian-12/tags-info.yaml +++ b/bitnami/dotnet-sdk/8/debian-12/tags-info.yaml @@ -1,5 +1,4 @@ rolling-tags: - "8" - 8-debian-12 -- 8.0.301 -- latest +- 8.0.404 diff --git a/bitnami/dotnet-sdk/9/README.md b/bitnami/dotnet-sdk/9/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/dotnet-sdk/9/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/dotnet-sdk/README.md b/bitnami/dotnet-sdk/README.md index b358a5ae216ea..5353d12e62d21 100644 --- a/bitnami/dotnet-sdk/README.md +++ b/bitnami/dotnet-sdk/README.md @@ -22,11 +22,17 @@ docker run --name dotnet-sdk bitnami/dotnet-sdk:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use .NET SDK in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use .NET SDK in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -162,7 +168,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/dotnet-sdk/docker-compose.yml b/bitnami/dotnet-sdk/docker-compose.yml index 8b3d2fdb9bea5..272f92046e15d 100644 --- a/bitnami/dotnet-sdk/docker-compose.yml +++ b/bitnami/dotnet-sdk/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: dotnet-sdk: - image: docker.io/bitnami/dotnet-sdk:8 + image: docker.io/bitnami/dotnet-sdk:9 command: ["tail", "-f", "/dev/null"] # To keep the container running volumes: - dotnet_data:/app diff --git a/bitnami/dotnet/6/debian-12/Dockerfile b/bitnami/dotnet/6/debian-12/Dockerfile deleted file mode 100644 index bcbceaddc4c59..0000000000000 --- a/bitnami/dotnet/6/debian-12/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-30T23:01:20Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/dotnet/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="6.0.31-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dotnet" \ - org.opencontainers.image.title="dotnet" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="6.0.31" - -ENV HOME="/app" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages build-essential ca-certificates curl git libcap2-bin libgcc-s1 libicu-dev liblttng-ust-dev libsqlite3-dev libssl-dev libstdc++6 pkg-config procps unzip wget zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "dotnet-6.0.31-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ - sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 0/' /etc/login.defs && \ - sed -i 's/sha512/sha512 minlen=8/' /etc/pam.d/common-password - -COPY rootfs / -RUN /opt/bitnami/scripts/dotnet/postunpack.sh -ENV APP_VERSION="6.0.31" \ - BITNAMI_APP_NAME="dotnet" \ - DOTNET_CLI_HOME="/app" \ - DOTNET_ROOT="/opt/bitnami/dotnet/bin" \ - PATH="/opt/bitnami/dotnet/bin:$PATH" - -WORKDIR /app -ENTRYPOINT [ "/opt/bitnami/scripts/dotnet/entrypoint.sh" ] -CMD [ "/bin/bash" ] diff --git a/bitnami/dotnet/6/debian-12/docker-compose.yml b/bitnami/dotnet/6/debian-12/docker-compose.yml deleted file mode 100644 index d33ee8a8102da..0000000000000 --- a/bitnami/dotnet/6/debian-12/docker-compose.yml +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - dotnet: - image: docker.io/bitnami/dotnet:6 - command: ["tail", "-f", "/dev/null"] # To keep the container running - volumes: - - dotnet_data:/app -volumes: - dotnet_data: - driver: local diff --git a/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index fb3be11404291..0000000000000 --- a/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "dotnet": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "6.0.31-0" - } -} \ No newline at end of file diff --git a/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/base/functions b/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/base/functions deleted file mode 100644 index b8b756d42617a..0000000000000 --- a/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/base/functions +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -[[ ${BASH_DEBUG:-false} = true ]] && set -x - -# Constants -MODULE="$(basename "$0")" -BITNAMI_PREFIX=/opt/bitnami - -# Color Palette -RESET='\033[0m' -BOLD='\033[1m' - -## Foreground -BLACK='\033[38;5;0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -BLUE='\033[38;5;4m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' -WHITE='\033[38;5;7m' - -## Background -ON_BLACK='\033[48;5;0m' -ON_RED='\033[48;5;1m' -ON_GREEN='\033[48;5;2m' -ON_YELLOW='\033[48;5;3m' -ON_BLUE='\033[48;5;4m' -ON_MAGENTA='\033[48;5;5m' -ON_CYAN='\033[48;5;6m' -ON_WHITE='\033[48;5;7m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - printf "%b\\n" "${*}" >&2 -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${NAMI_DEBUG:+${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")}${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - log "" - log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - log "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - log "" -} diff --git a/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/base/helpers b/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/base/helpers deleted file mode 100644 index a6d909869eca3..0000000000000 --- a/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/base/helpers +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -. /opt/bitnami/base/functions - -######################## -# Helper function to initialize a single nami module -# Arguments: -# Module to initialize -# Returns: -# None -# Description: -# Initialize an unpacked nami module with the `nami initialize` command. -# Command arguments can be specified as function argumnts after the module name. -# `--log-level trace` flag is added to the command if `NAMI_DEBUG` env variable exists. -# The log level can be overridden using the `NAMI_LOG_LEVEL` env variable. -######################### -nami_initialize_one() { - local module="${1:?module not specified}" - if nami inspect $module | grep -q '"lifecycle": "unpacked"'; then - local inputs= - if [[ -f "/${module}-inputs.json" ]]; then - inputs="--inputs-file=/${module}-inputs.json" - fi - nami ${NAMI_DEBUG:+--log-level ${NAMI_LOG_LEVEL:-trace}} initialize $module $inputs "${@:2}" - fi -} - -######################## -# Helper function to initialize one or more nami modules -# Arguments: -# Module to initialize -# Returns: -# None -######################### -nami_initialize() { - local module="${1:?module not specified}" - for module in "${@}"; do - nami_initialize_one $module - done -} diff --git a/bitnami/dotnet/6/debian-12/rootfs/opt/bitnami/scripts/dotnet/entrypoint.sh b/bitnami/dotnet/6/debian-12/rootfs/opt/bitnami/scripts/dotnet/entrypoint.sh deleted file mode 100755 index b9a949e6c0809..0000000000000 --- a/bitnami/dotnet/6/debian-12/rootfs/opt/bitnami/scripts/dotnet/entrypoint.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -e -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -. /opt/bitnami/base/functions -. /opt/bitnami/base/helpers - -print_welcome_page - -exec "$@" diff --git a/bitnami/dotnet/6/debian-12/rootfs/opt/bitnami/scripts/dotnet/postunpack.sh b/bitnami/dotnet/6/debian-12/rootfs/opt/bitnami/scripts/dotnet/postunpack.sh deleted file mode 100755 index 2f359c815a39b..0000000000000 --- a/bitnami/dotnet/6/debian-12/rootfs/opt/bitnami/scripts/dotnet/postunpack.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose -mkdir /app -chmod g+rwx /app -setcap CAP_NET_BIND_SERVICE=+eip /opt/bitnami/dotnet/bin/dotnet diff --git a/bitnami/dotnet/6/debian-12/tags-info.yaml b/bitnami/dotnet/6/debian-12/tags-info.yaml deleted file mode 100644 index 57488ee10de88..0000000000000 --- a/bitnami/dotnet/6/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "6" -- 6-debian-12 -- 6.0.31 diff --git a/bitnami/dotnet/8/debian-12/Dockerfile b/bitnami/dotnet/8/debian-12/Dockerfile index 64304a0859f1a..0998b34b7b005 100644 --- a/bitnami/dotnet/8/debian-12/Dockerfile +++ b/bitnami/dotnet/8/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T22:58:02Z" \ + org.opencontainers.image.created="2025-01-11T18:42:26Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/dotnet/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="8.0.6-debian-12-r0" \ + org.opencontainers.image.ref.name="8.0.11-debian-12-r5" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dotnet" \ org.opencontainers.image.title="dotnet" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="8.0.6" + org.opencontainers.image.version="8.0.11" ENV HOME="/app" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,15 +26,15 @@ ENV HOME="/app" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages build-essential ca-certificates curl git libcap2-bin libgcc-s1 libicu-dev liblttng-ust-dev libsqlite3-dev libssl-dev libstdc++6 pkg-config procps unzip wget zlib1g +RUN install_packages ca-certificates curl libcap2-bin libgcc-s1 libicu-dev liblttng-ust-dev libstdc++6 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "dotnet-8.0.6-0-linux-${OS_ARCH}-debian-12" \ + "dotnet-8.0.11-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ COPY rootfs / RUN /opt/bitnami/scripts/dotnet/postunpack.sh -ENV APP_VERSION="8.0.6" \ +ENV APP_VERSION="8.0.11" \ BITNAMI_APP_NAME="dotnet" \ DOTNET_CLI_HOME="/app" \ DOTNET_ROOT="/opt/bitnami/dotnet/bin" \ diff --git a/bitnami/dotnet/8/debian-12/docker-compose.yml b/bitnami/dotnet/8/debian-12/docker-compose.yml index 5d8e02e34473f..5ae0310921b6d 100644 --- a/bitnami/dotnet/8/debian-12/docker-compose.yml +++ b/bitnami/dotnet/8/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: dotnet: image: docker.io/bitnami/dotnet:8 diff --git a/bitnami/dotnet/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/dotnet/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 0083c5d98509d..ad562752b4a10 100644 --- a/bitnami/dotnet/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/dotnet/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.0.6-0" + "version": "8.0.11-0" } } \ No newline at end of file diff --git a/bitnami/dotnet/8/debian-12/prebuildfs/opt/bitnami/base/functions b/bitnami/dotnet/8/debian-12/prebuildfs/opt/bitnami/base/functions index b8b756d42617a..844d8ab3f3bbe 100644 --- a/bitnami/dotnet/8/debian-12/prebuildfs/opt/bitnami/base/functions +++ b/bitnami/dotnet/8/debian-12/prebuildfs/opt/bitnami/base/functions @@ -117,7 +117,6 @@ print_image_welcome_page() { log "" log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - log "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + log "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." log "" } diff --git a/bitnami/dotnet/8/debian-12/tags-info.yaml b/bitnami/dotnet/8/debian-12/tags-info.yaml index d9ac5a11d7e29..c677d54210858 100644 --- a/bitnami/dotnet/8/debian-12/tags-info.yaml +++ b/bitnami/dotnet/8/debian-12/tags-info.yaml @@ -1,5 +1,4 @@ rolling-tags: - "8" - 8-debian-12 -- 8.0.6 -- latest +- 8.0.11 diff --git a/bitnami/dotnet/9/README.md b/bitnami/dotnet/9/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/dotnet/9/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/dotnet/README.md b/bitnami/dotnet/README.md index e68f27060fbe1..a68291053aaa3 100644 --- a/bitnami/dotnet/README.md +++ b/bitnami/dotnet/README.md @@ -22,11 +22,17 @@ docker run --name dotnet bitnami/dotnet:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use .NET in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use .NET in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -162,7 +168,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/dotnet/docker-compose.yml b/bitnami/dotnet/docker-compose.yml index 5d8e02e34473f..f12f0b9dd77bc 100644 --- a/bitnami/dotnet/docker-compose.yml +++ b/bitnami/dotnet/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: dotnet: - image: docker.io/bitnami/dotnet:8 + image: docker.io/bitnami/dotnet:9 command: ["tail", "-f", "/dev/null"] # To keep the container running volumes: - dotnet_data:/app diff --git a/bitnami/dremio/25/debian-12/Dockerfile b/bitnami/dremio/25/debian-12/Dockerfile new file mode 100644 index 0000000000000..671a6b4ce0f31 --- /dev/null +++ b/bitnami/dremio/25/debian-12/Dockerfile @@ -0,0 +1,65 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-08T21:45:26Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/dremio/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="25.2.0-debian-12-r3" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dremio" \ + org.opencontainers.image.title="dremio" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="25.2.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl libgcc-s1 libstdc++6 procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "java-21.0.5-11-1-linux-${OS_ARCH}-debian-12" \ + "dremio-25.2.0-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN mkdir -p /opt/bitnami/dremio/log /opt/bitnami/dremio/tmp /opt/bitnami/dremio/run /bitnami/dremio/data /bitnami/dremio/secrets && chmod g+rwX /bitnami/dremio/secrets /opt/bitnami/dremio/log /opt/bitnami/dremio/tmp /opt/bitnami/dremio/run /bitnami/dremio/data && ln -s /opt/bitnami/dremio/log /var/log/dremio && ln -s /bitnami/dremio/data /var/lib/dremio && ln -s /bitnami/dremio/data /opt/bitnami/dremio/data && ln -s /opt/bitnami/dremio /opt/dremio && ln -s /opt/bitnami/dremio/tmp /var/run/dremio +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN /opt/bitnami/scripts/java/postunpack.sh +ENV APP_VERSION="25.2.0" \ + BITNAMI_APP_NAME="dremio" \ + JAVA_HOME="/opt/bitnami/java" \ + LD_LIBRARY_PATH="/opt/bitnami/java/lib/server:$LD_LIBRARY_PATH" \ + PATH="/opt/bitnami/java/bin:/opt/bitnami/dremio/bin:$PATH" + +EXPOSE 9047 31010 45678 + +WORKDIR /opt/bitnami/dremio +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/dremio/entrypoint.sh", "dremio" ] +CMD [ "start-fg" ] diff --git a/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..ac7671113ae06 --- /dev/null +++ b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "dremio": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "25.2.0-0" + }, + "java": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "21.0.5-11-1" + } +} \ No newline at end of file diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/keycloak/24/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/keycloak/24/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/cassandra/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/dremio/25/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/dremio/25/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/dremio/25/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/dremio/25/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/dremio/25/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/dremio/nss-wrapper/nss_group b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/dremio/nss-wrapper/nss_group new file mode 100644 index 0000000000000..666fb96e1275e --- /dev/null +++ b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/dremio/nss-wrapper/nss_group @@ -0,0 +1 @@ +dremio:x:0: diff --git a/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/dremio/nss-wrapper/nss_passwd b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/dremio/nss-wrapper/nss_passwd new file mode 100644 index 0000000000000..bfe7a4cb80ce2 --- /dev/null +++ b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/dremio/nss-wrapper/nss_passwd @@ -0,0 +1 @@ +dremio:x:1001:0:dremio:/opt/bitnami/dremio:/bin/false diff --git a/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/scripts/dremio/entrypoint.sh b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/scripts/dremio/entrypoint.sh new file mode 100755 index 0000000000000..9ec19b16358ca --- /dev/null +++ b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/scripts/dremio/entrypoint.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh + +print_welcome_page + +# Set nss_wrapper vars only when running as non-root +# Configure libnss_wrapper based on the UID/GID used to run the container +# This container supports arbitrary UIDs, therefore we have do it dynamically +if ! am_i_root; then + export LNAME="dremio" + export LD_PRELOAD="/opt/bitnami/common/lib/libnss_wrapper.so" + if [[ -f "$LD_PRELOAD" ]]; then + info "Configuring libnss_wrapper" + NSS_WRAPPER_PASSWD="$(mktemp)" + export NSS_WRAPPER_PASSWD + NSS_WRAPPER_GROUP="$(mktemp)" + export NSS_WRAPPER_GROUP + if [[ "$HOME" == "/" ]]; then + export HOME="/opt/bitnami/dremio" + fi + echo "dremio:x:$(id -u):$(id -g):dremio:${HOME}:/bin/sh" >"$NSS_WRAPPER_PASSWD" + echo "dremio:x:$(id -g):" >"$NSS_WRAPPER_GROUP" + chmod 400 "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" + fi +fi + +echo "" +[[ "$#" -eq 0 ]] || exec "$@" diff --git a/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh new file mode 100755 index 0000000000000..38802fc0bfe91 --- /dev/null +++ b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + +print_welcome_page + +echo "" +exec "$@" diff --git a/bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/dremio/25/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh rename to bitnami/dremio/25/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh diff --git a/bitnami/dremio/25/debian-12/tags-info.yaml b/bitnami/dremio/25/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..bda236a14a1cd --- /dev/null +++ b/bitnami/dremio/25/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "25" +- 25-debian-12 +- 25.2.0 +- latest diff --git a/bitnami/dremio/README.md b/bitnami/dremio/README.md new file mode 100644 index 0000000000000..855cac6fec68a --- /dev/null +++ b/bitnami/dremio/README.md @@ -0,0 +1,119 @@ +# Bitnami package for Dremio + +## What is Dremio? + +> Dremio is an open-source self-service data access tool that provides high-performance queries for interactive analytics on data lakes. + +[Overview of Dremio](https://www.dremio.com/) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run -it --name dremio bitnami/dremio +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Dremio in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Dremio Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/dremio). + +```console +docker pull bitnami/dremio:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/dremio/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/dremio:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Maintenance + +### Upgrade this image + +Bitnami provides up-to-date versions of Dremio, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container. + +#### Step 1: Get the updated image + +```console +docker pull bitnami/dremio:latest +``` + +or if you're using Docker Compose, update the value of the image property to `bitnami/dremio:latest`. + +#### Step 2: Remove the currently running container + +```console +docker rm -v dremio +``` + +#### Step 3: Run the new image + +Re-create your container from the new image. + +```console +docker run --name dremio bitnami/dremio:latest +``` + +## Configuration + +### Configuration variables + +This container supports the upstream Dremio environment variables. Check the [official Dremio documentation](https://www.dremio.com//dremio-latest/configuration/) for the possible environment variables. + +## Contributing + +We'd love for you to contribute to this Docker image. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/drupal/10/README.md b/bitnami/drupal/10/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/drupal/10/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/drupal/10/debian-12/Dockerfile b/bitnami/drupal/10/debian-12/Dockerfile deleted file mode 100644 index 369d204ae262d..0000000000000 --- a/bitnami/drupal/10/debian-12/Dockerfile +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:39:25Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/drupal/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.2.6-debian-12-r4" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/drupal" \ - org.opencontainers.image.title="drupal" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.2.6" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages acl ca-certificates curl gnupg libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps unzip zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "render-template-1.0.6-12-linux-${OS_ARCH}-debian-12" \ - "php-8.2.19-0-linux-${OS_ARCH}-debian-12" \ - "apache-2.4.59-2-linux-${OS_ARCH}-debian-12" \ - "mysql-client-11.3.2-2-linux-${OS_ARCH}-debian-12" \ - "libphp-8.2.19-1-linux-${OS_ARCH}-debian-12" \ - "drupal-10.2.6-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/apache/postunpack.sh -RUN /opt/bitnami/scripts/php/postunpack.sh -RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh -RUN /opt/bitnami/scripts/drupal/postunpack.sh -RUN /opt/bitnami/scripts/mysql-client/postunpack.sh -ENV APACHE_HTTPS_PORT_NUMBER="" \ - APACHE_HTTP_PORT_NUMBER="" \ - APP_VERSION="10.2.6" \ - BITNAMI_APP_NAME="drupal" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:/opt/bitnami/drupal/vendor/bin:$PATH" - -EXPOSE 8080 8443 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/drupal/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/apache/run.sh" ] diff --git a/bitnami/drupal/10/debian-12/docker-compose.yml b/bitnami/drupal/10/debian-12/docker-compose.yml deleted file mode 100644 index 8609d3b74c9f5..0000000000000 --- a/bitnami/drupal/10/debian-12/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - mariadb: - image: docker.io/bitnami/mariadb:11.3 - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_drupal - - MARIADB_DATABASE=bitnami_drupal - volumes: - - 'mariadb_data:/bitnami/mariadb' - drupal: - image: docker.io/bitnami/drupal:10 - ports: - - '80:8080' - - '443:8443' - environment: - - DRUPAL_DATABASE_HOST=mariadb - - DRUPAL_DATABASE_PORT_NUMBER=3306 - - DRUPAL_DATABASE_USER=bn_drupal - - DRUPAL_DATABASE_NAME=bitnami_drupal - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - 'drupal_data:/bitnami/drupal' - depends_on: - - mariadb -volumes: - mariadb_data: - driver: local - drupal_data: - driver: local diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 0976a2bdd455f..0000000000000 --- a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "apache": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.4.59-2" - }, - "drupal": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.2.6-2" - }, - "libphp": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.2.19-1" - }, - "mysql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.3.2-2" - }, - "php": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.2.19-0" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-12" - } -} \ No newline at end of file diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh deleted file mode 100755 index eb8f766a37bf1..0000000000000 --- a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh - -######################## -# Sets up the default Bitnami configuration -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_setup_bitnami_config() { - local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" - - # Enable Apache modules - local -a modules_to_enable=( - "deflate_module" - "negotiation_module" - "proxy[^\s]*_module" - "rewrite_module" - "slotmem_shm_module" - "socache_shmcb_module" - "ssl_module" - "status_module" - "version_module" - ) - for module in "${modules_to_enable[@]}"; do - apache_enable_module "$module" - done - - # Disable Apache modules - local -a modules_to_disable=( - "http2_module" - "proxy_hcheck_module" - "proxy_html_module" - "proxy_http2_module" - ) - for module in "${modules_to_disable[@]}"; do - apache_disable_module "$module" - done - - # Bitnami customizations - ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" - render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" - render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - - # Add new configuration only once, to avoid a second postunpack run breaking Apache - local apache_conf_add - apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < - RequestHeader unset Proxy - -EOF - fi -} - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -apache_setup_bitnami_config - -# Ensure non-root user has write permissions on a set of directories -for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides -ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" - -ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" -ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" - -# This file is necessary for avoiding the error -# "unable to write random state" -# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean - -touch /.rnd && chmod g+rw /.rnd - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh b/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh deleted file mode 100755 index b206999f26a94..0000000000000 --- a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Drupal environment -. /opt/bitnami/scripts/drupal-env.sh - -# Load PHP environment for 'php_conf_set' (after 'drupal-env.sh' so that MODULE is not set to a wrong value) -. /opt/bitnami/scripts/php-env.sh - -# Load libraries -. /opt/bitnami/scripts/libdrupal.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load web server environment and functions (after Drupal environment file so MODULE is not set to a wrong value) -. "/opt/bitnami/scripts/$(web_server_type)-env.sh" - -# Enable Drupal configuration file -[[ ! -f "$DRUPAL_CONF_FILE" ]] && cp "${DRUPAL_BASE_DIR}/sites/default/default.settings.php" "$DRUPAL_CONF_FILE" - -# Create .htaccess file to avoid warning in Drupal administration panel -drupal_fix_htaccess_warning_protection - -# Ensure the Drupal base directory exists and has proper permissions -info "Configuring file permissions for Drupal" -for dir in "$DRUPAL_BASE_DIR" "${DRUPAL_BASE_DIR}/sites/default/files" "$DRUPAL_VOLUME_DIR" "${HOME}/.drush"; do - ensure_dir_exists "$dir" - configure_permissions_ownership "$dir" -d "775" -f "664" -done -for dir in "${DRUPAL_BASE_DIR}/themes" "${DRUPAL_BASE_DIR}/modules" "${DRUPAL_BASE_DIR}/sites/default/files"; do - ensure_dir_exists "$dir" - configure_permissions_ownership "$dir" -u "$WEB_SERVER_DAEMON_USER" -g "root" -done -chown "$WEB_SERVER_DAEMON_USER" "${DRUPAL_BASE_DIR}/sites/default" -chown "$WEB_SERVER_DAEMON_USER" "$DRUPAL_CONF_FILE" -for script in "${DRUPAL_BASE_DIR}/vendor/bin/drush" "${DRUPAL_BASE_DIR}/vendor/drush/drush/drush" "${DRUPAL_BASE_DIR}/vendor/drush/drush/drush.launcher" "${DRUPAL_BASE_DIR}/vendor/bin/drush.launcher"; do - [[ -f "$script" ]] && chmod +x "$script" -done - -# Configure Drupal based on build-time defaults -drupal_conf_set "\$settings['trusted_host_patterns']" "array('^.*$')" yes - -# Configure required PHP options for application to work properly, based on build-time defaults -info "Configuring default PHP options for Drupal" -php_conf_set memory_limit "$PHP_DEFAULT_MEMORY_LIMIT" - -# Enable default web server configuration for Drupal -info "Creating default web server configuration for Drupal" -web_server_validate -ensure_web_server_app_configuration_exists "drupal" --type php - -# Re-create .htaccess file after being moved into 'apache/conf/vhosts/htaccess' directory, to avoid Drupal warning -drupal_fix_htaccess_warning_protection - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "/opt/bitnami/$(web_server_type)/conf"/* "/opt/bitnami/$(web_server_type)/conf.default" diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh deleted file mode 100644 index 39569da01dc3d..0000000000000 --- a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh +++ /dev/null @@ -1,1094 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL Client library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Validate settings in MYSQL_CLIENT_* environment variables -# Globals: -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_validate() { - info "Validating settings in MYSQL_CLIENT_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - - # Only validate environment variables if any action needs to be performed - check_yes_no_value "MYSQL_CLIENT_ENABLE_SSL_WRAPPER" - check_multi_value "MYSQL_CLIENT_FLAVOR" "mariadb mysql" - - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" ]]; then - empty_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" - fi - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && [[ -z "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then - empty_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - if [[ "${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" - fi - if [[ "${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - return "$error_code" -} - -######################## -# Perform actions to a database -# Globals: -# DB_* -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_initialize() { - # Wrap binary to force the usage of SSL - if is_boolean_yes "$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"; then - mysql_client_wrap_binary_for_ssl - fi - # Wait for the database to be accessible if any action needs to be performed - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - info "Trying to connect to the database server" - check_mysql_connection() { - echo "SELECT 1" | mysql_execute "mysql" "$MYSQL_CLIENT_DATABASE_ROOT_USER" "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" "-h" "$MYSQL_CLIENT_DATABASE_HOST" "-P" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER" - } - if ! retry_while "check_mysql_connection"; then - error "Could not connect to the database server" - return 1 - fi - fi - # Ensure a database user exists in the server - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]]; then - info "Creating database user ${MYSQL_CLIENT_CREATE_DATABASE_USER}" - local -a args=("$MYSQL_CLIENT_CREATE_DATABASE_USER" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD") - [[ -n "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN") - mysql_ensure_optional_user_exists "${args[@]}" - fi - # Ensure a database exists in the server (and that the user has write privileges, if specified) - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - info "Creating database ${MYSQL_CLIENT_CREATE_DATABASE_NAME}" - local -a createdb_args=("$MYSQL_CLIENT_CREATE_DATABASE_NAME" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" ]] && createdb_args+=("--privileges" "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES") - mysql_ensure_optional_database_exists "${createdb_args[@]}" - fi -} - -######################## -# Wrap binary to force the usage of SSL -# Globals: -# DB_* -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_wrap_binary_for_ssl() { - local wrapper_file="${DB_BIN_DIR}/mysql" - # In MySQL Client 10.6, mysql is a link to the mariadb binary - if [[ -f "${DB_BIN_DIR}/mariadb" ]]; then - wrapper_file="${DB_BIN_DIR}/mariadb" - fi - local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql" - local -a ssl_opts=() - read -r -a ssl_opts <<<"$(mysql_client_extra_opts)" - - mv "$wrapper_file" "$wrapped_binary_file" - cat >"$wrapper_file" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/drupal/10/debian-12/tags-info.yaml b/bitnami/drupal/10/debian-12/tags-info.yaml deleted file mode 100644 index c9de374dd2dd1..0000000000000 --- a/bitnami/drupal/10/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "10" -- 10-debian-12 -- 10.2.6 -- latest diff --git a/bitnami/drupal/11/debian-12/Dockerfile b/bitnami/drupal/11/debian-12/Dockerfile new file mode 100644 index 0000000000000..ef1d053dff423 --- /dev/null +++ b/bitnami/drupal/11/debian-12/Dockerfile @@ -0,0 +1,70 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-11T18:19:36Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/drupal/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="11.1.1-debian-12-r1" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/drupal" \ + org.opencontainers.image.title="drupal" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="11.1.1" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages acl ca-certificates curl gnupg libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps unzip zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "php-8.3.15-8-linux-${OS_ARCH}-debian-12" \ + "mysql-client-11.4.4-0-linux-${OS_ARCH}-debian-12" \ + "libphp-8.3.15-0-linux-${OS_ARCH}-debian-12" \ + "apache-2.4.62-4-linux-${OS_ARCH}-debian-12" \ + "drupal-11.1.1-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN /opt/bitnami/scripts/apache/postunpack.sh +RUN /opt/bitnami/scripts/php/postunpack.sh +RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh +RUN /opt/bitnami/scripts/drupal/postunpack.sh +RUN /opt/bitnami/scripts/mysql-client/postunpack.sh +ENV APACHE_HTTPS_PORT_NUMBER="" \ + APACHE_HTTP_PORT_NUMBER="" \ + APP_VERSION="11.1.1" \ + BITNAMI_APP_NAME="drupal" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/mysql/bin:/opt/bitnami/apache/bin:/opt/bitnami/drupal/vendor/bin:$PATH" + +EXPOSE 8080 8443 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/drupal/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/apache/run.sh" ] diff --git a/bitnami/drupal/11/debian-12/docker-compose.yml b/bitnami/drupal/11/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..fcae9491700e2 --- /dev/null +++ b/bitnami/drupal/11/debian-12/docker-compose.yml @@ -0,0 +1,34 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + mariadb: + image: docker.io/bitnami/mariadb:latest + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - MARIADB_USER=bn_drupal + - MARIADB_DATABASE=bitnami_drupal + volumes: + - 'mariadb_data:/bitnami/mariadb' + drupal: + image: docker.io/bitnami/drupal:11 + ports: + - '80:8080' + - '443:8443' + environment: + - DRUPAL_DATABASE_HOST=mariadb + - DRUPAL_DATABASE_PORT_NUMBER=3306 + - DRUPAL_DATABASE_USER=bn_drupal + - DRUPAL_DATABASE_NAME=bitnami_drupal + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + volumes: + - 'drupal_data:/bitnami/drupal' + depends_on: + - mariadb +volumes: + mariadb_data: + driver: local + drupal_data: + driver: local diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..fdef9d261ac4d --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,38 @@ +{ + "apache": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "2.4.62-4" + }, + "drupal": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.1.1-0" + }, + "libphp": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.3.15-0" + }, + "mysql-client": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.4.4-0" + }, + "php": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.3.15-8" + }, + "render-template": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.7-8" + } +} \ No newline at end of file diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/logstash/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/logstash/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/cassandra/4.1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-http-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-http-vhost.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-http-vhost.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-http-vhost.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh new file mode 100755 index 0000000000000..5e39a42f625fa --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh @@ -0,0 +1,132 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh + +######################## +# Sets up the default Bitnami configuration +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_setup_bitnami_config() { + local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" + + # Enable Apache modules + local -a modules_to_enable=( + "deflate_module" + "negotiation_module" + "proxy[^\s]*_module" + "rewrite_module" + "slotmem_shm_module" + "socache_shmcb_module" + "ssl_module" + "status_module" + "version_module" + ) + for module in "${modules_to_enable[@]}"; do + apache_enable_module "$module" + done + + # Disable Apache modules + local -a modules_to_disable=( + "http2_module" + "proxy_hcheck_module" + "proxy_html_module" + "proxy_http2_module" + ) + for module in "${modules_to_disable[@]}"; do + apache_disable_module "$module" + done + + # Bitnami customizations + ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" + render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + + # Add new configuration only once, to avoid a second postunpack run breaking Apache + local apache_conf_add + apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < + RequestHeader unset Proxy + +EOF + fi +} + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +apache_setup_bitnami_config + +# Ensure non-root user has write permissions on a set of directories +chmod g+w "$APACHE_BASE_DIR" +for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do + ensure_dir_exists "$dir" + chmod -R g+rwX "$dir" +done + +# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides +ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" + +ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" +ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" + +# This file is necessary for avoiding the error +# "unable to write random state" +# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean + +touch /.rnd && chmod g+rw /.rnd + +# Copy all initially generated configuration files to the default directory +# (this is to avoid breaking when entrypoint is being overridden) +cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal-env.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal-env.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal-env.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal-env.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal/entrypoint.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/entrypoint.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal/entrypoint.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/entrypoint.sh diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh new file mode 100755 index 0000000000000..a5c980b0d5b0b --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh @@ -0,0 +1,68 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load Drupal environment +. /opt/bitnami/scripts/drupal-env.sh + +# Load PHP environment for 'php_conf_set' (after 'drupal-env.sh' so that MODULE is not set to a wrong value) +. /opt/bitnami/scripts/php-env.sh + +# Load libraries +. /opt/bitnami/scripts/libdrupal.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Load web server environment and functions (after Drupal environment file so MODULE is not set to a wrong value) +. "/opt/bitnami/scripts/$(web_server_type)-env.sh" + +# Enable Drupal configuration file +[[ ! -f "$DRUPAL_CONF_FILE" ]] && cp "${DRUPAL_BASE_DIR}/sites/default/default.settings.php" "$DRUPAL_CONF_FILE" + +# Create .htaccess file to avoid warning in Drupal administration panel +drupal_fix_htaccess_warning_protection + +# Ensure the Drupal base directory exists and has proper permissions +info "Configuring file permissions for Drupal" +for dir in "$DRUPAL_BASE_DIR" "${DRUPAL_BASE_DIR}/sites/default/files" "$DRUPAL_VOLUME_DIR" "${HOME}/.drush"; do + ensure_dir_exists "$dir" + configure_permissions_ownership "$dir" -d "775" -f "664" +done +for dir in "${DRUPAL_BASE_DIR}/themes" "${DRUPAL_BASE_DIR}/modules" "${DRUPAL_BASE_DIR}/sites/default/files"; do + ensure_dir_exists "$dir" + configure_permissions_ownership "$dir" -u "$WEB_SERVER_DAEMON_USER" -g "root" +done +chown "$WEB_SERVER_DAEMON_USER" "${DRUPAL_BASE_DIR}/sites/default" +chown "$WEB_SERVER_DAEMON_USER" "$DRUPAL_CONF_FILE" +for script in "${DRUPAL_BASE_DIR}/vendor/bin/drush" "${DRUPAL_BASE_DIR}/vendor/drush/drush/drush" "${DRUPAL_BASE_DIR}/vendor/bin/drush.php" "${DRUPAL_BASE_DIR}/vendor/drush/drush/drush.launcher" "${DRUPAL_BASE_DIR}/vendor/bin/drush.launcher"; do + [[ -f "$script" ]] && chmod +x "$script" +done + +# Configure Drupal based on build-time defaults +drupal_conf_set "\$settings['trusted_host_patterns']" "array('^.*$')" yes + +# Configure required PHP options for application to work properly, based on build-time defaults +info "Configuring default PHP options for Drupal" +php_conf_set memory_limit "$PHP_DEFAULT_MEMORY_LIMIT" + +# Enable default web server configuration for Drupal +info "Creating default web server configuration for Drupal" +web_server_validate +ensure_web_server_app_configuration_exists "drupal" --type php + +# Re-create .htaccess file after being moved into 'apache/conf/vhosts/htaccess' directory, to avoid Drupal warning +drupal_fix_htaccess_warning_protection + +# Copy all initially generated configuration files to the default directory +# (this is to avoid breaking when entrypoint is being overridden) +cp -r "/opt/bitnami/$(web_server_type)/conf"/* "/opt/bitnami/$(web_server_type)/conf.default" diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal/setup.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/setup.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/drupal/setup.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/setup.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libapache.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libapache.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libapache.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libapache.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh similarity index 99% rename from bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh index 9ea5e08ec7ceb..9efbf2f8d407b 100644 --- a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh @@ -203,7 +203,7 @@ drupal_initialize() { drupal_database_conf_get() { local -r key="${1:?key missing}" debug "Getting ${key} from Drupal database configuration" - grep -E "^\s*'${key}' =>" "$DRUPAL_CONF_FILE" | grep -E -o "=> '.*'" | cut -f2 -d\' + grep -E "^\s*'${key}' =>" "$DRUPAL_CONF_FILE" | awk -F'=>' '{gsub(/[ ,'\''"]/, "", $2); print $2}' } ######################## diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh new file mode 100644 index 0000000000000..c702d828bc843 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh @@ -0,0 +1,1046 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami MySQL Client library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh + +######################## +# Validate settings in MYSQL_CLIENT_* environment variables +# Globals: +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_validate() { + info "Validating settings in MYSQL_CLIENT_* env vars" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + empty_password_enabled_warn() { + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + } + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + backslash_password_error() { + print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" + } + + check_yes_no_value() { + if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then + print_validation_error "The allowed values for ${1} are: yes no" + fi + } + + check_multi_value() { + if [[ " ${2} " != *" ${!1} "* ]]; then + print_validation_error "The allowed values for ${1} are: ${2}" + fi + } + + # Only validate environment variables if any action needs to be performed + check_yes_no_value "MYSQL_CLIENT_ENABLE_SSL_WRAPPER" + check_multi_value "MYSQL_CLIENT_FLAVOR" "mariadb mysql" + + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -z "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" + fi + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && [[ -z "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" + fi + fi + if [[ "${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" + fi + if [[ "${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" + fi + fi + return "$error_code" +} + +######################## +# Perform actions to a database +# Globals: +# DB_* +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_initialize() { + # Wrap binary to force the usage of SSL + if is_boolean_yes "$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"; then + mysql_client_wrap_binary_for_ssl + fi + # Wait for the database to be accessible if any action needs to be performed + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Trying to connect to the database server" + check_mysql_connection() { + echo "SELECT 1" | mysql_execute "mysql" "$MYSQL_CLIENT_DATABASE_ROOT_USER" "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" "-h" "$MYSQL_CLIENT_DATABASE_HOST" "-P" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER" + } + if ! retry_while "check_mysql_connection"; then + error "Could not connect to the database server" + return 1 + fi + fi + # Ensure a database user exists in the server + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]]; then + info "Creating database user ${MYSQL_CLIENT_CREATE_DATABASE_USER}" + local -a args=("$MYSQL_CLIENT_CREATE_DATABASE_USER" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD") + [[ -n "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN") + mysql_ensure_optional_user_exists "${args[@]}" + fi + # Ensure a database exists in the server (and that the user has write privileges, if specified) + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Creating database ${MYSQL_CLIENT_CREATE_DATABASE_NAME}" + local -a createdb_args=("$MYSQL_CLIENT_CREATE_DATABASE_NAME" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" ]] && createdb_args+=("--privileges" "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES") + mysql_ensure_optional_database_exists "${createdb_args[@]}" + fi +} + +######################## +# Wrap binary to force the usage of SSL +# Globals: +# DB_* +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_wrap_binary_for_ssl() { + local wrapper_file="${DB_BIN_DIR}/mysql" + # In MySQL Client 10.6, mysql is a link to the mariadb binary + if [[ -f "${DB_BIN_DIR}/mariadb" ]]; then + wrapper_file="${DB_BIN_DIR}/mariadb" + fi + local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql" + local -a ssl_opts=() + read -r -a ssl_opts <<<"$(mysql_client_extra_opts)" + + mv "$wrapper_file" "$wrapped_binary_file" + cat >"$wrapper_file" <> "$custom_conf_file" + cat "$old_custom_conf_file" >> "$custom_conf_file" + fi + if am_i_root; then + [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" + rm -rf "$DB_VOLUME_DIR/conf" + else + warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" + fi +} + +######################## +# Ensure a db user exists with the given password for the '%' host +# Globals: +# DB_* +# Flags: +# -p|--password - database password +# -u|--user - database user +# --auth-plugin - authentication plugin +# --use-ldap - authenticate user via LDAP +# --host - database host +# --port - database host +# Arguments: +# $1 - database user +# Returns: +# None +######################### +mysql_ensure_user_exists() { + local -r user="${1:?user is required}" + local password="" + local auth_plugin="" + local use_ldap="no" + local hosts + local auth_string="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -p|--password) + shift + password="${1:?missing database password}" + ;; + --auth-plugin) + shift + auth_plugin="${1:?missing authentication plugin}" + ;; + --use-ldap) + use_ldap="yes" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if is_boolean_yes "$use_ldap"; then + auth_string="identified via pam using '$DB_FLAVOR'" + elif [[ -n "$password" ]]; then + if [[ -n "$auth_plugin" ]]; then + auth_string="identified with $auth_plugin by '$password'" + else + auth_string="identified by '$password'" + fi + fi + debug "creating database user \'$user\'" + + local -a mysql_execute_cmd=("mysql_execute") + local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") + if [[ -n "$db_host" && -n "$db_port" ]]; then + mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") + fi + + local mysql_create_user_cmd + [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ + # Views have a definer user, in this case set to 'root', which needs to exist for the view to work + # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html + # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed + if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then + alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 + return 1 + ;; + esac + shift + done + + local -a mysql_execute_cmd=("mysql_execute") + [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + + local -a create_database_args=() + [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") + [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") + + debug "Creating database $database" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$user") + [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") + [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") + if is_boolean_yes "$use_ldap"; then + flags+=("--use-ldap") + elif [[ -n "$password" ]]; then + flags+=("-p" "$password") + [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") + fi + mysql_ensure_user_exists "${flags[@]}" +} + +######################## +# Optionally create the given database, and then optionally give a user +# full privileges on the database. +# Flags: +# -u|--user - database user +# --character-set - character set +# --collation - collation +# --host - database host +# --port - database port +# Arguments: +# $1 - database name +# Returns: +# None +######################### +mysql_ensure_optional_database_exists() { + local -r database="${1:?database is missing}" + local character_set="" + local collate="" + local user="" + local privileges="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + --character-set) + shift + character_set="${1:?missing character set}" + ;; + --collate) + shift + collate="${1:?missing collate}" + ;; + -u|--user) + shift + user="${1:?missing database user}" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + --privileges) + shift + privileges="${1:?missing privileges}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$database") + [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") + [[ -n "$collate" ]] && flags+=("--collate" "$collate") + [[ -n "$db_host" ]] && flags+=("--host" "$db_host") + [[ -n "$db_port" ]] && flags+=("--port" "$db_port") + mysql_ensure_database_exists "${flags[@]}" + + if [[ -n "$user" ]]; then + mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" + fi +} + +######################## +# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") +# Globals: +# DB_* +# Arguments: +# $1 - MySQL variable name +# $2 - Value to assign to the MySQL variable +# $3 - Section in the MySQL configuration file the key is located (default: mysqld) +# $4 - Configuration file (default: "$BD_CONF_FILE") +# Returns: +# None +######################### +mysql_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + read -r -a sections <<<"${3:-mysqld}" + local -r ignore_inline_comments="${4:-no}" + local -r file="${5:-"$DB_CONF_FILE"}" + info "Setting ${key} option" + debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" + # Check if the configuration exists in the file + for section in "${sections[@]}"; do + if is_boolean_yes "$ignore_inline_comments"; then + ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" + else + ini-file set --section "$section" --key "$key" --value "$value" "$file" + fi + done +} + +######################## +# Update MySQL/MariaDB configuration file with user custom inputs +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_update_custom_config() { + # Persisted configuration files from old versions + ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration + + # User injected custom configuration + if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then + debug "Injecting custom configuration from my_custom.conf" + cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" + fi + + ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" + ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" + ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" + ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" + ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" + ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" + ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" + ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" + ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Find the path to the libjemalloc library file +# Globals: +# None +# Arguments: +# None +# Returns: +# Path to a libjemalloc shared object file +######################### +find_jemalloc_lib() { + local -a locations=( "/usr/lib" "/usr/lib64" ) + local -r pattern='libjemalloc.so.[0-9]' + local path + for dir in "${locations[@]}"; do + # Find the first element matching the pattern and quit + [[ ! -d "$dir" ]] && continue + path="$(find "$dir" -name "$pattern" -print -quit)" + [[ -n "$path" ]] && break + done + echo "${path:-}" +} + +######################## +# Execute a reliable health check against the current mysql instance +# Globals: +# DB_ROOT_USER, DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD +# Arguments: +# None +# Returns: +# mysqladmin output +######################### +mysql_healthcheck() { + local args=("-u${DB_ROOT_USER}" "-h0.0.0.0") + local root_password + + root_password="$(get_master_env_var_value ROOT_PASSWORD)" + if [[ -n "$root_password" ]]; then + args+=("-p${root_password}") + fi + + mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status +} + +######################## +# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# mysql client flavor +######################### +mysql_client_flavor() { + if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then + echo "mariadb" + else + echo "mysql" + fi +} + +######################## +# Prints extra options for MySQL client calls (i.e. SSL options) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# List of options to pass to "mysql" CLI +######################### +mysql_client_extra_opts() { + # Helper to get the proper value for the MySQL client environment variable + mysql_client_env_value() { + local env_name="MYSQL_CLIENT_${1:?missing name}" + if [[ -n "${!env_name:-}" ]]; then + echo "${!env_name:-}" + else + env_name="DB_CLIENT_${1}" + echo "${!env_name:-}" + fi + } + local -a opts=() + local key value + if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=REQUIRED") + else + opts+=("--ssl=TRUE") + fi + # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined + for key in ca key cert; do + value="$(mysql_client_env_value "SSL_${key^^}_FILE")" + [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") + done + else + # Skip SSL validation + if [[ "$(mysql_client_flavor)" = "mariadb" ]]; then + # SSL connections are enabled by default in MariaDB >=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi + fi + echo "${opts[@]:-}" +} diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libphp.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libphp.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libphp.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libphp.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/mysql-client-env.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/mysql-client-env.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/mysql-client-env.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/mysql-client-env.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/mysql-client/postunpack.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/mysql-client/postunpack.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/mysql-client/postunpack.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/mysql-client/postunpack.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/mysql-client/setup.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/mysql-client/setup.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/opt/bitnami/scripts/mysql-client/setup.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/mysql-client/setup.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php-env.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php-env.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php-env.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php-env.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/run.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/run.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/run.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/run.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/start.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/start.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/start.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/start.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/status.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/status.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/status.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/status.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh rename to bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/post-init.d/php.sh b/bitnami/drupal/11/debian-12/rootfs/post-init.d/php.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/post-init.d/php.sh rename to bitnami/drupal/11/debian-12/rootfs/post-init.d/php.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/post-init.d/shell.sh b/bitnami/drupal/11/debian-12/rootfs/post-init.d/shell.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/post-init.d/shell.sh rename to bitnami/drupal/11/debian-12/rootfs/post-init.d/shell.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/post-init.d/sql-mysql.sh b/bitnami/drupal/11/debian-12/rootfs/post-init.d/sql-mysql.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/post-init.d/sql-mysql.sh rename to bitnami/drupal/11/debian-12/rootfs/post-init.d/sql-mysql.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/post-init.sh b/bitnami/drupal/11/debian-12/rootfs/post-init.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/post-init.sh rename to bitnami/drupal/11/debian-12/rootfs/post-init.sh diff --git a/bitnami/drupal/11/debian-12/tags-info.yaml b/bitnami/drupal/11/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..c5ccfe330151c --- /dev/null +++ b/bitnami/drupal/11/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "11" +- 11-debian-12 +- 11.1.1 +- latest diff --git a/bitnami/drupal/README.md b/bitnami/drupal/README.md index 325dc297f3db5..2c92050d65627 100644 --- a/bitnami/drupal/README.md +++ b/bitnami/drupal/README.md @@ -25,11 +25,11 @@ eployment. * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Drupal in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Drupal in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## How to deploy Drupal in Kubernetes? @@ -37,9 +37,15 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -498,7 +504,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/drupal/docker-compose.yml b/bitnami/drupal/docker-compose.yml index 8609d3b74c9f5..fcae9491700e2 100644 --- a/bitnami/drupal/docker-compose.yml +++ b/bitnami/drupal/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: mariadb: - image: docker.io/bitnami/mariadb:11.3 + image: docker.io/bitnami/mariadb:latest environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes @@ -13,7 +12,7 @@ services: volumes: - 'mariadb_data:/bitnami/mariadb' drupal: - image: docker.io/bitnami/drupal:10 + image: docker.io/bitnami/drupal:11 ports: - '80:8080' - '443:8443' diff --git a/bitnami/ejbca/8/README.md b/bitnami/ejbca/8/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/ejbca/8/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/ejbca/8/debian-12/Dockerfile b/bitnami/ejbca/8/debian-12/Dockerfile deleted file mode 100644 index f9a93c42294dd..0000000000000 --- a/bitnami/ejbca/8/debian-12/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:54:07Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ejbca/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="8.2.0-1-debian-12-r14" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ejbca" \ - org.opencontainers.image.title="ejbca" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="8.2.0-1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages acl ca-certificates curl libaio1 libaudit1 libcap-ng0 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-11.0.23-10-1-linux-${OS_ARCH}-debian-12" \ - "wildfly-26.1.3-13-linux-${OS_ARCH}-debian-12" \ - "mysql-client-10.11.7-3-linux-${OS_ARCH}-debian-12" \ - "ejbca-8.2.0-1-3-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/ejbca/postunpack.sh -RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="8.2.0-1" \ - BITNAMI_APP_NAME="ejbca" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/mysql/bin:/opt/bitnami/ejbca/bin:$PATH" - -EXPOSE 8009 8080 9990 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/ejbca/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/ejbca/run.sh" ] diff --git a/bitnami/ejbca/8/debian-12/docker-compose.yml b/bitnami/ejbca/8/debian-12/docker-compose.yml deleted file mode 100644 index f7054d81d2829..0000000000000 --- a/bitnami/ejbca/8/debian-12/docker-compose.yml +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: "2" -services: - mariadb: - image: docker.io/bitnami/mariadb:10.11 - volumes: - - "mariadb_data:/bitnami/mariadb" - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_ejbca - - MARIADB_DATABASE=bitnami_ejbca - - MARIADB_PASSWORD=Bitnami1234 - ejbca: - image: docker.io/bitnami/ejbca:8 - ports: - - 8080:8080 - - 8443:8443 - - 8009:8009 - volumes: - - "wildfly_data:/bitnami/wildfly" - environment: - - EJBCA_DATABASE_HOST=mariadb - - EJBCA_DATABASE_NAME=bitnami_ejbca - - EJBCA_DATABASE_USERNAME=bn_ejbca - - EJBCA_DATABASE_PASSWORD=Bitnami1234 -volumes: - mariadb_data: - driver: local - wildfly_data: - driver: local diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 65947220498c1..0000000000000 --- a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "ejbca": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.2.0-1-3" - }, - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.0.23-10-1" - }, - "mysql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.11.7-3" - }, - "wildfly": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "26.1.3-13" - } -} \ No newline at end of file diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/ejbca/8/debian-12/tags-info.yaml b/bitnami/ejbca/8/debian-12/tags-info.yaml deleted file mode 100644 index a79a38031ffc1..0000000000000 --- a/bitnami/ejbca/8/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "8" -- 8-debian-12 -- 8.2.0-1 -- latest diff --git a/bitnami/ejbca/9/debian-12/Dockerfile b/bitnami/ejbca/9/debian-12/Dockerfile new file mode 100644 index 0000000000000..0b138b6c418fe --- /dev/null +++ b/bitnami/ejbca/9/debian-12/Dockerfile @@ -0,0 +1,65 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2024-12-27T16:04:31Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ejbca/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="9.0.0-debian-12-r1" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ejbca" \ + org.opencontainers.image.title="ejbca" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="9.0.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages acl ca-certificates curl libaio1 libaudit1 libcap-ng0 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "wildfly-32.0.1-4-linux-${OS_ARCH}-debian-12" \ + "mysql-client-10.11.10-0-linux-${OS_ARCH}-debian-12" \ + "ejbca-9.0.0-1-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN /opt/bitnami/scripts/ejbca/postunpack.sh +RUN /opt/bitnami/scripts/java/postunpack.sh +ENV APP_VERSION="9.0.0" \ + BITNAMI_APP_NAME="ejbca" \ + JAVA_HOME="/opt/bitnami/java" \ + PATH="/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/mysql/bin:/opt/bitnami/ejbca/bin:$PATH" + +EXPOSE 8009 8080 9990 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/ejbca/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/ejbca/run.sh" ] diff --git a/bitnami/ejbca/9/debian-12/docker-compose.yml b/bitnami/ejbca/9/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..c80e524b03c69 --- /dev/null +++ b/bitnami/ejbca/9/debian-12/docker-compose.yml @@ -0,0 +1,32 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + mariadb: + image: docker.io/bitnami/mariadb:latest + volumes: + - "mariadb_data:/bitnami/mariadb" + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - MARIADB_USER=bn_ejbca + - MARIADB_DATABASE=bitnami_ejbca + - MARIADB_PASSWORD=Bitnami1234 + ejbca: + image: docker.io/bitnami/ejbca:9 + ports: + - 8080:8080 + - 8443:8443 + - 8009:8009 + volumes: + - "wildfly_data:/bitnami/wildfly" + environment: + - EJBCA_DATABASE_HOST=mariadb + - EJBCA_DATABASE_NAME=bitnami_ejbca + - EJBCA_DATABASE_USERNAME=bn_ejbca + - EJBCA_DATABASE_PASSWORD=Bitnami1234 +volumes: + mariadb_data: + driver: local + wildfly_data: + driver: local diff --git a/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..8a247475fe907 --- /dev/null +++ b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,26 @@ +{ + "ejbca": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "9.0.0-1" + }, + "java": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "17.0.13-12-1" + }, + "mysql-client": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "10.11.10-0" + }, + "wildfly": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "32.0.1-4" + } +} \ No newline at end of file diff --git a/bitnami/contour/1.27/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/contour/1.27/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/clickhouse/23.8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/ejbca/9/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/contour/1.27/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/ejbca/9/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/contour/1.27/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/ejbca/9/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/contour/1.27/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/ejbca/9/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/contour/1.27/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/ejbca/9/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh similarity index 97% rename from bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh rename to bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh index b698b1b4d5d62..6ac255d5a54c6 100644 --- a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh +++ b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh @@ -33,6 +33,7 @@ ejbca_env_vars=( EJBCA_HTTPS_ADVERTISED_PORT_NUMBER EJBCA_ADMIN_USERNAME EJBCA_ADMIN_PASSWORD + EJBCA_DATABASE_FLAVOR EJBCA_DATABASE_HOST EJBCA_DATABASE_PORT EJBCA_DATABASE_NAME @@ -119,13 +120,14 @@ export EJBCA_HTTPS_PORT_NUMBER="${EJBCA_HTTPS_PORT_NUMBER:-8443}" export EJBCA_HTTPS_ADVERTISED_PORT_NUMBER="${EJBCA_HTTPS_ADVERTISED_PORT_NUMBER:-$EJBCA_HTTPS_PORT_NUMBER}" export EJBCA_ADMIN_USERNAME="${EJBCA_ADMIN_USERNAME:-superadmin}" export EJBCA_ADMIN_PASSWORD="${EJBCA_ADMIN_PASSWORD:-Bitnami1234}" +export EJBCA_DATABASE_FLAVOR="${EJBCA_DATABASE_FLAVOR:-mariadb}" export EJBCA_DATABASE_HOST="${EJBCA_DATABASE_HOST:-}" export EJBCA_DATABASE_PORT="${EJBCA_DATABASE_PORT:-3306}" export EJBCA_DATABASE_NAME="${EJBCA_DATABASE_NAME:-}" export EJBCA_DATABASE_USERNAME="${EJBCA_DATABASE_USERNAME:-}" export EJBCA_DATABASE_PASSWORD="${EJBCA_DATABASE_PASSWORD:-}" export EJBCA_CA_NAME="${EJBCA_CA_NAME:-ManagementCA}" -export JAVA_OPTS="${JAVA_OPTS:--Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb}" +export JAVA_OPTS="${JAVA_OPTS:--Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQLDialect -Dhibernate.dialect.storage_engine=innodb}" export EJBCA_SMTP_HOST="${EJBCA_SMTP_HOST:-localhost}" export EJBCA_SMTP_PORT="${EJBCA_SMTP_PORT:-25}" export EJBCA_SMTP_FROM_ADDRESS="${EJBCA_SMTP_FROM_ADDRESS:-user@example.com}" diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/entrypoint.sh b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca/entrypoint.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/entrypoint.sh rename to bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca/entrypoint.sh diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/postunpack.sh b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca/postunpack.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/postunpack.sh rename to bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca/postunpack.sh diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/run.sh b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca/run.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/run.sh rename to bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca/run.sh diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/setup.sh b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca/setup.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/setup.sh rename to bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/ejbca/setup.sh diff --git a/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh new file mode 100755 index 0000000000000..38802fc0bfe91 --- /dev/null +++ b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + +print_welcome_page + +echo "" +exec "$@" diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh rename to bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/libejbca.sh b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/libejbca.sh similarity index 97% rename from bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/libejbca.sh rename to bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/libejbca.sh index 8b69cb85ba0b4..d84677892b4de 100644 --- a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/libejbca.sh +++ b/bitnami/ejbca/9/debian-12/rootfs/opt/bitnami/scripts/libejbca.sh @@ -141,7 +141,7 @@ ejbca_configure_wildfly() { # The configuration of Wildfly in EJBCA https://doc.primekey.com/ejbca790/ejbca-installation/application-servers/wildfly-24 info "Creating data source" local -r pluginJar="$(basename "$EJBCA_WILDFLY_DEPLOY_DIR"/mariadb*)" - ejbca_wildfly_command "data-source add --name=ejbcads --driver-name=\"${pluginJar}\" --connection-url=\"jdbc:mysql://${EJBCA_DATABASE_HOST}:${EJBCA_DATABASE_PORT}/${EJBCA_DATABASE_NAME}\" --jndi-name=\"java:/EjbcaDS\" --use-ccm=true --driver-class=\"org.mariadb.jdbc.Driver\" --user-name=\"${EJBCA_DATABASE_USERNAME}\" --password=\"${EJBCA_DATABASE_PASSWORD}\" --validate-on-match=true --background-validation=false --prepared-statements-cache-size=50 --share-prepared-statements=true --min-pool-size=5 --max-pool-size=150 --pool-prefill=true --transaction-isolation=TRANSACTION_READ_COMMITTED --check-valid-connection-sql=\"select 1;\"" + ejbca_wildfly_command "data-source add --name=ejbcads --driver-name=\"${pluginJar}\" --connection-url=\"jdbc:${EJBCA_DATABASE_FLAVOR}://${EJBCA_DATABASE_HOST}:${EJBCA_DATABASE_PORT}/${EJBCA_DATABASE_NAME}\" --jndi-name=\"java:/EjbcaDS\" --use-ccm=true --driver-class=\"org.mariadb.jdbc.Driver\" --user-name=\"${EJBCA_DATABASE_USERNAME}\" --password=\"${EJBCA_DATABASE_PASSWORD}\" --validate-on-match=true --background-validation=false --prepared-statements-cache-size=50 --share-prepared-statements=true --min-pool-size=5 --max-pool-size=150 --pool-prefill=true --transaction-isolation=TRANSACTION_READ_COMMITTED --check-valid-connection-sql=\"select 1;\"" ejbca_wildfly_command ":reload" wait_for_wildfly diff --git a/bitnami/ejbca/9/debian-12/tags-info.yaml b/bitnami/ejbca/9/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..3bbb3bc79c382 --- /dev/null +++ b/bitnami/ejbca/9/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "9" +- 9-debian-12 +- 9.0.0 +- latest diff --git a/bitnami/ejbca/README.md b/bitnami/ejbca/README.md index 561754c1f07ba..8fe3d0a692d93 100644 --- a/bitnami/ejbca/README.md +++ b/bitnami/ejbca/README.md @@ -24,15 +24,21 @@ docker run --name ejbca bitnami/ejbca:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use EJBCA in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use EJBCA in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.bitnami.com/containers/how-to/work-with-non-root-containers/). +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -147,30 +153,31 @@ You can also do this with a minor change to the [`docker-compose.yml`](https://g #### Customizable environment variables -| Name | Description | Default Value | -|--------------------------------------|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------| -| `EJBCA_WILDFLY_ADMIN_USER` | Wildfly admin user | `admin` | -| `EJBCA_WILDFLY_ADMIN_PASSWORD` | Wildfly admin password | `nil` | -| `EJBCA_SERVER_CERT_FILE` | Server cert file | `nil` | -| `EJBCA_SERVER_CERT_PASSWORD` | Server cert file password. | `nil` | -| `EJBCA_HTTP_PORT_NUMBER` | Wildfly http port number | `8080` | -| `EJBCA_HTTPS_PORT_NUMBER` | Wilfly https port number | `8443` | -| `EJBCA_HTTPS_ADVERTISED_PORT_NUMBER` | Rendered port for administrator login URL | `$EJBCA_HTTPS_PORT_NUMBER` | -| `EJBCA_ADMIN_USERNAME` | EJBCA administrator username | `superadmin` | -| `EJBCA_ADMIN_PASSWORD` | EJBCA administrator password. | `Bitnami1234` | -| `EJBCA_DATABASE_HOST` | Database hostname | `nil` | -| `EJBCA_DATABASE_PORT` | Database port number. | `3306` | -| `EJBCA_DATABASE_NAME` | EJBCA database name. | `nil` | -| `EJBCA_DATABASE_USERNAME` | EJBCA database username. | `nil` | -| `EJBCA_DATABASE_PASSWORD` | EJBCA database password. | `nil` | -| `EJBCA_CA_NAME` | CA name. | `ManagementCA` | -| `JAVA_OPTS` | JVM options | `-Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb` | -| `EJBCA_SMTP_HOST` | SMTP hostname | `localhost` | -| `EJBCA_SMTP_PORT` | SMTP port | `25` | -| `EJBCA_SMTP_FROM_ADDRESS` | SMTP from address | `user@example.com` | -| `EJBCA_SMTP_TLS` | SMTP enable TLS | `false` | -| `EJBCA_SMTP_USERNAME` | SMTP username | `nil` | -| `EJBCA_SMTP_PASSWORD` | SMTP password | `nil` | +| Name | Description | Default Value | +|--------------------------------------|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| +| `EJBCA_WILDFLY_ADMIN_USER` | Wildfly admin user | `admin` | +| `EJBCA_WILDFLY_ADMIN_PASSWORD` | Wildfly admin password | `nil` | +| `EJBCA_SERVER_CERT_FILE` | Server cert file | `nil` | +| `EJBCA_SERVER_CERT_PASSWORD` | Server cert file password. | `nil` | +| `EJBCA_HTTP_PORT_NUMBER` | Wildfly http port number | `8080` | +| `EJBCA_HTTPS_PORT_NUMBER` | Wilfly https port number | `8443` | +| `EJBCA_HTTPS_ADVERTISED_PORT_NUMBER` | Rendered port for administrator login URL | `$EJBCA_HTTPS_PORT_NUMBER` | +| `EJBCA_ADMIN_USERNAME` | EJBCA administrator username | `superadmin` | +| `EJBCA_ADMIN_PASSWORD` | EJBCA administrator password. | `Bitnami1234` | +| `EJBCA_DATABASE_FLAVOR` | EJBCA database flavor | `mariadb` | +| `EJBCA_DATABASE_HOST` | Database hostname | `nil` | +| `EJBCA_DATABASE_PORT` | Database port number. | `3306` | +| `EJBCA_DATABASE_NAME` | EJBCA database name. | `nil` | +| `EJBCA_DATABASE_USERNAME` | EJBCA database username. | `nil` | +| `EJBCA_DATABASE_PASSWORD` | EJBCA database password. | `nil` | +| `EJBCA_CA_NAME` | CA name. | `ManagementCA` | +| `JAVA_OPTS` | JVM options | `-Xms2048m -Xmx2048m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQLDialect -Dhibernate.dialect.storage_engine=innodb` | +| `EJBCA_SMTP_HOST` | SMTP hostname | `localhost` | +| `EJBCA_SMTP_PORT` | SMTP port | `25` | +| `EJBCA_SMTP_FROM_ADDRESS` | SMTP from address | `user@example.com` | +| `EJBCA_SMTP_TLS` | SMTP enable TLS | `false` | +| `EJBCA_SMTP_USERNAME` | SMTP username | `nil` | +| `EJBCA_SMTP_PASSWORD` | SMTP password | `nil` | #### Read-only environment variables diff --git a/bitnami/ejbca/docker-compose.yml b/bitnami/ejbca/docker-compose.yml index f7054d81d2829..c80e524b03c69 100644 --- a/bitnami/ejbca/docker-compose.yml +++ b/bitnami/ejbca/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: "2" services: mariadb: - image: docker.io/bitnami/mariadb:10.11 + image: docker.io/bitnami/mariadb:latest volumes: - "mariadb_data:/bitnami/mariadb" environment: @@ -14,7 +13,7 @@ services: - MARIADB_DATABASE=bitnami_ejbca - MARIADB_PASSWORD=Bitnami1234 ejbca: - image: docker.io/bitnami/ejbca:8 + image: docker.io/bitnami/ejbca:9 ports: - 8080:8080 - 8443:8443 diff --git a/bitnami/elasticsearch-exporter/1/debian-12/Dockerfile b/bitnami/elasticsearch-exporter/1/debian-12/Dockerfile index cc3983521d544..b8864166372cf 100644 --- a/bitnami/elasticsearch-exporter/1/debian-12/Dockerfile +++ b/bitnami/elasticsearch-exporter/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T15:34:21Z" \ + org.opencontainers.image.created="2025-01-02T21:52:42Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch-exporter/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.7.0-debian-12-r25" \ + org.opencontainers.image.ref.name="1.8.0-debian-12-r6" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch-exporter" \ org.opencontainers.image.title="elasticsearch-exporter" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.7.0" + org.opencontainers.image.version="1.8.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "elasticsearch-exporter-1.7.0-9-linux-${OS_ARCH}-debian-12" \ + "elasticsearch-exporter-1.8.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.7.0" \ +ENV APP_VERSION="1.8.0" \ BITNAMI_APP_NAME="elasticsearch-exporter" \ PATH="/opt/bitnami/elasticsearch-exporter/bin:$PATH" diff --git a/bitnami/elasticsearch-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/elasticsearch-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index aaf504f697b1d..7c4b14e2e67e1 100644 --- a/bitnami/elasticsearch-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/elasticsearch-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.7.0-9" + "version": "1.8.0-4" } } \ No newline at end of file diff --git a/bitnami/elasticsearch-exporter/1/debian-12/tags-info.yaml b/bitnami/elasticsearch-exporter/1/debian-12/tags-info.yaml index d1c9d5e758779..7dd058a574a97 100644 --- a/bitnami/elasticsearch-exporter/1/debian-12/tags-info.yaml +++ b/bitnami/elasticsearch-exporter/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.7.0 +- 1.8.0 - latest diff --git a/bitnami/elasticsearch-exporter/README.md b/bitnami/elasticsearch-exporter/README.md index c8b0de3518cbf..4fc81b7de3fc9 100644 --- a/bitnami/elasticsearch-exporter/README.md +++ b/bitnami/elasticsearch-exporter/README.md @@ -22,15 +22,21 @@ docker run --name elasticsearch-exporter bitnami/elasticsearch-exporter:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Elasticsearch Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Elasticsearch Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -162,7 +168,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/elasticsearch/7/README.md b/bitnami/elasticsearch/7/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/elasticsearch/7/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/elasticsearch/7/debian-12/Dockerfile b/bitnami/elasticsearch/7/debian-12/Dockerfile deleted file mode 100644 index 6d0a339c1e6d5..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG ELASTICSEARCH_PLUGINS -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T18:57:40Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.17.21-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch" \ - org.opencontainers.image.title="elasticsearch" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.17.21" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/elasticsearch/bin:$PATH" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libasound2-dev libc6 libfreetype6 libfreetype6-dev libgcc1 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "yq-4.44.1-0-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "elasticsearch-7.17.21-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/elasticsearch/postunpack.sh -RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="7.17.21" \ - BITNAMI_APP_NAME="elasticsearch" \ - ES_JAVA_HOME="/opt/bitnami/java" \ - JAVA_HOME="/opt/bitnami/java" \ - LD_LIBRARY_PATH="/opt/bitnami/elasticsearch/jdk/lib:/opt/bitnami/elasticsearch/jdk/lib/server:$LD_LIBRARY_PATH" - -EXPOSE 9200 9300 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/elasticsearch/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/elasticsearch/run.sh" ] diff --git a/bitnami/elasticsearch/7/debian-12/docker-compose.yml b/bitnami/elasticsearch/7/debian-12/docker-compose.yml deleted file mode 100644 index 59d67f957db2d..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - elasticsearch: - image: docker.io/bitnami/elasticsearch:7 - ports: - - '9200:9200' - - '9300:9300' - volumes: - - 'elasticsearch_data:/bitnami/elasticsearch/data' -volumes: - elasticsearch_data: - driver: local diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 442b668ac3ac3..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "elasticsearch": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.17.21-1" - }, - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "yq": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "4.44.1-0" - } -} \ No newline at end of file diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch-env.sh b/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch-env.sh deleted file mode 100644 index 5e8f8c7d36607..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch-env.sh +++ /dev/null @@ -1,258 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for elasticsearch - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-elasticsearch}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -elasticsearch_env_vars=( - ELASTICSEARCH_CERTS_DIR - ELASTICSEARCH_DATA_DIR_LIST - ELASTICSEARCH_BIND_ADDRESS - ELASTICSEARCH_ADVERTISED_HOSTNAME - ELASTICSEARCH_CLUSTER_HOSTS - ELASTICSEARCH_CLUSTER_MASTER_HOSTS - ELASTICSEARCH_CLUSTER_NAME - ELASTICSEARCH_HEAP_SIZE - ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE - ELASTICSEARCH_MAX_ALLOWED_MEMORY - ELASTICSEARCH_MAX_TIMEOUT - ELASTICSEARCH_LOCK_ALL_MEMORY - ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP - ELASTICSEARCH_DISABLE_GC_LOGS - ELASTICSEARCH_IS_DEDICATED_NODE - ELASTICSEARCH_MINIMUM_MASTER_NODES - ELASTICSEARCH_NODE_NAME - ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH - ELASTICSEARCH_NODE_ROLES - ELASTICSEARCH_PLUGINS - ELASTICSEARCH_TRANSPORT_PORT_NUMBER - ELASTICSEARCH_HTTP_PORT_NUMBER - ELASTICSEARCH_ENABLE_SECURITY - ELASTICSEARCH_PASSWORD - ELASTICSEARCH_TLS_VERIFICATION_MODE - ELASTICSEARCH_TLS_USE_PEM - ELASTICSEARCH_KEYSTORE_PASSWORD - ELASTICSEARCH_TRUSTSTORE_PASSWORD - ELASTICSEARCH_KEY_PASSWORD - ELASTICSEARCH_KEYSTORE_LOCATION - ELASTICSEARCH_TRUSTSTORE_LOCATION - ELASTICSEARCH_NODE_CERT_LOCATION - ELASTICSEARCH_NODE_KEY_LOCATION - ELASTICSEARCH_CA_CERT_LOCATION - ELASTICSEARCH_SKIP_TRANSPORT_TLS - ELASTICSEARCH_TRANSPORT_TLS_USE_PEM - ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD - ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD - ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD - ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION - ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION - ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION - ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION - ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION - ELASTICSEARCH_ENABLE_REST_TLS - ELASTICSEARCH_HTTP_TLS_USE_PEM - ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD - ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD - ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD - ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION - ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION - ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION - ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION - ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION - ELASTICSEARCH_ENABLE_FIPS_MODE - ELASTICSEARCH_KEYS - ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME - DB_MINIMUM_MANAGER_NODES -) -for env_var in "${elasticsearch_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset elasticsearch_env_vars -export DB_FLAVOR="elasticsearch" - -# Paths -export ELASTICSEARCH_VOLUME_DIR="/bitnami/elasticsearch" -export DB_VOLUME_DIR="$ELASTICSEARCH_VOLUME_DIR" -export ELASTICSEARCH_BASE_DIR="/opt/bitnami/elasticsearch" -export DB_BASE_DIR="$ELASTICSEARCH_BASE_DIR" -export ELASTICSEARCH_CONF_DIR="${DB_BASE_DIR}/config" -export DB_CONF_DIR="$ELASTICSEARCH_CONF_DIR" -export ELASTICSEARCH_DEFAULT_CONF_DIR="${DB_BASE_DIR}/config.default" -export DB_DEFAULT_CONF_DIR="$ELASTICSEARCH_DEFAULT_CONF_DIR" -export ELASTICSEARCH_CERTS_DIR="${ELASTICSEARCH_CERTS_DIR:-${DB_CONF_DIR}/certs}" -export DB_CERTS_DIR="$ELASTICSEARCH_CERTS_DIR" -export ELASTICSEARCH_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_LOGS_DIR="$ELASTICSEARCH_LOGS_DIR" -export ELASTICSEARCH_PLUGINS_DIR="${DB_BASE_DIR}/plugins" -export DB_PLUGINS_DIR="$ELASTICSEARCH_PLUGINS_DIR" -export ELASTICSEARCH_DEFAULT_PLUGINS_DIR="${DB_BASE_DIR}/plugins.default" -export DB_DEFAULT_PLUGINS_DIR="$ELASTICSEARCH_DEFAULT_PLUGINS_DIR" -export ELASTICSEARCH_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_DATA_DIR="$ELASTICSEARCH_DATA_DIR" -export ELASTICSEARCH_DATA_DIR_LIST="${ELASTICSEARCH_DATA_DIR_LIST:-}" -export DB_DATA_DIR_LIST="$ELASTICSEARCH_DATA_DIR_LIST" -export ELASTICSEARCH_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_TMP_DIR="$ELASTICSEARCH_TMP_DIR" -export ELASTICSEARCH_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_BIN_DIR="$ELASTICSEARCH_BIN_DIR" -export ELASTICSEARCH_MOUNTED_PLUGINS_DIR="${DB_VOLUME_DIR}/plugins" -export DB_MOUNTED_PLUGINS_DIR="$ELASTICSEARCH_MOUNTED_PLUGINS_DIR" -export ELASTICSEARCH_CONF_FILE="${DB_CONF_DIR}/elasticsearch.yml" -export DB_CONF_FILE="$ELASTICSEARCH_CONF_FILE" -export ELASTICSEARCH_LOG_FILE="${DB_LOGS_DIR}/elasticsearch.log" -export DB_LOG_FILE="$ELASTICSEARCH_LOG_FILE" -export ELASTICSEARCH_PID_FILE="${DB_TMP_DIR}/elasticsearch.pid" -export DB_PID_FILE="$ELASTICSEARCH_PID_FILE" -export ELASTICSEARCH_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export DB_INITSCRIPTS_DIR="$ELASTICSEARCH_INITSCRIPTS_DIR" -export PATH="${DB_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:$PATH" - -# System users (when running with a privileged user) -export ELASTICSEARCH_DAEMON_USER="elasticsearch" -export DB_DAEMON_USER="$ELASTICSEARCH_DAEMON_USER" -export ELASTICSEARCH_DAEMON_GROUP="elasticsearch" -export DB_DAEMON_GROUP="$ELASTICSEARCH_DAEMON_GROUP" - -# Elasticsearch configuration -export ELASTICSEARCH_BIND_ADDRESS="${ELASTICSEARCH_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$ELASTICSEARCH_BIND_ADDRESS" -export ELASTICSEARCH_ADVERTISED_HOSTNAME="${ELASTICSEARCH_ADVERTISED_HOSTNAME:-}" -export DB_ADVERTISED_HOSTNAME="$ELASTICSEARCH_ADVERTISED_HOSTNAME" -export ELASTICSEARCH_CLUSTER_HOSTS="${ELASTICSEARCH_CLUSTER_HOSTS:-}" -export DB_CLUSTER_HOSTS="$ELASTICSEARCH_CLUSTER_HOSTS" -export ELASTICSEARCH_CLUSTER_MASTER_HOSTS="${ELASTICSEARCH_CLUSTER_MASTER_HOSTS:-}" -export DB_CLUSTER_MASTER_HOSTS="$ELASTICSEARCH_CLUSTER_MASTER_HOSTS" -export ELASTICSEARCH_CLUSTER_NAME="${ELASTICSEARCH_CLUSTER_NAME:-}" -export DB_CLUSTER_NAME="$ELASTICSEARCH_CLUSTER_NAME" -export ELASTICSEARCH_HEAP_SIZE="${ELASTICSEARCH_HEAP_SIZE:-1024m}" -export DB_HEAP_SIZE="$ELASTICSEARCH_HEAP_SIZE" -export ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE="${ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE:-100}" -export DB_MAX_ALLOWED_MEMORY_PERCENTAGE="$ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE" -export ELASTICSEARCH_MAX_ALLOWED_MEMORY="${ELASTICSEARCH_MAX_ALLOWED_MEMORY:-}" -export DB_MAX_ALLOWED_MEMORY="$ELASTICSEARCH_MAX_ALLOWED_MEMORY" -export ELASTICSEARCH_MAX_TIMEOUT="${ELASTICSEARCH_MAX_TIMEOUT:-60}" -export DB_MAX_TIMEOUT="$ELASTICSEARCH_MAX_TIMEOUT" -export ELASTICSEARCH_LOCK_ALL_MEMORY="${ELASTICSEARCH_LOCK_ALL_MEMORY:-no}" -export DB_LOCK_ALL_MEMORY="$ELASTICSEARCH_LOCK_ALL_MEMORY" -export ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP="${ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP:-no}" -export DB_DISABLE_JVM_HEAP_DUMP="$ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP" -export ELASTICSEARCH_DISABLE_GC_LOGS="${ELASTICSEARCH_DISABLE_GC_LOGS:-no}" -export DB_DISABLE_GC_LOGS="$ELASTICSEARCH_DISABLE_GC_LOGS" -export ELASTICSEARCH_IS_DEDICATED_NODE="${ELASTICSEARCH_IS_DEDICATED_NODE:-no}" -export DB_IS_DEDICATED_NODE="$ELASTICSEARCH_IS_DEDICATED_NODE" -ELASTICSEARCH_MINIMUM_MASTER_NODES="${ELASTICSEARCH_MINIMUM_MASTER_NODES:-"${DB_MINIMUM_MANAGER_NODES:-}"}" -export ELASTICSEARCH_MINIMUM_MASTER_NODES="${ELASTICSEARCH_MINIMUM_MASTER_NODES:-}" -export DB_MINIMUM_MASTER_NODES="$ELASTICSEARCH_MINIMUM_MASTER_NODES" -export ELASTICSEARCH_NODE_NAME="${ELASTICSEARCH_NODE_NAME:-}" -export DB_NODE_NAME="$ELASTICSEARCH_NODE_NAME" -export ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH="${ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH:-}" -export DB_FS_SNAPSHOT_REPO_PATH="$ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH" -export ELASTICSEARCH_NODE_ROLES="${ELASTICSEARCH_NODE_ROLES:-}" -export DB_NODE_ROLES="$ELASTICSEARCH_NODE_ROLES" -export ELASTICSEARCH_PLUGINS="${ELASTICSEARCH_PLUGINS:-}" -export DB_PLUGINS="$ELASTICSEARCH_PLUGINS" -export ELASTICSEARCH_TRANSPORT_PORT_NUMBER="${ELASTICSEARCH_TRANSPORT_PORT_NUMBER:-9300}" -export DB_TRANSPORT_PORT_NUMBER="$ELASTICSEARCH_TRANSPORT_PORT_NUMBER" -export ELASTICSEARCH_HTTP_PORT_NUMBER="${ELASTICSEARCH_HTTP_PORT_NUMBER:-9200}" -export DB_HTTP_PORT_NUMBER="$ELASTICSEARCH_HTTP_PORT_NUMBER" - -# Elasticsearch Security configuration -export ELASTICSEARCH_ENABLE_SECURITY="${ELASTICSEARCH_ENABLE_SECURITY:-false}" -export DB_ENABLE_SECURITY="$ELASTICSEARCH_ENABLE_SECURITY" -export ELASTICSEARCH_PASSWORD="${ELASTICSEARCH_PASSWORD:-bitnami}" -export DB_PASSWORD="$ELASTICSEARCH_PASSWORD" -export ELASTICSEARCH_USERNAME="elastic" -export DB_USERNAME="$ELASTICSEARCH_USERNAME" -export ELASTICSEARCH_TLS_VERIFICATION_MODE="${ELASTICSEARCH_TLS_VERIFICATION_MODE:-full}" -export DB_TLS_VERIFICATION_MODE="$ELASTICSEARCH_TLS_VERIFICATION_MODE" -export ELASTICSEARCH_TLS_USE_PEM="${ELASTICSEARCH_TLS_USE_PEM:-false}" -export DB_TLS_USE_PEM="$ELASTICSEARCH_TLS_USE_PEM" -export ELASTICSEARCH_KEYSTORE_PASSWORD="${ELASTICSEARCH_KEYSTORE_PASSWORD:-}" -export DB_KEYSTORE_PASSWORD="$ELASTICSEARCH_KEYSTORE_PASSWORD" -export ELASTICSEARCH_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_TRUSTSTORE_PASSWORD:-}" -export DB_TRUSTSTORE_PASSWORD="$ELASTICSEARCH_TRUSTSTORE_PASSWORD" -export ELASTICSEARCH_KEY_PASSWORD="${ELASTICSEARCH_KEY_PASSWORD:-}" -export DB_KEY_PASSWORD="$ELASTICSEARCH_KEY_PASSWORD" -export ELASTICSEARCH_KEYSTORE_LOCATION="${ELASTICSEARCH_KEYSTORE_LOCATION:-${DB_CERTS_DIR}/elasticsearch.keystore.jks}" -export DB_KEYSTORE_LOCATION="$ELASTICSEARCH_KEYSTORE_LOCATION" -export ELASTICSEARCH_TRUSTSTORE_LOCATION="${ELASTICSEARCH_TRUSTSTORE_LOCATION:-${DB_CERTS_DIR}/elasticsearch.truststore.jks}" -export DB_TRUSTSTORE_LOCATION="$ELASTICSEARCH_TRUSTSTORE_LOCATION" -export ELASTICSEARCH_NODE_CERT_LOCATION="${ELASTICSEARCH_NODE_CERT_LOCATION:-${DB_CERTS_DIR}/tls.crt}" -export DB_NODE_CERT_LOCATION="$ELASTICSEARCH_NODE_CERT_LOCATION" -export ELASTICSEARCH_NODE_KEY_LOCATION="${ELASTICSEARCH_NODE_KEY_LOCATION:-${DB_CERTS_DIR}/tls.key}" -export DB_NODE_KEY_LOCATION="$ELASTICSEARCH_NODE_KEY_LOCATION" -export ELASTICSEARCH_CA_CERT_LOCATION="${ELASTICSEARCH_CA_CERT_LOCATION:-${DB_CERTS_DIR}/ca.crt}" -export DB_CA_CERT_LOCATION="$ELASTICSEARCH_CA_CERT_LOCATION" -export ELASTICSEARCH_SKIP_TRANSPORT_TLS="${ELASTICSEARCH_SKIP_TRANSPORT_TLS:-false}" -export DB_SKIP_TRANSPORT_TLS="$ELASTICSEARCH_SKIP_TRANSPORT_TLS" -export ELASTICSEARCH_TRANSPORT_TLS_USE_PEM="${ELASTICSEARCH_TRANSPORT_TLS_USE_PEM:-$DB_TLS_USE_PEM}" -export DB_TRANSPORT_TLS_USE_PEM="$ELASTICSEARCH_TRANSPORT_TLS_USE_PEM" -export ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD:-$DB_KEYSTORE_PASSWORD}" -export DB_TRANSPORT_TLS_KEYSTORE_PASSWORD="$ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD" -export ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD:-$DB_TRUSTSTORE_PASSWORD}" -export DB_TRANSPORT_TLS_TRUSTSTORE_PASSWORD="$ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD" -export ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD:-$DB_KEY_PASSWORD}" -export DB_TRANSPORT_TLS_KEY_PASSWORD="$ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD" -export ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION:-$DB_KEYSTORE_LOCATION}" -export DB_TRANSPORT_TLS_KEYSTORE_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION" -export ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION:-$DB_TRUSTSTORE_LOCATION}" -export DB_TRANSPORT_TLS_TRUSTSTORE_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION" -export ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION:-$DB_NODE_CERT_LOCATION}" -export DB_TRANSPORT_TLS_NODE_CERT_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION" -export ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION:-$DB_NODE_KEY_LOCATION}" -export DB_TRANSPORT_TLS_NODE_KEY_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION" -export ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION:-$DB_CA_CERT_LOCATION}" -export DB_TRANSPORT_TLS_CA_CERT_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION" -export ELASTICSEARCH_ENABLE_REST_TLS="${ELASTICSEARCH_ENABLE_REST_TLS:-true}" -export DB_ENABLE_REST_TLS="$ELASTICSEARCH_ENABLE_REST_TLS" -export ELASTICSEARCH_HTTP_TLS_USE_PEM="${ELASTICSEARCH_HTTP_TLS_USE_PEM:-$DB_TLS_USE_PEM}" -export DB_HTTP_TLS_USE_PEM="$ELASTICSEARCH_HTTP_TLS_USE_PEM" -export ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD="${ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD:-$DB_KEYSTORE_PASSWORD}" -export DB_HTTP_TLS_KEYSTORE_PASSWORD="$ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD" -export ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD:-$DB_TRUSTSTORE_PASSWORD}" -export DB_HTTP_TLS_TRUSTSTORE_PASSWORD="$ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD" -export ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD="${ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD:-$DB_KEY_PASSWORD}" -export DB_HTTP_TLS_KEY_PASSWORD="$ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD" -export ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION="${ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION:-$DB_KEYSTORE_LOCATION}" -export DB_HTTP_TLS_KEYSTORE_LOCATION="$ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION" -export ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION="${ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION:-$DB_TRUSTSTORE_LOCATION}" -export DB_HTTP_TLS_TRUSTSTORE_LOCATION="$ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION" -export ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION="${ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION:-$DB_NODE_CERT_LOCATION}" -export DB_HTTP_TLS_NODE_CERT_LOCATION="$ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION" -export ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION="${ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION:-$DB_NODE_KEY_LOCATION}" -export DB_HTTP_TLS_NODE_KEY_LOCATION="$ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION" -export ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION="${ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION:-$DB_CA_CERT_LOCATION}" -export DB_HTTP_TLS_CA_CERT_LOCATION="$ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION" -export ELASTICSEARCH_ENABLE_FIPS_MODE="${ELASTICSEARCH_ENABLE_FIPS_MODE:-false}" -export ELASTICSEARCH_KEYS="${ELASTICSEARCH_KEYS:-}" -export ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME="${ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME:-}" -export DB_ACTION_DESTRUCTIVE_REQUIRES_NAME="$ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME" - -# Custom environment variables may be defined below diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/entrypoint.sh b/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/entrypoint.sh deleted file mode 100755 index 0fbcebc3e8eae..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -#set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libelasticsearch.sh - -# Load environment -. /opt/bitnami/scripts/elasticsearch-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/elasticsearch/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -if ! is_dir_empty "$DB_DEFAULT_PLUGINS_DIR"; then - debug "Copying plugins from $DB_DEFAULT_PLUGINS_DIR to $DB_PLUGINS_DIR" - # Copy the plugins installed by default to the plugins directory - # If there is already a plugin with the same name in the plugins folder do nothing - for plugin_path in "${DB_DEFAULT_PLUGINS_DIR}"/*; do - plugin_name="$(basename "$plugin_path")" - plugin_moved_path="${DB_PLUGINS_DIR}/${plugin_name}" - if ! [[ -d "$plugin_moved_path" ]]; then - cp -r "$plugin_path" "$plugin_moved_path" - fi - done -fi - -if [[ "$1" = "/opt/bitnami/scripts/elasticsearch/run.sh" ]]; then - info "** Starting Elasticsearch setup **" - /opt/bitnami/scripts/elasticsearch/setup.sh - info "** Elasticsearch setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/healthcheck.sh b/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/healthcheck.sh deleted file mode 100755 index ee7f128ec87a8..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libelasticsearch.sh - -# Load Elasticsearch environment variables -. /opt/bitnami/scripts/elasticsearch-env.sh - -elasticsearch_healthcheck diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/postunpack.sh b/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/postunpack.sh deleted file mode 100755 index e8ac01ffc19ae..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/postunpack.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -# Load libraries -. /opt/bitnami/scripts/libelasticsearch.sh -. /opt/bitnami/scripts/libfs.sh - -# Load environment -. /opt/bitnami/scripts/elasticsearch-env.sh - -for dir in "$DB_TMP_DIR" "$DB_DATA_DIR" "$DB_LOGS_DIR" "${DB_BASE_DIR}/plugins" "${DB_BASE_DIR}/modules" "$DB_CONF_DIR" "$DB_VOLUME_DIR" "$DB_INITSCRIPTS_DIR" "$DB_MOUNTED_PLUGINS_DIR" "$DB_DEFAULT_CONF_DIR" "$DB_DEFAULT_PLUGINS_DIR"; do - ensure_dir_exists "$dir" - chmod -R ug+rwX "$dir" -done - -elasticsearch_configure_logging - -for dir in "$DB_TMP_DIR" "$DB_DATA_DIR" "$DB_LOGS_DIR" "${DB_BASE_DIR}/plugins" "${DB_BASE_DIR}/modules" "$DB_CONF_DIR" "$DB_VOLUME_DIR" "$DB_INITSCRIPTS_DIR" "$DB_MOUNTED_PLUGINS_DIR" "$DB_DEFAULT_CONF_DIR" "$DB_DEFAULT_PLUGINS_DIR"; do - # `elasticsearch-plugin install` command complains about being unable to create the a plugin's directory - # even when having the proper permissions. - # The reason: the code is checking trying to check the permissions by consulting the parent directory owner, - # instead of checking if the ES user actually has writing permissions. - # - # As a workaround, we will ensure the container works (at least) with the non-root user 1001. However, - # until we can avoid this hack, we can't guarantee this container to work on K8s distributions - # where containers are exectued with non-privileged users with random user IDs. - # - # Issue reported at: https://github.com/bitnami/bitnami-docker-elasticsearch/issues/50 - chown -R 1001:0 "$dir" -done - -elasticsearch_install_plugins - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" -chmod o+rX -R "$DB_DEFAULT_CONF_DIR" -if ! is_dir_empty "$DB_PLUGINS_DIR"; then - # Move all initially installed plugins to the default plugins directory. - for plugin_path in "${DB_PLUGINS_DIR}"/*; do - plugin_name="$(basename "$plugin_path")" - plugin_moved_path="${DB_DEFAULT_PLUGINS_DIR}/${plugin_name}" - mv "$plugin_path" "$plugin_moved_path" - done - chmod o+rX -R "$DB_DEFAULT_PLUGINS_DIR" -fi diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/run.sh b/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/run.sh deleted file mode 100755 index 596b43e4aa0db..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/run.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -#set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libelasticsearch.sh -. /opt/bitnami/scripts/libos.sh - -# Load environment -. /opt/bitnami/scripts/elasticsearch-env.sh - -# Constants -EXEC=$(command -v elasticsearch) -ARGS=("-p" "$DB_PID_FILE") -[[ -z "${DB_EXTRA_FLAGS:-}" ]] || ARGS=("${ARGS[@]}" "${DB_EXTRA_FLAGS[@]}") -# JAVA_HOME to be deprecated, see warning: -# warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME -export JAVA_HOME=/opt/bitnami/java -export ES_JAVA_HOME=/opt/bitnami/java - -ARGS+=("$@") - -info "** Starting Elasticsearch **" -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${ARGS[@]}" -else - exec "$EXEC" "${ARGS[@]}" -fi diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/setup.sh b/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/setup.sh deleted file mode 100755 index 742276a9353cd..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/setup.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -#set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libelasticsearch.sh - -# Load environment -. /opt/bitnami/scripts/elasticsearch-env.sh - -# Ensure Elasticsearch environment variables settings are valid -elasticsearch_validate -# Ensure Elasticsearch is stopped when this script ends -trap "elasticsearch_stop" EXIT -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" -# Ensure Elasticsearch is initialized -elasticsearch_initialize -# Ensure kernel settings are valid -elasticsearch_validate_kernel -# Install Elasticsearch plugins -elasticsearch_install_plugins -# Ensure custom initialization scripts are executed -elasticsearch_custom_init_scripts -# Ensure all the required keys are added after plugins are installed -elasticsearch_set_keys diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh b/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh deleted file mode 100644 index 15e224cc6ebd4..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh +++ /dev/null @@ -1,932 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Elasticsearch library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libversion.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Configure TLS settings -# Globals: -# ELASTICSEARCH_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_transport_tls_configuration() { - info "Configuring Elasticsearch Transport TLS settings..." - elasticsearch_conf_set xpack.security.transport.ssl.enabled "true" - elasticsearch_conf_set xpack.security.transport.ssl.verification_mode "$DB_TLS_VERIFICATION_MODE" - - if is_boolean_yes "$DB_TRANSPORT_TLS_USE_PEM"; then - debug "Configuring Transport Layer TLS settings using PEM certificates..." - ! is_empty_value "$DB_TRANSPORT_TLS_KEY_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.secure_key_passphrase" "$DB_TRANSPORT_TLS_KEY_PASSWORD" - elasticsearch_conf_set xpack.security.transport.ssl.key "$DB_TRANSPORT_TLS_NODE_KEY_LOCATION" - elasticsearch_conf_set xpack.security.transport.ssl.certificate "$DB_TRANSPORT_TLS_NODE_CERT_LOCATION" - elasticsearch_conf_set xpack.security.transport.ssl.certificate_authorities "$DB_TRANSPORT_TLS_CA_CERT_LOCATION" - else - debug "Configuring Transport Layer TLS settings using JKS/PKCS certificates..." - ! is_empty_value "$DB_TRANSPORT_TLS_KEYSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.keystore.secure_password" "$DB_TRANSPORT_TLS_KEYSTORE_PASSWORD" - ! is_empty_value "$DB_TRANSPORT_TLS_TRUSTSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.truststore.secure_password" "$DB_TRANSPORT_TLS_TRUSTSTORE_PASSWORD" - elasticsearch_conf_set xpack.security.transport.ssl.keystore.path "$DB_TRANSPORT_TLS_KEYSTORE_LOCATION" - elasticsearch_conf_set xpack.security.transport.ssl.truststore.path "$DB_TRANSPORT_TLS_TRUSTSTORE_LOCATION" - fi -} - -######################## -# Configure TLS settings -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_http_tls_configuration() { - info "Configuring Elasticsearch HTTP TLS settings..." - elasticsearch_conf_set xpack.security.http.ssl.enabled "true" - if is_boolean_yes "$DB_HTTP_TLS_USE_PEM"; then - debug "Configuring REST API TLS settings using PEM certificates..." - ! is_empty_value "$DB_HTTP_TLS_KEY_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.secure_key_passphrase" "$DB_HTTP_TLS_KEY_PASSWORD" - elasticsearch_conf_set xpack.security.http.ssl.key "$DB_HTTP_TLS_NODE_KEY_LOCATION" - elasticsearch_conf_set xpack.security.http.ssl.certificate "$DB_HTTP_TLS_NODE_CERT_LOCATION" - elasticsearch_conf_set xpack.security.http.ssl.certificate_authorities "$DB_HTTP_TLS_CA_CERT_LOCATION" - else - debug "Configuring REST API TLS settings using JKS/PKCS certificates..." - ! is_empty_value "$DB_HTTP_TLS_KEYSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.keystore.secure_password" "$DB_HTTP_TLS_KEYSTORE_PASSWORD" - ! is_empty_value "$DB_HTTP_TLS_TRUSTSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.truststore.secure_password" "$DB_HTTP_TLS_TRUSTSTORE_PASSWORD" - elasticsearch_conf_set xpack.security.http.ssl.keystore.path "$DB_HTTP_TLS_KEYSTORE_LOCATION" - elasticsearch_conf_set xpack.security.http.ssl.truststore.path "$DB_HTTP_TLS_TRUSTSTORE_LOCATION" - fi -} - -######################## -# Migrate old Elasticsearch data -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -migrate_old_data() { - warn "Persisted data follows old structure. Migrating to new one..." - warn "Custom configuration files won't be persisted any longer!" - local old_data_dir="${DB_DATA_DIR}/elasticsearch" - local old_custom_conf_file="${old_data_dir}/conf/elasticsearch_custom.yml" - local custom_conf_file="${DB_CONF_DIR}/elasticsearch_custom.yml" - if [[ -f "$old_custom_conf_file" ]]; then - debug "Adding old custom configuration to user configuration" - echo "" >>"$custom_conf_file" - cat "$old_custom_conf_file" >>"$custom_conf_file" - fi - debug "Adapting data to new file structure" - find "${old_data_dir}/data" -maxdepth 1 -mindepth 1 -exec mv {} "$DB_DATA_DIR" \; - debug "Removing data that is not persisted anymore from persisted directory" - rm -rf "$old_data_dir" "${DB_DATA_DIR}/java" -} - -######################## -# Set Elasticsearch keystore values -# Globals: -# ELASTICSEARCH_KEYS -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_set_keys() { - read -r -a keys_list <<<"$(tr ',;' ' ' <<<"$ELASTICSEARCH_KEYS")" - if [[ "${#keys_list[@]}" -gt 0 ]]; then - for key_value in "${keys_list[@]}"; do - read -r -a key_value <<<"$(tr '=' ' ' <<<"$key_value")" - local key="${key_value[0]}" - local value="${key_value[1]}" - - elasticsearch_set_key_value "$key" "$value" - done - fi -} - -######################## -# Set Elasticsearch keystore values -# Globals: -# ELASTICSEARCH_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_set_key_value() { - local key="${1:?missing key}" - local value="${2:?missing value}" - - debug "Storing key: ${key}" - elasticsearch-keystore add --stdin --force "$key" <<<"$value" - - am_i_root && chown "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "${DB_CONF_DIR}/elasticsearch.keystore" - # Avoid exit code of previous commands to affect the result of this function - true -} - -#!/bin/bash -# -# Bitnami Elasticsearch/Opensearch common library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libversion.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Write a configuration setting value -# Globals: -# DB_CONF_FILE -# Arguments: -# $1 - key -# $2 - value -# $3 - YAML type (string, int or bool) -# Returns: -# None -######################### -elasticsearch_conf_write() { - local -r key="${1:?Missing key}" - local -r value="${2:-}" - local -r type="${3:-string}" - local -r tempfile=$(mktemp) - - case "$type" in - string) - yq eval "(.${key}) |= \"${value}\"" "$DB_CONF_FILE" >"$tempfile" - ;; - int) - yq eval "(.${key}) |= ${value}" "$DB_CONF_FILE" >"$tempfile" - ;; - bool) - yq eval "(.${key}) |= (\"${value}\" | test(\"true\"))" "$DB_CONF_FILE" >"$tempfile" - ;; - *) - error "Type unknown: ${type}" - return 1 - ;; - esac - cp "$tempfile" "$DB_CONF_FILE" -} - -######################## -# Set a configuration setting value -# Globals: -# DB_CONF_FILE -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -elasticsearch_conf_set() { - local key="${1:?missing key}" - shift - local values=("${@}") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "$key" - stderr_print "missing values" - return 1 - elif [[ "${#values[@]}" -eq 1 ]] && [[ -n "${values[0]}" ]]; then - elasticsearch_conf_write "$key" "${values[0]}" - else - for i in "${!values[@]}"; do - if [[ -n "${values[$i]}" ]]; then - elasticsearch_conf_write "${key}[$i]" "${values[$i]}" - fi - done - fi -} - -######################## -# Check if Elasticsearch is running -# Globals: -# DB_TMP_DIR -# Arguments: -# None -# Returns: -# Boolean -######################### -is_elasticsearch_running() { - local pid - pid="$(get_pid_from_file "$DB_PID_FILE")" - - if [[ -z "$pid" ]]; then - false - else - is_service_running "$pid" - fi -} - -######################## -# Check if Elasticsearch is not running -# Globals: -# DB_TMP_DIR -# Arguments: -# None -# Returns: -# Boolean -######################### -is_elasticsearch_not_running() { - ! is_elasticsearch_running - return "$?" -} - -######################## -# Stop Elasticsearch -# Globals: -# DB_TMP_DIR -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_stop() { - ! is_elasticsearch_running && return - debug "Stopping ${DB_FLAVOR^}..." - stop_service_using_pid "$DB_PID_FILE" -} - -######################## -# Start Elasticsearch and wait until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_start() { - is_elasticsearch_running && return - - debug "Starting ${DB_FLAVOR^}..." - local command=("${DB_BASE_DIR}/bin/${DB_FLAVOR}" "-d" "-p" "$DB_PID_FILE") - am_i_root && command=("run_as_user" "$DB_DAEMON_USER" "${command[@]}") - if [[ "$BITNAMI_DEBUG" = true ]]; then - "${command[@]}" & - else - "${command[@]}" >/dev/null 2>&1 & - fi - - local retries=50 - local seconds=2 - # Check the process is running - retry_while "is_elasticsearch_running" "$retries" "$seconds" - # Check Elasticsearch API is reachable - retry_while "elasticsearch_healthcheck" "$retries" "$seconds" -} - -######################## -# Validate kernel settings -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_validate_kernel() { - # Auxiliary functions - validate_sysctl_key() { - local key="${1:?key is missing}" - local value="${2:?value is missing}" - local current_value - current_value="$(sysctl -n "$key")" - if [[ "$current_value" -lt "$value" ]]; then - error "Invalid kernel settings. ${DB_FLAVOR^} requires at least: $key = $value" - exit 1 - fi - } - - debug "Validating Kernel settings..." - if [[ $(yq eval .index.store.type "$DB_CONF_FILE") ]]; then - debug "Custom index.store.type found in the config file. Skipping kernel validation..." - else - validate_sysctl_key "fs.file-max" 65536 - fi - if [[ $(yq eval .node.store.allow_mmap "$DB_CONF_FILE") ]]; then - debug "Custom node.store.allow_mmap found in the config file. Skipping kernel validation..." - else - validate_sysctl_key "vm.max_map_count" 262144 - fi -} - -######################## -# Validate settings in DB_* env vars -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_validate() { - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - validate_node_roles() { - if [ -n "$DB_NODE_ROLES" ]; then - read -r -a roles_list <<<"$(get_elasticsearch_roles)" - local master_role="master" - [[ "$DB_FLAVOR" = "opensearch" && "$APP_VERSION" =~ ^2\. ]] && master_role="cluster_manager" - if [[ "${#roles_list[@]}" -le 0 ]]; then - warn "Setting ${DB_FLAVOR^^}_NODE_ROLES is empty and ${DB_FLAVOR^^}_IS_DEDICATED_NODE is set to true, ${DB_FLAVOR^} will be configured as coordinating-only node." - fi - for role in "${roles_list[@]}"; do - case "$role" in - "$master_role" | data | data_content | data_hot | data_warm | data_cold | data_frozen | ingest | ml | remote_cluster_client | transform) ;; - - *) - print_validation_error "Invalid node role '$role'. Supported roles are '${master_role},data,data_content,data_hot,data_warm,data_cold,data_frozen,ingest,ml,remote_cluster_client,transform'" - ;; - esac - done - fi - } - - debug "Ensuring expected directories/files exist..." - am_i_root && ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_PLUGINS_DIR" "$DB_BASE_DIR/modules" "$DB_CONF_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir" - done - - debug "Validating settings in DB_* env vars..." - for var in "DB_HTTP_PORT_NUMBER" "DB_TRANSPORT_PORT_NUMBER"; do - if ! err=$(validate_port "${!var}"); then - print_validation_error "An invalid port was specified in the environment variable $var: $err" - fi - done - - if ! is_boolean_yes "$DB_IS_DEDICATED_NODE"; then - warn "Setting ${DB_FLAVOR^^}_IS_DEDICATED_NODE is disabled." - warn "${DB_FLAVOR^^}_NODE_ROLES will be ignored and ${DB_FLAVOR^} will asume all different roles." - else - validate_node_roles - fi - - if [[ -n "$DB_BIND_ADDRESS" ]] && ! validate_ipv4 "$DB_BIND_ADDRESS"; then - print_validation_error "The Bind Address specified in the environment variable ${DB_FLAVOR^^}_BIND_ADDRESS is not a valid IPv4" - fi - - if is_boolean_yes "$DB_ENABLE_SECURITY"; then - if [[ "$DB_FLAVOR" = "opensearch" ]]; then - if [[ ! -f "$OPENSEARCH_SECURITY_ADMIN_KEY_LOCATION" ]] || [[ ! -f "$OPENSEARCH_SECURITY_ADMIN_CERT_LOCATION" ]]; then - print_validation_error "In order to enable Opensearch Security, you must provide a valid admin PEM key and certificate." - fi - if is_empty_value "$OPENSEARCH_SECURITY_NODES_DN"; then - print_validation_error "The variable OPENSEARCH_SECURITY_NODES_DN is required." - fi - if is_empty_value "$OPENSEARCH_SECURITY_ADMIN_DN"; then - print_validation_error "The variable OPENSEARCH_SECURITY_ADMIN_DN is required." - fi - if ! is_boolean_yes "$OPENSEARCH_ENABLE_REST_TLS"; then - print_validation_error "Opensearch does not support plaintext conections (HTTP) when Security is enabled." - fi - fi - if ! is_boolean_yes "$DB_SKIP_TRANSPORT_TLS"; then - if is_boolean_yes "$DB_TRANSPORT_TLS_USE_PEM"; then - if [[ ! -f "$DB_TRANSPORT_TLS_NODE_CERT_LOCATION" ]] || [[ ! -f "$DB_TRANSPORT_TLS_NODE_KEY_LOCATION" ]] || [[ ! -f "$DB_TRANSPORT_TLS_CA_CERT_LOCATION" ]]; then - print_validation_error "In order to configure the TLS encryption for ${DB_FLAVOR^} Transport you must provide your node key, certificate and a valid certification_authority certificate." - fi - elif [[ ! -f "$DB_TRANSPORT_TLS_KEYSTORE_LOCATION" ]] || [[ ! -f "$DB_TRANSPORT_TLS_TRUSTSTORE_LOCATION" ]]; then - print_validation_error "In order to configure the TLS encryption for ${DB_FLAVOR^} Transport with JKS/PKCS12 certs you must mount a valid keystore and truststore." - fi - fi - if is_boolean_yes "$DB_HTTP_TLS_USE_PEM"; then - if is_boolean_yes "$DB_HTTP_TLS_USE_PEM"; then - if [[ ! -f "$DB_HTTP_TLS_NODE_CERT_LOCATION" ]] || [[ ! -f "$DB_HTTP_TLS_NODE_KEY_LOCATION" ]] || [[ ! -f "$DB_HTTP_TLS_CA_CERT_LOCATION" ]]; then - print_validation_error "In order to configure the TLS encryption for ${DB_FLAVOR^} you must provide your node key, certificate and a valid certification_authority certificate." - fi - elif [[ ! -f "$DB_HTTP_TLS_KEYSTORE_LOCATION" ]] || [[ ! -f "$DB_HTTP_TLS_TRUSTSTORE_LOCATION" ]]; then - print_validation_error "In order to configure the TLS encryption for ${DB_FLAVOR^} with JKS/PKCS12 certs you must mount a valid keystore and truststore." - fi - fi - fi - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Determine the hostname by which Elasticsearch can be contacted -# Returns: -# The value of $DB_ADVERTISED_HOSTNAME or the current host address -######################## -get_elasticsearch_hostname() { - if [[ -n "$DB_ADVERTISED_HOSTNAME" ]]; then - echo "$DB_ADVERTISED_HOSTNAME" - else - get_machine_ip - fi -} - -######################## -# Evaluates the env variable DB_NODE_ROLES and replaces master with -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Array of node roles -######################### -get_elasticsearch_roles() { - read -r -a roles_list_tmp <<<"$(tr ',;' ' ' <<<"$DB_NODE_ROLES")" - roles_list=("${roles_list_tmp[@]}") - for i in "${!roles_list[@]}"; do - if [[ ${roles_list[$i]} == "master" ]] && [[ "$DB_FLAVOR" = "opensearch" && "$APP_VERSION" =~ ^2\. ]]; then - roles_list[i]="cluster_manager" - fi - done - echo "${roles_list[@]}" -} - -######################## -# Configure cluster settings -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_cluster_configuration() { - # Auxiliary functions - bind_address() { - if [[ -n "$DB_BIND_ADDRESS" ]]; then - echo "$DB_BIND_ADDRESS" - else - echo "0.0.0.0" - fi - } - - is_node_master() { - if is_boolean_yes "$DB_IS_DEDICATED_NODE"; then - if [ -n "$DB_NODE_ROLES" ]; then - read -r -a roles_list <<<"$(get_elasticsearch_roles)" - if [[ " ${roles_list[*]} " = *" master "* ]]; then - true - elif [[ "$DB_FLAVOR" = "opensearch" && " ${roles_list[*]} " = *" cluster_manager "* ]]; then - true - else - false - fi - else - false - fi - else - true - fi - } - - info "Configuring ${DB_FLAVOR^} cluster settings..." - elasticsearch_conf_set network.host "$(get_elasticsearch_hostname)" - elasticsearch_conf_set network.publish_host "$(get_elasticsearch_hostname)" - elasticsearch_conf_set network.bind_host "$(bind_address)" - elasticsearch_conf_set cluster.name "$DB_CLUSTER_NAME" - elasticsearch_conf_set node.name "${DB_NODE_NAME:-$(hostname)}" - - if [[ -n "$DB_CLUSTER_HOSTS" ]]; then - read -r -a host_list <<<"$(tr ',;' ' ' <<<"$DB_CLUSTER_HOSTS")" - master_list=("${host_list[@]}") - if [[ -n "$DB_CLUSTER_MASTER_HOSTS" ]]; then - read -r -a master_list <<<"$(tr ',;' ' ' <<<"$DB_CLUSTER_MASTER_HOSTS")" - fi - elasticsearch_conf_set discovery.seed_hosts "${host_list[@]}" - if is_node_master; then - if [[ "$DB_FLAVOR" = "opensearch" && "$APP_VERSION" =~ ^2\. ]]; then - elasticsearch_conf_set cluster.initial_cluster_manager_nodes "${master_list[@]}" - else - elasticsearch_conf_set cluster.initial_master_nodes "${master_list[@]}" - fi - fi - elasticsearch_conf_set discovery.initial_state_timeout "10m" - else - elasticsearch_conf_set "discovery.type" "single-node" - fi -} - -######################## -# Extend cluster settings with custom, user-provided config -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_custom_configuration() { - local custom_conf_file="${DB_CONF_DIR}/my_${DB_FLAVOR}.yml" - local -r tempfile=$(mktemp) - [[ ! -s "$custom_conf_file" ]] && return - info "Adding custom configuration" - yq eval-all 'select(fileIndex == 0) * select(fileIndex == 1)' "$DB_CONF_FILE" "$custom_conf_file" >"$tempfile" - cp "$tempfile" "$DB_CONF_FILE" -} - -######################## -# Configure node roles. -# There are 3 scenarios: -# * If DB_IS_DEDICATED_NODE is disabled, 'node.roles' is omitted and assumes all the roles (check docs). -# * Otherwise, 'node.roles' with a list of roles provided with DB_NODE_ROLES. -# * In addition, if DB_NODE_ROLES is empty, node.roles will be configured empty, meaning that the role is 'coordinating-only'. -# -# Docs ref: https://www.elastic.co/guide/en/opensearch/reference/current/modules-node.html -# -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_configure_node_roles() { - debug "Configure ${DB_FLAVOR^} Node roles..." - - local set_repo_path="no" - if is_boolean_yes "$DB_IS_DEDICATED_NODE"; then - read -r -a roles_list <<<"$(get_elasticsearch_roles)" - if [[ "${#roles_list[@]}" -eq 0 ]]; then - elasticsearch_conf_write node.roles "[]" int - else - elasticsearch_conf_set node.roles "${roles_list[@]}" - for role in "${roles_list[@]}"; do - case "$role" in - cluster_manager | master | data | data_content | data_hot | data_warm | data_cold | data_frozen) - set_repo_path="yes" - ;; - *) ;; - esac - done - fi - else - set_repo_path="yes" - fi - - if is_boolean_yes "$set_repo_path" && [[ -n "$DB_FS_SNAPSHOT_REPO_PATH" ]]; then - # Configure path.repo to restore snapshots from system repository - # It must be set on every cluster_manager an data node - # ref: https://www.elastic.co/guide/en/opensearch/reference/current/snapshots-register-repository.html#snapshots-filesystem-repository - elasticsearch_conf_set path.repo "$DB_FS_SNAPSHOT_REPO_PATH" - fi -} - -######################## -# Configure Heap Size -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_set_heap_size() { - local heap_size - - # Remove heap.options if it already exists - rm -f "${DB_CONF_DIR}/jvm.options.d/heap.options" - - if [[ -n "$DB_HEAP_SIZE" ]]; then - debug "Using specified values for Xmx and Xms heap options..." - heap_size="$DB_HEAP_SIZE" - else - debug "Calculating appropriate Xmx and Xms values..." - local machine_mem="" - machine_mem="$(get_total_memory)" - if [[ "$machine_mem" -lt 65536 ]]; then - local max_allowed_memory - local calculated_heap_size - calculated_heap_size="$((machine_mem / 2))" - max_allowed_memory="$((DB_MAX_ALLOWED_MEMORY_PERCENTAGE * machine_mem))" - max_allowed_memory="$((max_allowed_memory / 100))" - # Allow for absolute memory limit when calculating limit from percentage - if [[ -n "$DB_MAX_ALLOWED_MEMORY" && "$max_allowed_memory" -gt "$DB_MAX_ALLOWED_MEMORY" ]]; then - max_allowed_memory="$DB_MAX_ALLOWED_MEMORY" - fi - if [[ "$calculated_heap_size" -gt "$max_allowed_memory" ]]; then - info "Calculated Java heap size of ${calculated_heap_size} will be limited to ${max_allowed_memory}" - calculated_heap_size="$max_allowed_memory" - fi - heap_size="${calculated_heap_size}m" - - else - heap_size=32768m - fi - fi - debug "Setting '-Xmx${heap_size} -Xms${heap_size}' heap options..." - cat >"${DB_CONF_DIR}/jvm.options.d/heap.options" < plugin - # get_plugin_name file://plugin.zip -> plugin - # get_plugin_name http://plugin-0.1.2.zip -> plugin - get_plugin_name() { - local plugin="${1:?missing plugin}" - # Remove any paths, and strip both the .zip extension and the version - basename "$plugin" | sed -E -e 's/.zip$//' -e 's/-[0-9]+\.[0-9]+(\.[0-9]+){0,}$//' - } - - # Collect plugins that should be installed offline - read -r -a mounted_plugins <<<"$(find "$DB_MOUNTED_PLUGINS_DIR" -type f -name "*.zip" -print0 | xargs -0)" - if [[ "${#mounted_plugins[@]}" -gt 0 ]]; then - for plugin in "${mounted_plugins[@]}"; do - plugins_list+=("file://${plugin}") - done - fi - - # Skip if there isn't any plugin to install - [[ -z "${plugins_list[*]:-}" ]] && return - - # Install plugins - debug "Installing plugins: ${plugins_list[*]}" - for plugin in "${plugins_list[@]}"; do - plugin_name="$(get_plugin_name "$plugin")" - [[ -n "$mandatory_plugins" ]] && mandatory_plugins="${mandatory_plugins},${plugin_name}" || mandatory_plugins="$plugin_name" - - # Check if the plugin was already installed - if [[ -d "${DB_PLUGINS_DIR}/${plugin_name}" ]]; then - debug "Plugin already installed: ${plugin}" - continue - fi - - debug "Installing plugin: ${plugin}" - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - "$cmd" install -b -v "$plugin" - else - "$cmd" install -b -v "$plugin" >/dev/null 2>&1 - fi - done - - # Mark plugins as mandatory - elasticsearch_conf_set plugin.mandatory "$mandatory_plugins" -} - -######################## -# Run custom initialization scripts -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_custom_init_scripts() { - read -r -a init_scripts <<<"$(find "$DB_INITSCRIPTS_DIR" -type f -name "*.sh" -print0 | xargs -0)" - if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "$DB_VOLUME_DIR"/.user_scripts_initialized ]]; then - info "Loading user's custom files from $DB_INITSCRIPTS_DIR" - for f in "${init_scripts[@]}"; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$DB_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Modify log4j2.properties to send events to stdout instead of a logfile -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -elasticsearch_configure_logging() { - # Back up the original file for users who'd like to use logfile logging - cp "${DB_CONF_DIR}/log4j2.properties" "${DB_CONF_DIR}/log4j2.file.properties" - - # Replace RollingFile with Console - replace_in_file "${DB_CONF_DIR}/log4j2.properties" "RollingFile" "Console" - - local -a delete_patterns=( - # Remove RollingFile specific settings - "^.*\.policies\..*$" "^.*\.filePattern.*$" "^.*\.fileName.*$" "^.*\.strategy\..*$" - # Remove headers - "^###.*$" - # Remove .log and .json because of multiline configurations (filename) - "^\s\s.*\.log" "^\s\s.*\.json" - # Remove default rolling logger and references - "^appender\.rolling" "appenderRef\.rolling" - # Remove _old loggers - "_old\." - # Remove .filePermissions config - "\.filePermissions" - ) - for pattern in "${delete_patterns[@]}"; do - remove_in_file "${DB_CONF_DIR}/log4j2.properties" "$pattern" - done -} - -######################## -# Check Elasticsearch/Opensearch health -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# 0 when healthy (or waiting for Opensearch security bootstrap) -# 1 when unhealthy -######################### -elasticsearch_healthcheck() { - info "Checking ${DB_FLAVOR^} health..." - local -r cmd="curl" - local command_args=("--silent" "--write-out" "%{http_code}") - local protocol="http" - local host - - host=$(get_elasticsearch_hostname) - if validate_ipv6 "$host"; then - host="[${host}]" - fi - - if is_boolean_yes "$DB_ENABLE_SECURITY"; then - command_args+=("-k" "--user" "${DB_USERNAME}:${DB_PASSWORD}") - is_boolean_yes "$DB_ENABLE_REST_TLS" && protocol="https" - fi - - # Combination of --silent, --output and --write-out allows us to obtain both the status code and the request body - output=$(mktemp) - command_args+=("-o" "$output" "${protocol}://${host}:${DB_HTTP_PORT_NUMBER}/_cluster/health?local=true") - HTTP_CODE=$("$cmd" "${command_args[@]}") - if [[ ${HTTP_CODE} -ge 200 && ${HTTP_CODE} -le 299 ]] || ([[ "$DB_FLAVOR" = "opensearch" ]] && [[ ${HTTP_CODE} -eq 503 ]] && grep -q "OpenSearch Security not initialized" "$output" ); then - rm "$output" - return 0 - else - rm "$output" - return 1 - fi -} diff --git a/bitnami/elasticsearch/7/debian-12/tags-info.yaml b/bitnami/elasticsearch/7/debian-12/tags-info.yaml deleted file mode 100644 index 7d0322a3a34ac..0000000000000 --- a/bitnami/elasticsearch/7/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "7" -- 7-debian-12 -- 7.17.21 diff --git a/bitnami/elasticsearch/8/debian-12/Dockerfile b/bitnami/elasticsearch/8/debian-12/Dockerfile index b7c892cb7ca07..9f2e1d15cfbd3 100644 --- a/bitnami/elasticsearch/8/debian-12/Dockerfile +++ b/bitnami/elasticsearch/8/debian-12/Dockerfile @@ -3,21 +3,22 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG ELASTICSEARCH_PLUGINS ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T11:53:28Z" \ + org.opencontainers.image.created="2025-01-11T18:19:45Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="8.13.4-debian-12-r0" \ + org.opencontainers.image.ref.name="8.17.0-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch" \ org.opencontainers.image.title="elasticsearch" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="8.13.4" + org.opencontainers.image.version="8.17.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -31,14 +32,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libasound2-dev libc6 libfreetype6 libfreetype6-dev libgcc1 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-1-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "elasticsearch-8.13.4-0-linux-${OS_ARCH}-debian-12" \ + "yq-4.44.6-0-linux-${OS_ARCH}-debian-12" \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "elasticsearch-8.17.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -52,7 +53,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/elasticsearch/postunpack.sh RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="8.13.4" \ +ENV APP_VERSION="8.17.0" \ BITNAMI_APP_NAME="elasticsearch" \ ES_JAVA_HOME="/opt/bitnami/java" \ JAVA_HOME="/opt/bitnami/java" \ diff --git a/bitnami/elasticsearch/8/debian-12/docker-compose.yml b/bitnami/elasticsearch/8/debian-12/docker-compose.yml index 9528533f7ada2..e11ed29e524fb 100644 --- a/bitnami/elasticsearch/8/debian-12/docker-compose.yml +++ b/bitnami/elasticsearch/8/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: elasticsearch: image: docker.io/bitnami/elasticsearch:8 diff --git a/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 19a6085283f2f..ec2e71b322054 100644 --- a/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.13.4-0" + "version": "8.17.0-0" }, "java": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "17.0.11-10-1" + "version": "17.0.13-12-1" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-1" + "version": "4.44.6-0" } } \ No newline at end of file diff --git a/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 94e52dbd8a767..004e426fba178 100644 --- a/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/elasticsearch/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -69,8 +69,7 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - - # Check if the first IP address is IPv6 and add brackets + # Check if the first IP address is IPv6 to add brackets if validate_ipv6 "${ip_addresses[0]}" ; then echo "[${ip_addresses[0]}]" else diff --git a/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh index 8557631d25490..38802fc0bfe91 100755 --- a/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ b/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -13,6 +13,11 @@ set -o pipefail . /opt/bitnami/scripts/libbitnami.sh . /opt/bitnami/scripts/liblog.sh +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + print_welcome_page echo "" diff --git a/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh b/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh index 15e224cc6ebd4..ad5bf51b13604 100644 --- a/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh +++ b/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh @@ -595,8 +595,8 @@ elasticsearch_configure_node_roles() { if is_boolean_yes "$set_repo_path" && [[ -n "$DB_FS_SNAPSHOT_REPO_PATH" ]]; then # Configure path.repo to restore snapshots from system repository - # It must be set on every cluster_manager an data node - # ref: https://www.elastic.co/guide/en/opensearch/reference/current/snapshots-register-repository.html#snapshots-filesystem-repository + # It must be set on every cluster_manager and data node + # ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-filesystem-repository.html elasticsearch_conf_set path.repo "$DB_FS_SNAPSHOT_REPO_PATH" fi } @@ -693,6 +693,20 @@ elasticsearch_initialize() { am_i_root && is_mounted_dir_empty "$dir" && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir" done + if is_file_writable "${DB_CONF_DIR}/jvm.options" && is_file_writable "${DB_CONF_DIR}/jvm.options.d"; then + if is_boolean_yes "$DB_DISABLE_JVM_HEAP_DUMP"; then + info "Disabling JVM heap dumps..." + replace_in_file "${DB_CONF_DIR}/jvm.options" "-XX:[+]HeapDumpOnOutOfMemoryError" "# -XX:+HeapDumpOnOutOfMemoryError" + fi + if is_boolean_yes "$DB_DISABLE_GC_LOGS"; then + info "Disabling JVM GC logs..." + replace_in_file "${DB_CONF_DIR}/jvm.options" "(^.*logs[/]gc.log.*$)" "# \1" + fi + elasticsearch_set_heap_size + else + warn "The JVM options configuration files are not writable. Configurations based on environment variables will not be applied" + fi + if [[ -f "$DB_CONF_FILE" ]]; then info "Custom configuration file detected, using it..." else @@ -743,20 +757,6 @@ elasticsearch_initialize() { fi fi fi - - if is_file_writable "${DB_CONF_DIR}/jvm.options" && is_file_writable "${DB_CONF_DIR}/jvm.options.d"; then - if is_boolean_yes "$DB_DISABLE_JVM_HEAP_DUMP"; then - info "Disabling JVM heap dumps..." - replace_in_file "${DB_CONF_DIR}/jvm.options" "-XX:[+]HeapDumpOnOutOfMemoryError" "# -XX:+HeapDumpOnOutOfMemoryError" - fi - if is_boolean_yes "$DB_DISABLE_GC_LOGS"; then - info "Disabling JVM GC logs..." - replace_in_file "${DB_CONF_DIR}/jvm.options" "(^.*logs[/]gc.log.*$)" "# \1" - fi - elasticsearch_set_heap_size - else - warn "The JVM options configuration files are not writable. Configurations based on environment variables will not be applied" - fi } ######################## diff --git a/bitnami/elasticsearch/8/debian-12/tags-info.yaml b/bitnami/elasticsearch/8/debian-12/tags-info.yaml index ae6ae606ffce0..29c22b8e57647 100644 --- a/bitnami/elasticsearch/8/debian-12/tags-info.yaml +++ b/bitnami/elasticsearch/8/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "8" - 8-debian-12 -- 8.13.4 +- 8.17.0 - latest diff --git a/bitnami/elasticsearch/README.md b/bitnami/elasticsearch/README.md index 6f7963332fcec..5c642668093a3 100644 --- a/bitnami/elasticsearch/README.md +++ b/bitnami/elasticsearch/README.md @@ -24,7 +24,7 @@ You can find the available configuration options in the [Environment Variables]( * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Elasticsearch in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Elasticsearch in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Elasticsearch in Kubernetes? @@ -34,11 +34,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -198,7 +204,7 @@ docker-compose up -d | `ELASTICSEARCH_IS_DEDICATED_NODE` | If false, Elasticsearch will be configured with all the roles, deploy as dedicated node using DB_NODE_ROLES. | `no` | | `ELASTICSEARCH_MINIMUM_MASTER_NODES` | Minimum number of master nodes | `nil` | | `ELASTICSEARCH_NODE_NAME` | Elasticsearch node name | `nil` | -| `ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH` | Elasticsearch node port number | `nil` | +| `ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH` | Elasticsearch repo path to restore snapshots from system repository | `nil` | | `ELASTICSEARCH_NODE_ROLES` | Comma-separated list of Elasticsearch roles. If empty, will be deployed as a coordinating-only node. | `nil` | | `ELASTICSEARCH_PLUGINS` | List of Elasticsearch plugins to activate | `nil` | | `ELASTICSEARCH_TRANSPORT_PORT_NUMBER` | Elasticsearch node port number | `9300` | @@ -552,7 +558,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/elasticsearch/docker-compose-cluster.yml b/bitnami/elasticsearch/docker-compose-cluster.yml index 80872911816f4..cf61ffe0e90e9 100644 --- a/bitnami/elasticsearch/docker-compose-cluster.yml +++ b/bitnami/elasticsearch/docker-compose-cluster.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: elasticsearch-node1: image: docker.io/bitnami/elasticsearch:8 diff --git a/bitnami/elasticsearch/docker-compose.yml b/bitnami/elasticsearch/docker-compose.yml index 9528533f7ada2..e11ed29e524fb 100644 --- a/bitnami/elasticsearch/docker-compose.yml +++ b/bitnami/elasticsearch/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: elasticsearch: image: docker.io/bitnami/elasticsearch:8 diff --git a/bitnami/envoy/1.27/debian-12/Dockerfile b/bitnami/envoy/1.27/debian-12/Dockerfile deleted file mode 100644 index 520fe452cfb50..0000000000000 --- a/bitnami/envoy/1.27/debian-12/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T21:41:46Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/envoy/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.27.5-debian-12-r5" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/envoy" \ - org.opencontainers.image.title="envoy" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.27.5" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "envoy-1.27.5-3-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -ENV APP_VERSION="1.27.5" \ - BITNAMI_APP_NAME="envoy" \ - PATH="/opt/bitnami/envoy/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/envoy/bin/envoy" ] -CMD [ "-c", "/opt/bitnami/envoy/conf/envoy.yaml" ] diff --git a/bitnami/envoy/1.27/debian-12/docker-compose.yml b/bitnami/envoy/1.27/debian-12/docker-compose.yml deleted file mode 100644 index 628cda3372f9b..0000000000000 --- a/bitnami/envoy/1.27/debian-12/docker-compose.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - envoy: - image: docker.io/bitnami/envoy:1.27 diff --git a/bitnami/envoy/1.27/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/envoy/1.27/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index b16c3d53fca60..0000000000000 --- a/bitnami/envoy/1.27/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "envoy": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.27.5-3" - } -} \ No newline at end of file diff --git a/bitnami/envoy/1.27/debian-12/tags-info.yaml b/bitnami/envoy/1.27/debian-12/tags-info.yaml deleted file mode 100644 index 5a4cdab86c7d3..0000000000000 --- a/bitnami/envoy/1.27/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "1.27" -- 1.27-debian-12 -- 1.27.5 diff --git a/bitnami/envoy/1.28/debian-12/Dockerfile b/bitnami/envoy/1.28/debian-12/Dockerfile deleted file mode 100644 index bf6b221eef838..0000000000000 --- a/bitnami/envoy/1.28/debian-12/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T06:17:35Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/envoy/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.28.3-debian-12-r5" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/envoy" \ - org.opencontainers.image.title="envoy" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.28.3" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "envoy-1.28.3-10-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -ENV APP_VERSION="1.28.3" \ - BITNAMI_APP_NAME="envoy" \ - PATH="/opt/bitnami/envoy/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/envoy/bin/envoy" ] -CMD [ "-c", "/opt/bitnami/envoy/conf/envoy.yaml" ] diff --git a/bitnami/envoy/1.28/debian-12/docker-compose.yml b/bitnami/envoy/1.28/debian-12/docker-compose.yml deleted file mode 100644 index a56456ed9b570..0000000000000 --- a/bitnami/envoy/1.28/debian-12/docker-compose.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - envoy: - image: docker.io/bitnami/envoy:1.28 diff --git a/bitnami/envoy/1.28/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/envoy/1.28/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 145629245c714..0000000000000 --- a/bitnami/envoy/1.28/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "envoy": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.28.3-10" - } -} \ No newline at end of file diff --git a/bitnami/envoy/1.28/debian-12/tags-info.yaml b/bitnami/envoy/1.28/debian-12/tags-info.yaml deleted file mode 100644 index e320a5f778b90..0000000000000 --- a/bitnami/envoy/1.28/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "1.28" -- 1.28-debian-12 -- 1.28.3 diff --git a/bitnami/envoy/1.29/README.md b/bitnami/envoy/1.29/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/envoy/1.29/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/envoy/1.29/debian-12/Dockerfile b/bitnami/envoy/1.29/debian-12/Dockerfile deleted file mode 100644 index d68970189a9e6..0000000000000 --- a/bitnami/envoy/1.29/debian-12/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T00:40:44Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/envoy/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.29.4-debian-12-r6" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/envoy" \ - org.opencontainers.image.title="envoy" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.29.4" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "envoy-1.29.4-3-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -ENV APP_VERSION="1.29.4" \ - BITNAMI_APP_NAME="envoy" \ - PATH="/opt/bitnami/envoy/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/envoy/bin/envoy" ] -CMD [ "-c", "/opt/bitnami/envoy/conf/envoy.yaml" ] diff --git a/bitnami/envoy/1.29/debian-12/docker-compose.yml b/bitnami/envoy/1.29/debian-12/docker-compose.yml deleted file mode 100644 index 932e055b65a63..0000000000000 --- a/bitnami/envoy/1.29/debian-12/docker-compose.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - envoy: - image: docker.io/bitnami/envoy:1.29 diff --git a/bitnami/envoy/1.29/debian-12/examples/frontend.yaml b/bitnami/envoy/1.29/debian-12/examples/frontend.yaml deleted file mode 100644 index 0803f3c363620..0000000000000 --- a/bitnami/envoy/1.29/debian-12/examples/frontend.yaml +++ /dev/null @@ -1,58 +0,0 @@ -admin: - access_log_path: /tmp/admin_access.log - address: - socket_address: { address: 127.0.0.1, port_value: 8081 } - -static_resources: - listeners: - - name: listener_0 - address: - socket_address: { address: 0.0.0.0, port_value: 8080 } - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: { prefix: "/nginx" } - route: { cluster: service1, prefix_rewrite: "/" } - - match: { prefix: "/apache" } - route: { cluster: service2, prefix_rewrite: "/" } - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - clusters: - - name: service1 - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: some_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: service1 - port_value: 8080 - - name: service2 - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: some_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: service2 - port_value: 8080 diff --git a/bitnami/envoy/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/envoy/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 991eed82e1757..0000000000000 --- a/bitnami/envoy/1.29/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "envoy": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.29.4-3" - } -} \ No newline at end of file diff --git a/bitnami/envoy/1.29/debian-12/tags-info.yaml b/bitnami/envoy/1.29/debian-12/tags-info.yaml deleted file mode 100644 index 26deb7fc6e119..0000000000000 --- a/bitnami/envoy/1.29/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "1.29" -- 1.29-debian-12 -- 1.29.4 diff --git a/bitnami/envoy/1.30/README.md b/bitnami/envoy/1.30/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/envoy/1.30/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/envoy/1.30/debian-12/Dockerfile b/bitnami/envoy/1.30/debian-12/Dockerfile deleted file mode 100644 index 5d14e346de49e..0000000000000 --- a/bitnami/envoy/1.30/debian-12/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T23:18:47Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/envoy/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.30.1-debian-12-r2" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/envoy" \ - org.opencontainers.image.title="envoy" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.30.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "envoy-1.30.1-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -ENV APP_VERSION="1.30.1" \ - BITNAMI_APP_NAME="envoy" \ - PATH="/opt/bitnami/envoy/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/envoy/bin/envoy" ] -CMD [ "-c", "/opt/bitnami/envoy/conf/envoy.yaml" ] diff --git a/bitnami/envoy/1.30/debian-12/docker-compose.yml b/bitnami/envoy/1.30/debian-12/docker-compose.yml deleted file mode 100644 index 2fff772bba05e..0000000000000 --- a/bitnami/envoy/1.30/debian-12/docker-compose.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - envoy: - image: docker.io/bitnami/envoy:1.30 diff --git a/bitnami/envoy/1.30/debian-12/examples/frontend.yaml b/bitnami/envoy/1.30/debian-12/examples/frontend.yaml deleted file mode 100644 index 0803f3c363620..0000000000000 --- a/bitnami/envoy/1.30/debian-12/examples/frontend.yaml +++ /dev/null @@ -1,58 +0,0 @@ -admin: - access_log_path: /tmp/admin_access.log - address: - socket_address: { address: 127.0.0.1, port_value: 8081 } - -static_resources: - listeners: - - name: listener_0 - address: - socket_address: { address: 0.0.0.0, port_value: 8080 } - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: { prefix: "/nginx" } - route: { cluster: service1, prefix_rewrite: "/" } - - match: { prefix: "/apache" } - route: { cluster: service2, prefix_rewrite: "/" } - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - clusters: - - name: service1 - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: some_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: service1 - port_value: 8080 - - name: service2 - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: some_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: service2 - port_value: 8080 diff --git a/bitnami/envoy/1.30/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/envoy/1.30/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 40dcc876f645d..0000000000000 --- a/bitnami/envoy/1.30/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "envoy": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.30.1-1" - } -} \ No newline at end of file diff --git a/bitnami/envoy/1.31/README.md b/bitnami/envoy/1.31/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/envoy/1.31/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/envoy/1.31/debian-12/Dockerfile b/bitnami/envoy/1.31/debian-12/Dockerfile new file mode 100644 index 0000000000000..e887661cd25a1 --- /dev/null +++ b/bitnami/envoy/1.31/debian-12/Dockerfile @@ -0,0 +1,55 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2024-12-18T21:55:05Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/envoy/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="1.31.5-debian-12-r0" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/envoy" \ + org.opencontainers.image.title="envoy" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="1.31.5" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "envoy-1.31.5-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +ENV APP_VERSION="1.31.5" \ + BITNAMI_APP_NAME="envoy" \ + PATH="/opt/bitnami/envoy/bin:$PATH" + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/envoy/bin/envoy" ] +CMD [ "-c", "/opt/bitnami/envoy/conf/envoy.yaml" ] diff --git a/bitnami/envoy/1.31/debian-12/docker-compose-testing.yml b/bitnami/envoy/1.31/debian-12/docker-compose-testing.yml new file mode 100644 index 0000000000000..9b0ab7cf0412a --- /dev/null +++ b/bitnami/envoy/1.31/debian-12/docker-compose-testing.yml @@ -0,0 +1,16 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + + envoy: + image: docker.io/bitnami/envoy:1.31 + volumes: + - ./examples/frontend.yaml:/opt/bitnami/envoy/conf/envoy.yaml + + service1: + image: bitnami/nginx + + service2: + image: bitnami/apache + diff --git a/bitnami/envoy/1.31/debian-12/docker-compose.yml b/bitnami/envoy/1.31/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..fce2ec3ff97fd --- /dev/null +++ b/bitnami/envoy/1.31/debian-12/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + envoy: + image: docker.io/bitnami/envoy:1.31 diff --git a/bitnami/envoy/1.27/debian-12/examples/frontend.yaml b/bitnami/envoy/1.31/debian-12/examples/frontend.yaml similarity index 100% rename from bitnami/envoy/1.27/debian-12/examples/frontend.yaml rename to bitnami/envoy/1.31/debian-12/examples/frontend.yaml diff --git a/bitnami/envoy/1.31/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/envoy/1.31/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..31d247ae64ebf --- /dev/null +++ b/bitnami/envoy/1.31/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "envoy": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.31.5-0" + } +} \ No newline at end of file diff --git a/bitnami/contour/1.28/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/envoy/1.31/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/contour/1.28/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/envoy/1.31/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/contour/1.28/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/envoy/1.31/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/contour/1.28/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/envoy/1.31/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/contour/1.28/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/envoy/1.31/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/contour/1.28/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/envoy/1.31/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/envoy/1.31/debian-12/tags-info.yaml b/bitnami/envoy/1.31/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..ae7ec7cdb397a --- /dev/null +++ b/bitnami/envoy/1.31/debian-12/tags-info.yaml @@ -0,0 +1,4 @@ +rolling-tags: +- "1.31" +- 1.31-debian-12 +- 1.31.5 diff --git a/bitnami/envoy/1.32/debian-12/Dockerfile b/bitnami/envoy/1.32/debian-12/Dockerfile new file mode 100644 index 0000000000000..4f1aad96cfcc1 --- /dev/null +++ b/bitnami/envoy/1.32/debian-12/Dockerfile @@ -0,0 +1,55 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2024-12-18T22:55:46Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/envoy/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="1.32.3-debian-12-r0" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/envoy" \ + org.opencontainers.image.title="envoy" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="1.32.3" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "envoy-1.32.3-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +ENV APP_VERSION="1.32.3" \ + BITNAMI_APP_NAME="envoy" \ + PATH="/opt/bitnami/envoy/bin:$PATH" + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/envoy/bin/envoy" ] +CMD [ "-c", "/opt/bitnami/envoy/conf/envoy.yaml" ] diff --git a/bitnami/envoy/1.32/debian-12/docker-compose.yml b/bitnami/envoy/1.32/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..2b9522bc249d5 --- /dev/null +++ b/bitnami/envoy/1.32/debian-12/docker-compose.yml @@ -0,0 +1,6 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + envoy: + image: docker.io/bitnami/envoy:1.32 diff --git a/bitnami/envoy/1.28/debian-12/examples/frontend.yaml b/bitnami/envoy/1.32/debian-12/examples/frontend.yaml similarity index 100% rename from bitnami/envoy/1.28/debian-12/examples/frontend.yaml rename to bitnami/envoy/1.32/debian-12/examples/frontend.yaml diff --git a/bitnami/envoy/1.32/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/envoy/1.32/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..995e0b3b5a1fe --- /dev/null +++ b/bitnami/envoy/1.32/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "envoy": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.32.3-0" + } +} \ No newline at end of file diff --git a/bitnami/contour/1.29/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/envoy/1.32/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/contour/1.29/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/envoy/1.32/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/contour/1.29/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/envoy/1.32/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/contour/1.29/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/envoy/1.32/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/contour/1.29/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/envoy/1.32/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/contour/1.29/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/envoy/1.32/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/envoy/1.32/debian-12/tags-info.yaml b/bitnami/envoy/1.32/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..6964a16551394 --- /dev/null +++ b/bitnami/envoy/1.32/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "1.32" +- 1.32-debian-12 +- 1.32.3 +- latest diff --git a/bitnami/envoy/README.md b/bitnami/envoy/README.md index 06f429a409212..029fdc558b59d 100644 --- a/bitnami/envoy/README.md +++ b/bitnami/envoy/README.md @@ -22,11 +22,17 @@ docker run --name envoy bitnami/envoy:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Envoy in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Envoy in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/envoy/docker-compose-testing.yml b/bitnami/envoy/docker-compose-testing.yml new file mode 100644 index 0000000000000..ffb532c235dd6 --- /dev/null +++ b/bitnami/envoy/docker-compose-testing.yml @@ -0,0 +1,16 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + + envoy: + image: docker.io/bitnami/envoy:1.32 + volumes: + - ./examples/frontend.yaml:/opt/bitnami/envoy/conf/envoy.yaml + + service1: + image: bitnami/nginx + + service2: + image: bitnami/apache + diff --git a/bitnami/envoy/docker-compose.yml b/bitnami/envoy/docker-compose.yml index 2fff772bba05e..2b9522bc249d5 100644 --- a/bitnami/envoy/docker-compose.yml +++ b/bitnami/envoy/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: envoy: - image: docker.io/bitnami/envoy:1.30 + image: docker.io/bitnami/envoy:1.32 diff --git a/bitnami/etcd/3.4/README.md b/bitnami/etcd/3.4/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/etcd/3.4/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/etcd/3.4/debian-12/Dockerfile b/bitnami/etcd/3.4/debian-12/Dockerfile deleted file mode 100644 index 6e6e07266fe0d..0000000000000 --- a/bitnami/etcd/3.4/debian-12/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:25:28Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/etcd/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.4.32-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/etcd" \ - org.opencontainers.image.title="etcd" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.4.32" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "yq-4.44.1-0-linux-${OS_ARCH}-debian-12" \ - "etcd-3.4.32-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y ca-certificates curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/etcd/postunpack.sh -ENV APP_VERSION="3.4.32" \ - BITNAMI_APP_NAME="etcd" \ - ETCDCTL_API="3" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/etcd/bin:$PATH" - -EXPOSE 2379 2380 - -WORKDIR /opt/bitnami/etcd -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/etcd/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/etcd/run.sh" ] diff --git a/bitnami/etcd/3.4/debian-12/docker-compose.yml b/bitnami/etcd/3.4/debian-12/docker-compose.yml deleted file mode 100644 index 328b28234812f..0000000000000 --- a/bitnami/etcd/3.4/debian-12/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - etcd: - image: docker.io/bitnami/etcd:3.4 - environment: - - ALLOW_NONE_AUTHENTICATION=yes - volumes: - - etcd_data:/bitnami/etcd -volumes: - etcd_data: - driver: local diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 65cba19541312..0000000000000 --- a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "etcd": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.4.32-2" - }, - "yq": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "4.44.1-0" - } -} \ No newline at end of file diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd-env.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd-env.sh deleted file mode 100644 index 723c73a9f1da1..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd-env.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for etcd - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-etcd}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -etcd_env_vars=( - ETCD_SNAPSHOTS_DIR - ETCD_SNAPSHOT_HISTORY_LIMIT - ETCD_INIT_SNAPSHOTS_DIR - ALLOW_NONE_AUTHENTICATION - ETCD_ROOT_PASSWORD - ETCD_CLUSTER_DOMAIN - ETCD_START_FROM_SNAPSHOT - ETCD_DISASTER_RECOVERY - ETCD_ON_K8S - ETCD_INIT_SNAPSHOT_FILENAME - ETCDCTL_API - ETCD_DISABLE_STORE_MEMBER_ID - ETCD_DISABLE_PRESTOP - ETCD_NAME - ETCD_LOG_LEVEL - ETCD_LISTEN_CLIENT_URLS - ETCD_ADVERTISE_CLIENT_URLS - ETCD_INITIAL_CLUSTER - ETCD_INITIAL_CLUSTER_STATE - ETCD_LISTEN_PEER_URLS - ETCD_INITIAL_ADVERTISE_PEER_URLS - ETCD_INITIAL_CLUSTER_TOKEN - ETCD_AUTO_TLS - ETCD_CERT_FILE - ETCD_KEY_FILE - ETCD_TRUSTED_CA_FILE - ETCD_CLIENT_CERT_AUTH - ETCD_PEER_AUTO_TLS -) -for env_var in "${etcd_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset etcd_env_vars - -# Paths -export ETCD_BASE_DIR="/opt/bitnami/etcd" -export ETCD_VOLUME_DIR="/bitnami/etcd" -export ETCD_BIN_DIR="${ETCD_BASE_DIR}/bin" -export ETCD_DATA_DIR="${ETCD_VOLUME_DIR}/data" -export ETCD_CONF_DIR="${ETCD_BASE_DIR}/conf" -export ETCD_DEFAULT_CONF_DIR="${ETCD_BASE_DIR}/conf.default" -export ETCD_TMP_DIR="${ETCD_BASE_DIR}/tmp" -export ETCD_CONF_FILE="${ETCD_CONF_DIR}/etcd.yaml" -export ETCD_SNAPSHOTS_DIR="${ETCD_SNAPSHOTS_DIR:-/snapshots}" -export ETCD_SNAPSHOT_HISTORY_LIMIT="${ETCD_SNAPSHOT_HISTORY_LIMIT:-1}" -export ETCD_INIT_SNAPSHOTS_DIR="${ETCD_INIT_SNAPSHOTS_DIR:-/init-snapshot}" -export ETCD_NEW_MEMBERS_ENV_FILE="${ETCD_DATA_DIR}/new_member_envs" -export PATH="${ETCD_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" - -# System users (when running with a privileged user) -export ETCD_DAEMON_USER="etcd" -export ETCD_DAEMON_GROUP="etcd" - -# etcd settings -export ALLOW_NONE_AUTHENTICATION="${ALLOW_NONE_AUTHENTICATION:-no}" -export ETCD_ROOT_PASSWORD="${ETCD_ROOT_PASSWORD:-}" -export ETCD_CLUSTER_DOMAIN="${ETCD_CLUSTER_DOMAIN:-}" -export ETCD_START_FROM_SNAPSHOT="${ETCD_START_FROM_SNAPSHOT:-no}" -export ETCD_DISASTER_RECOVERY="${ETCD_DISASTER_RECOVERY:-no}" -export ETCD_ON_K8S="${ETCD_ON_K8S:-no}" -export ETCD_INIT_SNAPSHOT_FILENAME="${ETCD_INIT_SNAPSHOT_FILENAME:-}" -export ETCDCTL_API="${ETCDCTL_API:-3}" -export ETCD_DISABLE_STORE_MEMBER_ID="${ETCD_DISABLE_STORE_MEMBER_ID:-no}" -export ETCD_DISABLE_PRESTOP="${ETCD_DISABLE_PRESTOP:-no}" - -# etcd native environment variables (see https://etcd.io/docs/current/op-guide/configuration) -export ETCD_NAME="${ETCD_NAME:-}" -export ETCD_LOG_LEVEL="${ETCD_LOG_LEVEL:-info}" -export ETCD_LISTEN_CLIENT_URLS="${ETCD_LISTEN_CLIENT_URLS:-http://0.0.0.0:2379}" -export ETCD_ADVERTISE_CLIENT_URLS="${ETCD_ADVERTISE_CLIENT_URLS:-http://127.0.0.1:2379}" -export ETCD_INITIAL_CLUSTER="${ETCD_INITIAL_CLUSTER:-}" -export ETCD_INITIAL_CLUSTER_STATE="${ETCD_INITIAL_CLUSTER_STATE:-}" -export ETCD_LISTEN_PEER_URLS="${ETCD_LISTEN_PEER_URLS:-}" -export ETCD_INITIAL_ADVERTISE_PEER_URLS="${ETCD_INITIAL_ADVERTISE_PEER_URLS:-}" -export ETCD_INITIAL_CLUSTER_TOKEN="${ETCD_INITIAL_CLUSTER_TOKEN:-}" -export ETCD_AUTO_TLS="${ETCD_AUTO_TLS:-false}" -export ETCD_CERT_FILE="${ETCD_CERT_FILE:-}" -export ETCD_KEY_FILE="${ETCD_KEY_FILE:-}" -export ETCD_TRUSTED_CA_FILE="${ETCD_TRUSTED_CA_FILE:-}" -export ETCD_CLIENT_CERT_AUTH="${ETCD_CLIENT_CERT_AUTH:-false}" -export ETCD_PEER_AUTO_TLS="${ETCD_PEER_AUTO_TLS:-false}" - -# Custom environment variables may be defined below diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/entrypoint.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/entrypoint.sh deleted file mode 100755 index 6502c15e308bb..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/entrypoint.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh - -# Load etcd environment variables -. /opt/bitnami/scripts/etcd-env.sh - -print_welcome_page - -if ! is_dir_empty "$ETCD_DEFAULT_CONF_DIR"; then - # We add the copy from default config in the entrypoint to not break users - # bypassing the setup.sh logic. If the file already exists do not overwrite (in - # case someone mounts a configuration file in /opt/bitnami/etcd/conf) - debug "Copying files from $ETCD_DEFAULT_CONF_DIR to $ETCD_CONF_DIR" - cp -nfr "$ETCD_DEFAULT_CONF_DIR"/. "$ETCD_CONF_DIR" -fi - -if [[ "$1" = "/opt/bitnami/scripts/etcd/run.sh" ]]; then - info "** Starting etcd setup **" - /opt/bitnami/scripts/etcd/setup.sh - info "** etcd setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh deleted file mode 100755 index 28e21f577d1f4..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o pipefail -set -o nounset - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libetcd.sh - -# Load etcd environment settings -. /opt/bitnami/scripts/etcd-env.sh - -read -r -a advertised_array <<< "$(tr ',;' ' ' <<< "$ETCD_ADVERTISE_CLIENT_URLS")" -host="$(parse_uri "${advertised_array[0]}" "host")" -port="$(parse_uri "${advertised_array[0]}" "port")" -read -r -a extra_flags <<< "$(etcdctl_auth_flags)" -extra_flags+=("--endpoints=${host}:${port}") -if [[ $ETCD_AUTO_TLS = true ]]; then - extra_flags+=("--insecure-skip-tls-verify") -fi -if etcdctl endpoint health "${extra_flags[@]}"; then - exit 0 -else - error "Unhealthy endpoint!" - exit 1 -fi diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/postunpack.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/postunpack.sh deleted file mode 100755 index 168a8a40331d2..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/postunpack.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh - -# Load etcd environment variables -. /opt/bitnami/scripts/etcd-env.sh - -for dir in "$ETCD_BIN_DIR" "$ETCD_DATA_DIR" "$ETCD_CONF_DIR" "$ETCD_DEFAULT_CONF_DIR" "${ETCD_BASE_DIR}/certs"; do - ensure_dir_exists "$dir" -done -chmod -R g+rwX "$ETCD_DATA_DIR" "${ETCD_BASE_DIR}/certs" - -if ! is_dir_empty "$ETCD_CONF_DIR"; then - # Copy all initially generated configuration files to the default directory - # (this is to avoid breaking when entrypoint is being overridden) - cp -r "${ETCD_CONF_DIR}/"* "$ETCD_DEFAULT_CONF_DIR" -fi \ No newline at end of file diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/prestop.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/prestop.sh deleted file mode 100755 index 9807c6937697f..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/prestop.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 -set -o errexit -set -o pipefail -set -o nounset -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libetcd.sh - -# Load etcd environment settings -. /opt/bitnami/scripts/etcd-env.sh - -if is_boolean_yes "$ETCD_DISABLE_PRESTOP"; then - return 0 -fi - -endpoints="$(etcdctl_get_endpoints true)" -if is_empty_value "${endpoints}"; then - exit 0 -fi -read -r -a extra_flags <<<"$(etcdctl_auth_flags)" -extra_flags+=("--endpoints=${endpoints}" "--debug=true") -# We use 'sync' to ensure memory buffers are flushed to disk -# so we reduce the chances that the "member_removal.log" file is empty. -# ref: https://man7.org/linux/man-pages/man1/sync.1.html -etcdctl member remove "$(get_member_id)" "${extra_flags[@]}" >"$(dirname "$ETCD_DATA_DIR")/member_removal.log" -sync -d "$(dirname "$ETCD_DATA_DIR")/member_removal.log" diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/run.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/run.sh deleted file mode 100755 index 07b22b9bfb200..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/run.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libetcd.sh - -# Load etcd environment variables -. /opt/bitnami/scripts/etcd-env.sh - -# We need to unset ETCD_ROOT_PASSWORD otherwise it will be logged by etcd process -unset ETCD_ROOT_PASSWORD -if [[ -f "$ETCD_NEW_MEMBERS_ENV_FILE" ]]; then - debug "Loading env vars of existing cluster" - . "$ETCD_NEW_MEMBERS_ENV_FILE" - # We rely on the original value of ETCD_INITIAL_CLUSTER - # when bootstrapping a new cluster since - # we need all initial members to calcualte a same cluster_id -fi - -declare -a cmd=("etcd") -# If provided, run using configuration file -# Using a configuration file will cause etcd to ignore other flags and environment variables -[[ -f "$ETCD_CONF_FILE" ]] && cmd+=("--config-file" "$ETCD_CONF_FILE") -cmd+=("$@") - -info "** Starting etcd **" -if am_i_root; then - exec_as_user "$ETCD_DAEMON_USER" "${cmd[@]}" -else - exec "${cmd[@]}" -fi diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/setup.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/setup.sh deleted file mode 100755 index ac538eeaae6d0..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/setup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libetcd.sh - -# Load etcd environment settings -. /opt/bitnami/scripts/etcd-env.sh - -# Ensure etcd environment settings are valid -etcd_validate -# Ensure etcd is stopped when this script ends. -trap "etcd_stop" EXIT -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$ETCD_DAEMON_USER" --group "$ETCD_DAEMON_GROUP" -# Ensure etcd is initialized -etcd_initialize diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/snapshot.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/snapshot.sh deleted file mode 100755 index 7bf2f541cd44e..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/snapshot.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o pipefail -set -o nounset - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libetcd.sh - -# Load etcd environment settings -. /opt/bitnami/scripts/etcd-env.sh - -ensure_dir_exists "$ETCD_SNAPSHOTS_DIR" -endpoints="$(etcdctl_get_endpoints)" -read -r -a endpoints_array <<< "$(tr ',;' ' ' <<< "$endpoints")" -for e in "${endpoints_array[@]}"; do - debug "Using endpoint $e" - read -r -a extra_flags <<< "$(etcdctl_auth_flags)" - extra_flags+=("--endpoints=$e") - if etcdctl endpoint health "${extra_flags[@]}"; then - info "Snapshotting the keyspace" - current_time="$(date -u "+%Y-%m-%d_%H-%M")" - etcdctl snapshot save "${ETCD_SNAPSHOTS_DIR}/db-${current_time}" "${extra_flags[@]}" - find "${ETCD_SNAPSHOTS_DIR}/" -maxdepth 1 -type f -name 'db-*' \! -name "db-${current_time}" \ - | sort -r \ - | tail -n+$((1 + ETCD_SNAPSHOT_HISTORY_LIMIT)) \ - | xargs rm -f - exit 0 - else - warn "etcd endpoint $e not healthy. Trying a different endpoint" - fi -done -error "all etcd endpoints are unhealthy!" -exit 1 diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh deleted file mode 100644 index 3991aaab5620f..0000000000000 --- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh +++ /dev/null @@ -1,832 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami etcd library - -# shellcheck disable=SC1090,SC1091,SC2119,SC2120 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libservice.sh - -# Functions - -######################## -# Write a configuration setting value -# Globals: -# ETCD_CONF_FILE -# Arguments: -# $1 - key -# $2 - value -# $3 - YAML type (string, int or bool) -# Returns: -# None -######################### -etcd_conf_write() { - local -r key="${1:?Missing key}" - local -r value="${2:-}" - local -r type="${3:-string}" - local -r tempfile=$(mktemp) - - [[ -z "$value" ]] && return - [[ ! -f "$ETCD_CONF_FILE" ]] && touch "$ETCD_CONF_FILE" - case "$type" in - string) - yq eval "(.${key}) |= \"${value}\"" "$ETCD_CONF_FILE" >"$tempfile" - ;; - bool) - yq eval "(.${key}) |= (\"${value}\" | test(\"true\"))" "$ETCD_CONF_FILE" >"$tempfile" - ;; - raw) - yq eval "(.${key}) |= ${value}" "$ETCD_CONF_FILE" >"$tempfile" - ;; - *) - error "Type unknown: ${type}" - return 1 - ;; - esac - cp "$tempfile" "$ETCD_CONF_FILE" -} - -######################## -# Creates etcd configuration file from environment variables -# Globals: -# ETCD_CFG_* -# Arguments: -# None -# Returns: -# None -######################### -etcd_setup_from_environment_variables() { - ## Except for Client and Peer TLS configuration, - ## all etcd settings consists of ETCD_FLAG_NAME - ## transformed into flag-name and configured under the yaml config root. - local -a client_tls_values=( - "ETCD_CFG_CERT_FILE" - "ETCD_CFG_KEY_FILE" - "ETCD_CFG_CLIENT_CERT_AUTH" - "ETCD_CFG_TRUSTED_CA_FILE" - "ETCD_CFG_AUTO_TLS" - "ETCD_CFG_CA_FILE" - ) - info "Generating etcd config file using env variables" - # Map environment variables to config properties for etcd-env.sh - for var in "${!ETCD_CFG_@}"; do - value="${!var:-}" - if [[ -n "$value" ]]; then - type="string" - # Detect if value is digit or bool - if [[ "$value" =~ ^[+-]?[0-9]+([.][0-9]+)?$ || "$value" =~ ^(true|false)$ ]]; then - type="raw" - fi - if [[ ${client_tls_values[*]} =~ ${var} ]]; then - key="$(echo "$var" | sed -e 's/^ETCD_CFG_//g' -e 's/_/-/g' | tr '[:upper:]' '[:lower:]')" - etcd_conf_write "client-transport-security.${key}" "$value" "$type" - elif [[ "$var" =~ "ETCD_CFG_CLIENT_" ]]; then - key="$(echo "$var" | sed -e 's/^ETCD_CFG_CLIENT_//g' -e 's/_/-/g' | tr '[:upper:]' '[:lower:]')" - etcd_conf_write "client-transport-security.${key}" "$value" "$type" - elif [[ "$var" =~ "ETCD_CFG_PEER_" ]]; then - key="$(echo "$var" | sed -e 's/^ETCD_CFG_PEER_//g' -e 's/_/-/g' | tr '[:upper:]' '[:lower:]')" - etcd_conf_write "peer-transport-security.${key}" "$value" "$type" - else - # shellcheck disable=SC2001 - key="$(echo "$var" | sed -e 's/^ETCD_CFG_//g' -e 's/_/-/g' | tr '[:upper:]' '[:lower:]')" - etcd_conf_write "$key" "$value" "$type" - fi - fi - done - if am_i_root; then - chown "$ETCD_DAEMON_USER" "$ETCD_CONF_FILE" - fi -} - -######################## -# Validate settings in ETCD_* environment variables -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# None -######################### -etcd_validate() { - info "Validating settings in ETCD_* env vars.." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if is_boolean_yes "$ALLOW_NONE_AUTHENTICATION"; then - warn "You set the environment variable ALLOW_NONE_AUTHENTICATION=${ALLOW_NONE_AUTHENTICATION}. For safety reasons, do not use this flag in a production environment." - else - is_empty_value "$ETCD_ROOT_PASSWORD" && print_validation_error "The ETCD_ROOT_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_NONE_AUTHENTICATION=yes to allow a blank password. This is only recommended for development environments." - fi - if is_boolean_yes "$ETCD_START_FROM_SNAPSHOT" && [[ ! -f "${ETCD_INIT_SNAPSHOTS_DIR}/${ETCD_INIT_SNAPSHOT_FILENAME}" ]]; then - print_validation_error "You are trying to initialize etcd from a snapshot, but no snapshot was found. Set the environment variable ETCD_INIT_SNAPSHOT_FILENAME with the snapshot filename and mount it at '${ETCD_INIT_SNAPSHOTS_DIR}' directory." - fi - - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Check if etcd is running -# Arguments: -# None -# Returns: -# Boolean -######################### -is_etcd_running() { - local pid - pid="$(pgrep -f "^etcd" || true)" - - # etcd does not create any PID file - # We regenerate the PID file for each time we query it to avoid getting outdated - if [[ -n "${ETCD_PID_FILE:-}" ]]; then - echo "$pid" >"$ETCD_PID_FILE" - fi - - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if etcd is running -# Globals: -# ETCD_PID_FILE -# Arguments: -# None -# Returns: -# Whether etcd is not running -######################## -is_etcd_not_running() { - ! is_etcd_running -} - -######################## -# Stop etcd -# Arguments: -# None -# Returns: -# None -######################### -etcd_stop() { - local pid - ! is_etcd_running && return - - info "Stopping etcd" - # Ensure process matches etcd binary with or without options - pid="$(pgrep -f "^etcd")" - local counter=10 - kill "$pid" - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start etcd in background -# Arguments: -# None -# Returns: -# None -######################### -etcd_start_bg() { - is_etcd_running && return - - info "Starting etcd in background" - local start_command=("etcd") - am_i_root && start_command=("run_as_user" "$ETCD_DAEMON_USER" "${start_command[@]}") - [[ -f "$ETCD_CONF_FILE" ]] && start_command+=("--config-file" "$ETCD_CONF_FILE") - debug_execute "${start_command[@]}" & - sleep 3 -} - -######################## -# Obtain endpoints to connect when running 'ectdctl' -# Globals: -# ETCD_* -# Arguments: -# $1 - exclude current member from the list (default: false) -# Returns: -# String -######################## -etcdctl_get_endpoints() { - local only_others=${1:-false} - local -a endpoints=() - local host domain port - - ip_has_valid_hostname() { - local ip="${1:?ip is required}" - local parent_domain="${1:?parent_domain is required}" - - # 'getent hosts $ip' can return hostnames in 2 different formats: - # POD_NAME.HEADLESS_SVC_DOMAIN.NAMESPACE.svc.cluster.local (using headless service domain) - # 10-237-136-79.SVC_DOMAIN.NAMESPACE.svc.cluster.local (using POD's IP and service domain) - # We need to discard the latter to avoid issues when TLS verification is enabled. - [[ "$(getent hosts "$ip")" = *"$parent_domain"* ]] && return 0 - return 1 - } - - hostname_has_ips() { - local hostname="${1:?hostname is required}" - [[ "$(getent ahosts "$hostname")" != "" ]] && return 0 - return 1 - } - - # This piece of code assumes this code is executed on a K8s environment - # where etcd members are part of a statefulset that uses a headless service - # to create a unique FQDN per member. Under these circumstances, the - # ETCD_ADVERTISE_CLIENT_URLS env. variable is created as follows: - # SCHEME://POD_NAME.HEADLESS_SVC_DOMAIN:CLIENT_PORT,SCHEME://SVC_DOMAIN:SVC_CLIENT_PORT - # - # Assuming this, we can extract the HEADLESS_SVC_DOMAIN and obtain - # every available endpoint - read -r -a advertised_array <<<"$(tr ',;' ' ' <<<"$ETCD_ADVERTISE_CLIENT_URLS")" - host="$(parse_uri "${advertised_array[0]}" "host")" - port="$(parse_uri "${advertised_array[0]}" "port")" - domain="${host#"${ETCD_NAME}."}" - # When ETCD_CLUSTER_DOMAIN is set, we use that value instead of extracting - # it from ETCD_ADVERTISE_CLIENT_URLS - ! is_empty_value "$ETCD_CLUSTER_DOMAIN" && domain="$ETCD_CLUSTER_DOMAIN" - # Depending on the K8s distro & the DNS plugin, it might need - # a few seconds to associate the POD(s) IP(s) to the headless svc domain - if retry_while "hostname_has_ips $domain"; then - local -r ahosts="$(getent ahosts "$domain" | awk '{print $1}' | uniq | wc -l)" - for i in $(seq 0 $((ahosts - 1))); do - # We use the StatefulSet name stored in MY_STS_NAME to get the peer names based on the number of IPs registered in the headless service - pod_name="${MY_STS_NAME}-${i}" - if ! { [[ $only_others = true ]] && [[ "$pod_name" = "$MY_POD_NAME" ]]; }; then - endpoints+=("${pod_name}.${ETCD_CLUSTER_DOMAIN}:${port:-2380}") - fi - done - fi - echo "${endpoints[*]}" | tr ' ' ',' -} - -######################## -# Obtain etcdctl authentication flags to use -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# Array with extra flags to use for authentication -######################### -etcdctl_auth_flags() { - local -a authFlags=() - - ! is_empty_value "$ETCD_ROOT_PASSWORD" && authFlags+=("--user" "root:$ETCD_ROOT_PASSWORD") - echo "${authFlags[*]} $(etcdctl_auth_norbac_flags)" -} - -######################## -# Obtain etcdctl authentication flags to use (before RBAC is enabled) -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# Array with extra flags to use for authentication -######################### -etcdctl_auth_norbac_flags() { - local -a authFlags=() - - if [[ $ETCD_AUTO_TLS = true ]]; then - authFlags+=("--cert" "${ETCD_DATA_DIR}/fixtures/client/cert.pem" "--key" "${ETCD_DATA_DIR}/fixtures/client/key.pem") - else - [[ -f "$ETCD_CERT_FILE" ]] && [[ -f "$ETCD_KEY_FILE" ]] && authFlags+=("--cert" "$ETCD_CERT_FILE" "--key" "$ETCD_KEY_FILE") - [[ -f "$ETCD_TRUSTED_CA_FILE" ]] && authFlags+=("--cacert" "$ETCD_TRUSTED_CA_FILE") - fi - echo "${authFlags[*]}" -} - -######################## -# Stores etcd member ID in the data directory -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# None -######################## -etcd_store_member_id() { - if is_boolean_yes "$ETCD_DISABLE_STORE_MEMBER_ID"; then - return 0 - fi - local -a extra_flags - local member_id="" - info "Obtaining cluster member ID" - etcd_start_bg - read -r -a extra_flags <<<"$(etcdctl_auth_flags)" - is_boolean_yes "$ETCD_ON_K8S" && extra_flags+=("--endpoints=$(etcdctl_get_endpoints)") - if retry_while "etcdctl ${extra_flags[*]:-} member list" >/dev/null 2>&1; then - while is_empty_value "$member_id"; do - read -r -a advertised_array <<<"$(tr ',;' ' ' <<<"$ETCD_ADVERTISE_CLIENT_URLS")" - member_id="$(etcdctl "${extra_flags[@]}" member list | grep -w "${advertised_array[0]}" | awk -F "," '{ print $1}' || true)" - done - # We use 'sync' to ensure memory buffers are flushed to disk - # so we reduce the chances that the "member_id" file is empty. - # ref: https://man7.org/linux/man-pages/man1/sync.1.html - echo "$member_id" >"${ETCD_DATA_DIR}/member_id" - sync -d "${ETCD_DATA_DIR}/member_id" - info "Stored member ID: $(cat "${ETCD_DATA_DIR}/member_id")" - fi - etcd_stop -} - -######################## -# Configure etcd RBAC (do not confuse with K8s RBAC) -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# None -######################## -etcd_configure_rbac() { - - ! is_etcd_running && etcd_start_bg - read -r -a extra_flags <<<"$(etcdctl_auth_norbac_flags)" - - is_boolean_yes "$ETCD_ON_K8S" && extra_flags+=("--endpoints=$(etcdctl_get_endpoints)") - if retry_while "etcdctl ${extra_flags[*]} member list" >/dev/null 2>&1; then - if retry_while "etcdctl ${extra_flags[*]} auth status" >/dev/null 2>&1; then - if etcdctl "${extra_flags[@]}" auth status | grep -q "Authentication Status: true"; then - info "Authentication already enabled" - else - info "Enabling etcd authentication" - etcdctl "${extra_flags[@]}" user add root --interactive=false <<<"$ETCD_ROOT_PASSWORD" - etcdctl "${extra_flags[@]}" user grant-role root root - etcdctl "${extra_flags[@]}" auth enable - fi - fi - fi - etcd_stop -} - -######################## -# Checks if the member was successfully removed from the cluster -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# None -######################## -was_etcd_member_removed() { - local return_value=0 - - if grep -sqE "^Member[[:space:]]+[a-z0-9]+\s+removed\s+from\s+cluster\s+[a-z0-9]+$" "${ETCD_VOLUME_DIR}/member_removal.log"; then - debug "Removal was properly recorded in member_removal.log" - rm -rf "${ETCD_DATA_DIR:?}/"* - elif [[ ! -d "${ETCD_DATA_DIR}/member/snap" ]] && is_empty_value "$(get_member_id)"; then - debug "Missing member data" - rm -rf "${ETCD_DATA_DIR:?}/"* - else - return_value=1 - fi - rm -f "${ETCD_VOLUME_DIR}/member_removal.log" - return $return_value -} - -######################## -# Checks if etcd needs to bootstrap a new cluster -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# Boolean -######################## -is_new_etcd_cluster() { - [[ "$ETCD_INITIAL_CLUSTER_STATE" = "new" ]] && [[ "$ETCD_INITIAL_CLUSTER" = *"$ETCD_INITIAL_ADVERTISE_PEER_URLS"* ]] -} - -######################## -# Setup ETCD_ACTIVE_ENDPOINTS environment variable, will return the number of active endpoints , cluster size (including not active member) and the ETCD_ACTIVE_ENDPOINTS (which is also export) -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# List of Numbers (active_endpoints, cluster_size, ETCD_ACTIVE_ENDPOINTS) -######################## -setup_etcd_active_endpoints() { - local active_endpoints=0 - local -a extra_flags active_endpoints_array - local -a endpoints_array=() - local host port - - is_boolean_yes "$ETCD_ON_K8S" && read -r -a endpoints_array <<<"$(tr ',;' ' ' <<<"$(etcdctl_get_endpoints)")" - local -r cluster_size=${#endpoints_array[@]} - read -r -a advertised_array <<<"$(tr ',;' ' ' <<<"$ETCD_ADVERTISE_CLIENT_URLS")" - host="$(parse_uri "${advertised_array[0]}" "host")" - port="$(parse_uri "${advertised_array[0]}" "port")" - if [[ $cluster_size -gt 0 ]]; then - for e in "${endpoints_array[@]}"; do - read -r -a extra_flags <<<"$(etcdctl_auth_flags)" - extra_flags+=("--endpoints=$e") - if [[ "$e" != "$host:$port" ]] && etcdctl endpoint health "${extra_flags[@]}" >/dev/null 2>&1; then - debug "$e endpoint is active" - ((active_endpoints++)) - active_endpoints_array+=("$e") - fi - done - ETCD_ACTIVE_ENDPOINTS=$(echo "${active_endpoints_array[*]}" | tr ' ' ',') - export ETCD_ACTIVE_ENDPOINTS - fi - echo "${active_endpoints} ${cluster_size} ${ETCD_ACTIVE_ENDPOINTS}" -} - -######################## -# Checks if there are enough active members, will also set ETCD_ACTIVE_ENDPOINTS -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# Boolean -######################## -is_healthy_etcd_cluster() { - local return_value=0 - local active_endpoints cluster_size - read -r active_endpoints cluster_size ETCD_ACTIVE_ENDPOINTS <<<"$(setup_etcd_active_endpoints)" - export ETCD_ACTIVE_ENDPOINTS - - if is_boolean_yes "$ETCD_DISASTER_RECOVERY"; then - if [[ -f "/snapshots/.disaster_recovery" ]]; then - # Remove current node from the ones that need to recover - remove_in_file "/snapshots/.disaster_recovery" "$host:$port" - # Remove nodes that do not exist anymore from the ones that need to recover - read -r -a recovery_array <<<"$(tr '\n' ' ' <"/snapshots/.disaster_recovery")" - for r in "${recovery_array[@]}"; do - if [[ ! "${endpoints_array[*]}" =~ $r ]]; then - remove_in_file "/snapshots/.disaster_recovery" "$r" - fi - done - if [[ $(wc -w <"/snapshots/.disaster_recovery") -eq 0 ]]; then - debug "Last member to recover from the disaster!" - rm "/snapshots/.disaster_recovery" - fi - return_value=1 - else - if [[ $active_endpoints -lt $(((cluster_size + 1) / 2)) ]]; then - debug "There are no enough active endpoints!" - for e in "${endpoints_array[@]}"; do - [[ "$e" != "$host:$port" ]] && [[ "$e" != ":$port" ]] && echo "$e" >>"/snapshots/.disaster_recovery" - done - return_value=1 - fi - fi - else - if [[ $active_endpoints -lt $(((cluster_size + 1) / 2)) ]]; then - debug "There are no enough active endpoints!" - return_value=1 - fi - fi - - return $return_value -} - -######################## -# Prints initial cluster nodes -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# String -######################## -get_initial_cluster() { - local -a endpoints_array=() - local scheme port initial_members - read -r -a endpoints_array <<<"$(tr ',;' ' ' <<<"$ETCD_INITIAL_CLUSTER")" - if [[ ${#endpoints_array[@]} -gt 0 ]] && ! grep -sqE "://" <<<"$ETCD_INITIAL_CLUSTER"; then - # This piece of code assumes this container is used on a VM environment - # where ETCD_INITIAL_CLUSTER contains a comma-separated list of hostnames, - # and recreates it as follows: - # SCHEME://NODE_NAME:PEER_PORT - scheme="$(parse_uri "$ETCD_INITIAL_ADVERTISE_PEER_URLS" "scheme")" - port="$(parse_uri "$ETCD_INITIAL_ADVERTISE_PEER_URLS" "port")" - for nodePeer in "${endpoints_array[@]}"; do - initial_members+=("${nodePeer}=${scheme}://${nodePeer}:$port") - done - echo "${initial_members[*]}" | tr ' ' ',' - else - # Nothing to do - echo "$ETCD_INITIAL_CLUSTER" - fi -} - -######################## -# Recalculate initial cluster -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# String -######################## -recalculate_initial_cluster() { - local -a endpoints_array initial_members - local domain host member_host member_port member_id port scheme - - if is_boolean_yes "$ETCD_ON_K8S"; then - read -r -a endpoints_array <<<"$(tr ',;' ' ' <<<"$(etcdctl_get_endpoints)")" - # This piece of code assumes this container is used on a K8s environment - # where etcd members are part of a statefulset that uses a headless service - # to create a unique FQDN per member. Under these circumstances, the - # ETCD_INITIAL_ADVERTISE_PEER_URLS are created as follows: - # SCHEME://POD_NAME.HEADLESS_SVC_DOMAIN:PEER_PORT - # - # Assuming this, we can extract the HEADLESS_SVC_DOMAIN - host="$(parse_uri "$ETCD_INITIAL_ADVERTISE_PEER_URLS" "host")" - scheme="$(parse_uri "$ETCD_INITIAL_ADVERTISE_PEER_URLS" "scheme")" - port="$(parse_uri "$ETCD_INITIAL_ADVERTISE_PEER_URLS" "port")" - domain="${host#"${ETCD_NAME}."}" - # When ETCD_CLUSTER_DOMAIN is set, we use that value instead of extracting - # it from ETCD_INITIAL_ADVERTISE_PEER_URLS - ! is_empty_value "$ETCD_CLUSTER_DOMAIN" && domain="$ETCD_CLUSTER_DOMAIN" - for e in "${endpoints_array[@]}"; do - member_host="$(parse_uri "$scheme://$e" "host")" - member_port="$(parse_uri "$scheme://$e" "port")" - member_id=${e%".$domain:$member_port"} - initial_members+=("${member_id}=${scheme}://${member_host}:$port") - done - echo "${initial_members[*]}" | tr ' ' ',' - else - # Nothing to do - echo "$ETCD_INITIAL_CLUSTER" - fi -} - -######################## -# Ensure etcd is initialized -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# None -######################### -etcd_initialize() { - local -a extra_flags initial_members - local domain - - info "Initializing etcd" - - # Generate user configuration if ETCD_CFG_* variables are provided - etcd_setup_from_environment_variables - - ETCD_INITIAL_CLUSTER="$(get_initial_cluster)" - export ETCD_INITIAL_CLUSTER - [[ -f "$ETCD_CONF_FILE" ]] && etcd_conf_write "initial-cluster" "$ETCD_INITIAL_CLUSTER" - - read -r -a initial_members <<<"$(tr ',;' ' ' <<<"$ETCD_INITIAL_CLUSTER")" - if is_mounted_dir_empty "$ETCD_DATA_DIR"; then - info "There is no data from previous deployments" - if [[ ${#initial_members[@]} -gt 1 ]]; then - if is_new_etcd_cluster; then - info "Bootstrapping a new cluster" - if is_boolean_yes "$ETCD_ON_K8S"; then - debug "Waiting for the headless svc domain to have an IP per initial member in the cluster" - if is_empty_value "$ETCD_CLUSTER_DOMAIN"; then - # This piece of code assumes this container is used on a K8s environment - # where etcd members are part of a statefulset that uses a headless service - # to create a unique FQDN per member. Under these circumstances, the - # ETCD_INITIAL_ADVERTISE_PEER_URLS are created as follows: - # SCHEME://POD_NAME.HEADLESS_SVC_DOMAIN:PEER_PORT - # - # Assuming this, we can extract the HEADLESS_SVC_DOMAIN - host="$(parse_uri "$ETCD_INITIAL_ADVERTISE_PEER_URLS" "host")" - domain="${host#"${ETCD_NAME}."}" - else - # When ETCD_CLUSTER_DOMAIN is set, we use that value instead of extracting - # it from ETCD_INITIAL_ADVERTISE_PEER_URLS - domain="$ETCD_CLUSTER_DOMAIN" - fi - hostname_has_N_ips() { - local -r hostname="${1:?hostname is required}" - local -r n=${2:?number of ips is required} - local -r ready_hosts=$(getent ahosts "$hostname" | awk '{print $1}' | uniq | wc -l) - [[ $((ready_hosts % n)) -eq 0 ]] && [[ $((ready_hosts / n)) -ge 1 ]] && return 0 - return 1 - } - if ! retry_while "hostname_has_N_ips $domain ${#initial_members[@]}"; then - error "Headless service domain does not have an IP per initial member in the cluster" - exit 1 - fi - fi - else - info "Adding new member to existing cluster" - ensure_dir_exists "$ETCD_DATA_DIR" - add_self_to_cluster - fi - fi - if is_boolean_yes "$ETCD_START_FROM_SNAPSHOT"; then - if [[ -f "${ETCD_INIT_SNAPSHOTS_DIR}/${ETCD_INIT_SNAPSHOT_FILENAME}" ]]; then - info "Restoring snapshot before initializing etcd cluster" - local -a restore_args=("--data-dir" "$ETCD_DATA_DIR") - if [[ ${#initial_members[@]} -gt 1 ]]; then - # - # Only recalculate the initial cluster config if it hasn't - # been provided. - # - if is_empty_value "$ETCD_INITIAL_CLUSTER"; then - ETCD_INITIAL_CLUSTER="$(recalculate_initial_cluster)" - export ETCD_INITIAL_CLUSTER - fi - - [[ -f "$ETCD_CONF_FILE" ]] && etcd_conf_write "initial-cluster" "$ETCD_INITIAL_CLUSTER" - - restore_args+=( - "--name" "$ETCD_NAME" - "--initial-cluster" "$ETCD_INITIAL_CLUSTER" - "--initial-cluster-token" "$ETCD_INITIAL_CLUSTER_TOKEN" - "--initial-advertise-peer-urls" "$ETCD_INITIAL_ADVERTISE_PEER_URLS" - ) - fi - debug_execute etcdctl snapshot restore "${ETCD_INIT_SNAPSHOTS_DIR}/${ETCD_INIT_SNAPSHOT_FILENAME}" "${restore_args[@]}" - etcd_store_member_id - else - error "There was no snapshot to restore!" - exit 1 - fi - else - etcd_store_member_id - fi - else - info "Detected data from previous deployments" - if [[ $(stat -c "%a" "$ETCD_DATA_DIR") != *700 ]]; then - debug "Setting data directory permissions to 700 in a recursive way (required in etcd >=3.4.10)" - debug_execute chmod -R 700 "$ETCD_DATA_DIR" || true - fi - if [[ ${#initial_members[@]} -gt 1 ]]; then - member_id="$(get_member_id)" - if is_boolean_yes "$ETCD_DISABLE_PRESTOP"; then - info "The member will try to join the cluster by it's own" - export ETCD_INITIAL_CLUSTER_STATE=existing - elif ! is_healthy_etcd_cluster; then - warn "Cluster not responding!" - if is_boolean_yes "$ETCD_DISASTER_RECOVERY"; then - latest_snapshot_file="$(find /snapshots/ -maxdepth 1 -type f -name 'db-*' | sort | tail -n 1)" - if [[ "${latest_snapshot_file}" != "" ]]; then - info "Restoring etcd cluster from snapshot" - rm -rf "$ETCD_DATA_DIR" - # - # Only recalculate the initial cluster config if it hasn't - # been provided. - # - if is_empty_value "$ETCD_INITIAL_CLUSTER"; then - ETCD_INITIAL_CLUSTER="$(recalculate_initial_cluster)" - export ETCD_INITIAL_CLUSTER - fi - [[ -f "$ETCD_CONF_FILE" ]] && etcd_conf_write "initial-cluster" "$ETCD_INITIAL_CLUSTER" - debug_execute etcdctl snapshot restore "${latest_snapshot_file}" \ - --name "$ETCD_NAME" \ - --data-dir "$ETCD_DATA_DIR" \ - --initial-cluster "$ETCD_INITIAL_CLUSTER" \ - --initial-cluster-token "$ETCD_INITIAL_CLUSTER_TOKEN" \ - --initial-advertise-peer-urls "$ETCD_INITIAL_ADVERTISE_PEER_URLS" - etcd_store_member_id - else - error "There was no snapshot to restore!" - exit 1 - fi - else - warn "Disaster recovery is disabled, the cluster will try to recover on it's own" - fi - elif was_etcd_member_removed; then - info "Adding new member to existing cluster" - read -r -a extra_flags <<<"$(etcdctl_auth_flags)" - is_boolean_yes "$ETCD_ON_K8S" && extra_flags+=("--endpoints=$(etcdctl_get_endpoints)") - extra_flags+=("--peer-urls=$ETCD_INITIAL_ADVERTISE_PEER_URLS") - etcdctl member add "$ETCD_NAME" "${extra_flags[@]}" | grep "^ETCD_" >"$ETCD_NEW_MEMBERS_ENV_FILE" - replace_in_file "$ETCD_NEW_MEMBERS_ENV_FILE" "^" "export " - # The value of ETCD_INITIAL_CLUSTER_STATE must be changed for it to be correctly added to the existing cluster - # https://etcd.io/docs/v3.5/op-guide/configuration/#--initial-cluster-state - export ETCD_INITIAL_CLUSTER_STATE=existing - etcd_store_member_id - elif ! is_empty_value "$member_id"; then - info "Updating member in existing cluster" - export ETCD_INITIAL_CLUSTER_STATE=existing - [[ -f "$ETCD_CONF_FILE" ]] && etcd_conf_write "initial-cluster-state" "$ETCD_INITIAL_CLUSTER_STATE" - read -r -a extra_flags <<<"$(etcdctl_auth_flags)" - extra_flags+=("--peer-urls=$ETCD_INITIAL_ADVERTISE_PEER_URLS") - if is_boolean_yes "$ETCD_ON_K8S"; then - extra_flags+=("--endpoints=$(etcdctl_get_endpoints)") - etcdctl member update "$member_id" "${extra_flags[@]}" - else - etcd_start_bg - etcdctl member update "$member_id" "${extra_flags[@]}" - etcd_stop - fi - else - info "Member ID wasn't properly stored, the member will try to join the cluster by it's own" - export ETCD_INITIAL_CLUSTER_STATE=existing - [[ -f "$ETCD_CONF_FILE" ]] && etcd_conf_write "initial-cluster-state" "$ETCD_INITIAL_CLUSTER_STATE" - fi - fi - fi - - # For both existing and new deployments, configure RBAC if set - if [[ ${#initial_members[@]} -gt 1 ]]; then - # When there's more than one etcd replica, RBAC should be only enabled in one member - if ! is_empty_value "$ETCD_ROOT_PASSWORD" && [[ "${initial_members[0]}" = *"$ETCD_INITIAL_ADVERTISE_PEER_URLS"* ]]; then - etcd_configure_rbac - else - debug "Skipping RBAC configuration in member $ETCD_NAME" - fi - else - ! is_empty_value "$ETCD_ROOT_PASSWORD" && etcd_configure_rbac - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Add self to cluster if not -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# None -######################### -add_self_to_cluster() { - local -a extra_flags - read -r -a extra_flags <<<"$(etcdctl_auth_flags)" - # is_healthy_etcd_cluster will also set ETCD_ACTIVE_ENDPOINTS - while ! is_healthy_etcd_cluster; do - warn "Cluster not healthy, not adding self to cluster for now, keeping trying..." - sleep 10 - done - - # only send req to healthy nodes - - if is_empty_value "$(get_member_id)"; then - extra_flags+=("--endpoints=${ETCD_ACTIVE_ENDPOINTS}" "--peer-urls=$ETCD_INITIAL_ADVERTISE_PEER_URLS") - while ! etcdctl member add "$ETCD_NAME" "${extra_flags[@]}" | grep "^ETCD_" >"$ETCD_NEW_MEMBERS_ENV_FILE"; do - warn "Failed to add self to cluster, keeping trying..." - sleep 10 - done - replace_in_file "$ETCD_NEW_MEMBERS_ENV_FILE" "^" "export " - sync -d "$ETCD_NEW_MEMBERS_ENV_FILE" - else - info "Node already in cluster" - fi - info "Loading env vars of existing cluster" - . "$ETCD_NEW_MEMBERS_ENV_FILE" -} - -######################## -# Get this node's member_id in cluster, if not in cluster return empty string -# Globals: -# ETCD_* -# Arguments: -# None -# Returns: -# String -######################### -get_member_id() { - if ! is_boolean_yes "$ETCD_DISABLE_STORE_MEMBER_ID"; then - if [[ ! -s "${ETCD_DATA_DIR}/member_id" ]]; then - echo "" - return 0 - fi - cat "${ETCD_DATA_DIR}/member_id" - return 0 - fi - local ret - local -a extra_flags - - local etcd_active_endpoints=${ETCD_ACTIVE_ENDPOINTS:-} - if is_empty_value "${etcd_active_endpoints}"; then - setup_etcd_active_endpoints >/dev/null 2>&1 - fi - - read -r -a extra_flags <<<"$(etcdctl_auth_flags)" - extra_flags+=("--endpoints=${ETCD_ACTIVE_ENDPOINTS}") - ret=$(etcdctl "${extra_flags[@]}" member list | grep -w "$ETCD_INITIAL_ADVERTISE_PEER_URLS" | awk -F "," '{ print $1 }') - # if not return zero - if is_empty_value "$ret"; then - info "No member id found" - echo "" - else - info "member id: $ret" - echo "$ret" - fi -} diff --git a/bitnami/etcd/3.4/debian-12/tags-info.yaml b/bitnami/etcd/3.4/debian-12/tags-info.yaml deleted file mode 100644 index d2352ba79aceb..0000000000000 --- a/bitnami/etcd/3.4/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "3.4" -- 3.4-debian-12 -- 3.4.32 diff --git a/bitnami/etcd/3.5/debian-12/Dockerfile b/bitnami/etcd/3.5/debian-12/Dockerfile index 2c844617d0abf..4995343fa3f96 100644 --- a/bitnami/etcd/3.5/debian-12/Dockerfile +++ b/bitnami/etcd/3.5/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T19:53:48Z" \ + org.opencontainers.image.created="2025-01-02T21:52:45Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/etcd/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.5.14-debian-12-r0" \ + org.opencontainers.image.ref.name="3.5.17-debian-12-r2" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/etcd" \ org.opencontainers.image.title="etcd" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.5.14" + org.opencontainers.image.version="3.5.17" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-1-linux-${OS_ARCH}-debian-12" \ - "etcd-3.5.14-0-linux-${OS_ARCH}-debian-12" \ + "yq-4.44.6-0-linux-${OS_ARCH}-debian-12" \ + "etcd-3.5.17-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/etcd/postunpack.sh -ENV APP_VERSION="3.5.14" \ +ENV APP_VERSION="3.5.17" \ BITNAMI_APP_NAME="etcd" \ ETCDCTL_API="3" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/etcd/bin:$PATH" diff --git a/bitnami/etcd/3.5/debian-12/docker-compose.yml b/bitnami/etcd/3.5/debian-12/docker-compose.yml index 5c5c0dc6151c0..dd072eaa3a906 100644 --- a/bitnami/etcd/3.5/debian-12/docker-compose.yml +++ b/bitnami/etcd/3.5/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: etcd: image: docker.io/bitnami/etcd:3.5 diff --git a/bitnami/etcd/3.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/etcd/3.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 7e8fad37be354..53134b1f8ea6c 100644 --- a/bitnami/etcd/3.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/etcd/3.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.5.14-0" + "version": "3.5.17-1" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-1" + "version": "4.44.6-0" } } \ No newline at end of file diff --git a/bitnami/etcd/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/etcd/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/etcd/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/etcd/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh index 28e21f577d1f4..dbb919a2007a5 100755 --- a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh +++ b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh @@ -21,9 +21,12 @@ host="$(parse_uri "${advertised_array[0]}" "host")" port="$(parse_uri "${advertised_array[0]}" "port")" read -r -a extra_flags <<< "$(etcdctl_auth_flags)" extra_flags+=("--endpoints=${host}:${port}") -if [[ $ETCD_AUTO_TLS = true ]]; then + +# if ETCD_AUTO_TLS true or CA file not exists, just skip server cert verification +if [[ $ETCD_AUTO_TLS = true ]] || [[ ! -f "$ETCD_TRUSTED_CA_FILE" ]]; then extra_flags+=("--insecure-skip-tls-verify") fi + if etcdctl endpoint health "${extra_flags[@]}"; then exit 0 else diff --git a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh index 3991aaab5620f..b75c4c95a5959 100644 --- a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh +++ b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh @@ -100,7 +100,7 @@ etcd_setup_from_environment_variables() { fi fi done - if am_i_root; then + if am_i_root && [[ -f "$ETCD_CONF_FILE" ]] ; then chown "$ETCD_DAEMON_USER" "$ETCD_CONF_FILE" fi } diff --git a/bitnami/etcd/3.5/debian-12/tags-info.yaml b/bitnami/etcd/3.5/debian-12/tags-info.yaml index 8e9a0ad00ac5c..f4592023511d8 100644 --- a/bitnami/etcd/3.5/debian-12/tags-info.yaml +++ b/bitnami/etcd/3.5/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3.5" - 3.5-debian-12 -- 3.5.14 +- 3.5.17 - latest diff --git a/bitnami/etcd/README.md b/bitnami/etcd/README.md index 932d4779011df..a923c6b909c02 100644 --- a/bitnami/etcd/README.md +++ b/bitnami/etcd/README.md @@ -22,7 +22,7 @@ docker run -it --name etcd bitnami/etcd:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Etcd in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Etcd in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Etcd in Kubernetes? @@ -32,11 +32,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -222,7 +228,7 @@ Apart from providing your custom configuration file, you can also modify the ser | `ETCD_CONF_DIR` | etcd configuration directory. | `${ETCD_BASE_DIR}/conf` | | `ETCD_DEFAULT_CONF_DIR` | etcd default configuration directory. | `${ETCD_BASE_DIR}/conf.default` | | `ETCD_TMP_DIR` | Directory where ETCD temporary files are stored. | `${ETCD_BASE_DIR}/tmp` | -| `ETCD_CONF_FILE` | Airflow configuration file. | `${ETCD_CONF_DIR}/etcd.yaml` | +| `ETCD_CONF_FILE` | ETCD configuration file. | `${ETCD_CONF_DIR}/etcd.yaml` | | `ETCD_NEW_MEMBERS_ENV_FILE` | File containining the etcd environment to use after adding a member. | `${ETCD_DATA_DIR}/new_member_envs` | | `ETCD_DAEMON_USER` | etcd system user name. | `etcd` | | `ETCD_DAEMON_GROUP` | etcd system user group. | `etcd` | @@ -263,7 +269,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/etcd/docker-compose-cluster.yml b/bitnami/etcd/docker-compose-cluster.yml index 67ef7ee3c97b0..9e5cf72a25d47 100644 --- a/bitnami/etcd/docker-compose-cluster.yml +++ b/bitnami/etcd/docker-compose-cluster.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: etcd1: image: docker.io/bitnami/etcd:3.5 diff --git a/bitnami/etcd/docker-compose.yml b/bitnami/etcd/docker-compose.yml index 5c5c0dc6151c0..dd072eaa3a906 100644 --- a/bitnami/etcd/docker-compose.yml +++ b/bitnami/etcd/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: etcd: image: docker.io/bitnami/etcd:3.5 diff --git a/bitnami/express/4/README.md b/bitnami/express/4/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/express/4/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/express/4/debian-12/Dockerfile b/bitnami/express/4/debian-12/Dockerfile deleted file mode 100644 index 2ea7b541d4abe..0000000000000 --- a/bitnami/express/4/debian-12/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:25:25Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/express/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="4.19.2-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/express" \ - org.opencontainers.image.title="express" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="4.19.2" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "python-3.11.9-8-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "node-18.20.2-1-linux-${OS_ARCH}-debian-12" \ - "express-4.19.2-3-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN mkdir -p /dist /app /.npm /.config /.cache /.local && chmod g+rwX /dist /app /.npm /.config /.cache /.local -RUN /opt/bitnami/scripts/express/postunpack.sh -ENV APP_VERSION="4.19.2" \ - BITNAMI_APP_NAME="express" \ - PATH="/opt/bitnami/python/bin:/opt/bitnami/common/bin:/opt/bitnami/node/bin:/opt/bitnami/express/bin:$PATH" - -EXPOSE 3000 - -WORKDIR /app -ENTRYPOINT [ "/opt/bitnami/scripts/express/entrypoint.sh" ] -CMD [ "npm", "start" ] diff --git a/bitnami/express/4/debian-12/docker-compose.yml b/bitnami/express/4/debian-12/docker-compose.yml deleted file mode 100644 index 2e16144378da1..0000000000000 --- a/bitnami/express/4/debian-12/docker-compose.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - mongodb: - image: docker.io/bitnami/mongodb:7.0 - environment: - - ALLOW_EMPTY_PASSWORD=yes - express: - image: docker.io/bitnami/express:4 - ports: - - '3000:3000' - environment: - - PORT=3000 - - NODE_ENV=development - - DATABASE_URL=mongodb://mongodb:27017/myapp - - EXPRESS_SKIP_DB_WAIT=0 - - EXPRESS_SKIP_DB_MIGRATION=0 - - EXPRESS_SKIP_NPM_INSTALL=0 - - EXPRESS_SKIP_BOWER_INSTALL=0 - volumes: - - './my-project:/app' - depends_on: - - mongodb diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 5cdedec57cba2..0000000000000 --- a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "express": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "4.19.2-3" - }, - "node": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "18.20.2-1" - }, - "python": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.11.9-8" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/express/4/debian-12/tags-info.yaml b/bitnami/express/4/debian-12/tags-info.yaml deleted file mode 100644 index a685635913df0..0000000000000 --- a/bitnami/express/4/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "4" -- 4-debian-12 -- 4.19.2 -- latest diff --git a/bitnami/express/5/debian-12/Dockerfile b/bitnami/express/5/debian-12/Dockerfile new file mode 100644 index 0000000000000..1ac3f3a51ecfd --- /dev/null +++ b/bitnami/express/5/debian-12/Dockerfile @@ -0,0 +1,60 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-08T21:20:08Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/express/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="5.0.1-debian-12-r5" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/express" \ + org.opencontainers.image.title="express" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="5.0.1" + +ENV OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl libbz2-1.0 libffi8 libgcc-s1 liblzma5 libncursesw6 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "python-3.13.1-1-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "node-22.13.0-0-linux-${OS_ARCH}-debian-12" \ + "express-5.0.1-2-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN mkdir -p /dist /app /.npm /.config /.cache /.local && chmod g+rwX /dist /app /.npm /.config /.cache /.local +RUN /opt/bitnami/scripts/express/postunpack.sh +ENV APP_VERSION="5.0.1" \ + BITNAMI_APP_NAME="express" \ + PATH="/opt/bitnami/python/bin:/opt/bitnami/common/bin:/opt/bitnami/node/bin:/opt/bitnami/express/bin:$PATH" + +EXPOSE 3000 + +WORKDIR /app +ENTRYPOINT [ "/opt/bitnami/scripts/express/entrypoint.sh" ] +CMD [ "npm", "start" ] diff --git a/bitnami/express/5/debian-12/docker-compose.yml b/bitnami/express/5/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..23269fd53682a --- /dev/null +++ b/bitnami/express/5/debian-12/docker-compose.yml @@ -0,0 +1,24 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + mongodb: + image: docker.io/bitnami/mongodb:latest + environment: + - ALLOW_EMPTY_PASSWORD=yes + express: + image: docker.io/bitnami/express:5 + ports: + - '3000:3000' + environment: + - PORT=3000 + - NODE_ENV=development + - DATABASE_URL=mongodb://mongodb:27017/myapp + - EXPRESS_SKIP_DB_WAIT=0 + - EXPRESS_SKIP_DB_MIGRATION=0 + - EXPRESS_SKIP_NPM_INSTALL=0 + - EXPRESS_SKIP_BOWER_INSTALL=0 + volumes: + - './my-project:/app' + depends_on: + - mongodb diff --git a/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..7c4cca23a02f5 --- /dev/null +++ b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,26 @@ +{ + "express": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "5.0.1-2" + }, + "node": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "22.13.0-0" + }, + "python": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "3.13.1-1" + }, + "wait-for-port": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.8-8" + } +} \ No newline at end of file diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/clickhouse/24.3/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/express/5/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/express/5/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/express/5/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/express/5/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/express/5/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/express/4/debian-12/rootfs/dist/.dockerignore b/bitnami/express/5/debian-12/rootfs/dist/.dockerignore similarity index 100% rename from bitnami/express/4/debian-12/rootfs/dist/.dockerignore rename to bitnami/express/5/debian-12/rootfs/dist/.dockerignore diff --git a/bitnami/express/4/debian-12/rootfs/dist/.gitignore b/bitnami/express/5/debian-12/rootfs/dist/.gitignore similarity index 100% rename from bitnami/express/4/debian-12/rootfs/dist/.gitignore rename to bitnami/express/5/debian-12/rootfs/dist/.gitignore diff --git a/bitnami/express/4/debian-12/rootfs/dist/Dockerfile.tpl b/bitnami/express/5/debian-12/rootfs/dist/Dockerfile.tpl similarity index 100% rename from bitnami/express/4/debian-12/rootfs/dist/Dockerfile.tpl rename to bitnami/express/5/debian-12/rootfs/dist/Dockerfile.tpl diff --git a/bitnami/express/4/debian-12/rootfs/dist/samples/mariadb.js b/bitnami/express/5/debian-12/rootfs/dist/samples/mariadb.js similarity index 100% rename from bitnami/express/4/debian-12/rootfs/dist/samples/mariadb.js rename to bitnami/express/5/debian-12/rootfs/dist/samples/mariadb.js diff --git a/bitnami/express/4/debian-12/rootfs/dist/samples/mongodb.js b/bitnami/express/5/debian-12/rootfs/dist/samples/mongodb.js similarity index 100% rename from bitnami/express/4/debian-12/rootfs/dist/samples/mongodb.js rename to bitnami/express/5/debian-12/rootfs/dist/samples/mongodb.js diff --git a/bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/express-env.sh b/bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/express-env.sh similarity index 100% rename from bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/express-env.sh rename to bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/express-env.sh diff --git a/bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/express/entrypoint.sh b/bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/express/entrypoint.sh similarity index 100% rename from bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/express/entrypoint.sh rename to bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/express/entrypoint.sh diff --git a/bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/express/postunpack.sh b/bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/express/postunpack.sh similarity index 100% rename from bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/express/postunpack.sh rename to bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/express/postunpack.sh diff --git a/bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/express/setup.sh b/bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/express/setup.sh similarity index 100% rename from bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/express/setup.sh rename to bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/express/setup.sh diff --git a/bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/libexpress.sh b/bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/libexpress.sh similarity index 100% rename from bitnami/express/4/debian-12/rootfs/opt/bitnami/scripts/libexpress.sh rename to bitnami/express/5/debian-12/rootfs/opt/bitnami/scripts/libexpress.sh diff --git a/bitnami/drupal/10/debian-12/rootfs/post-init.d/shell.sh b/bitnami/express/5/debian-12/rootfs/post-init.d/shell.sh similarity index 100% rename from bitnami/drupal/10/debian-12/rootfs/post-init.d/shell.sh rename to bitnami/express/5/debian-12/rootfs/post-init.d/shell.sh diff --git a/bitnami/express/4/debian-12/rootfs/post-init.sh b/bitnami/express/5/debian-12/rootfs/post-init.sh similarity index 100% rename from bitnami/express/4/debian-12/rootfs/post-init.sh rename to bitnami/express/5/debian-12/rootfs/post-init.sh diff --git a/bitnami/express/5/debian-12/tags-info.yaml b/bitnami/express/5/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..0013cc7a01942 --- /dev/null +++ b/bitnami/express/5/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "5" +- 5-debian-12 +- 5.0.1 +- latest diff --git a/bitnami/express/README.md b/bitnami/express/README.md index 2bb25a6b4836e..b9ce9340f8257 100644 --- a/bitnami/express/README.md +++ b/bitnami/express/README.md @@ -27,11 +27,17 @@ docker run --name express -v ${PWD}/my-project:/app bitnami/express:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Express in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Express in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -182,7 +188,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/express/docker-compose-mariadb.yml b/bitnami/express/docker-compose-mariadb.yml index bc95392e39b67..0bf4b8625c4e7 100644 --- a/bitnami/express/docker-compose-mariadb.yml +++ b/bitnami/express/docker-compose-mariadb.yml @@ -1,16 +1,14 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: mariadb: - image: docker.io/bitnami/mariadb:11.3 + image: docker.io/bitnami/mariadb:latest environment: - ALLOW_EMPTY_PASSWORD=yes - MARIADB_DATABASE=myapp express: - image: docker.io/bitnami/express:4 + image: docker.io/bitnami/express:5 ports: - '3000:3000' environment: diff --git a/bitnami/express/docker-compose-postgresql.yml b/bitnami/express/docker-compose-postgresql.yml index df0e0c4140b7b..2dacbb3a9b40a 100644 --- a/bitnami/express/docker-compose-postgresql.yml +++ b/bitnami/express/docker-compose-postgresql.yml @@ -1,16 +1,14 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: postgresql: - image: docker.io/bitnami/postgresql:15 + image: docker.io/bitnami/postgresql:latest environment: - POSTGRESQL_DATABASE=myapp - ALLOW_EMPTY_PASSWORD=yes express: - image: docker.io/bitnami/express:4 + image: docker.io/bitnami/express:5 ports: - '3000:3000' environment: diff --git a/bitnami/express/docker-compose.yml b/bitnami/express/docker-compose.yml index 2e16144378da1..23269fd53682a 100644 --- a/bitnami/express/docker-compose.yml +++ b/bitnami/express/docker-compose.yml @@ -1,15 +1,13 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: mongodb: - image: docker.io/bitnami/mongodb:7.0 + image: docker.io/bitnami/mongodb:latest environment: - ALLOW_EMPTY_PASSWORD=yes express: - image: docker.io/bitnami/express:4 + image: docker.io/bitnami/express:5 ports: - '3000:3000' environment: diff --git a/bitnami/external-dns/0/debian-12/Dockerfile b/bitnami/external-dns/0/debian-12/Dockerfile index 9f7a57fc9eb3a..322f224022b42 100644 --- a/bitnami/external-dns/0/debian-12/Dockerfile +++ b/bitnami/external-dns/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T06:59:28Z" \ + org.opencontainers.image.created="2024-12-19T19:33:36Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/external-dns/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.14.2-debian-12-r0" \ + org.opencontainers.image.ref.name="0.15.1-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/external-dns" \ org.opencontainers.image.title="external-dns" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.14.2" + org.opencontainers.image.version="0.15.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "external-dns-0.14.2-0-linux-${OS_ARCH}-debian-12" \ + "external-dns-0.15.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="0.14.2" \ +ENV APP_VERSION="0.15.1" \ BITNAMI_APP_NAME="external-dns" \ PATH="/opt/bitnami/external-dns/bin:$PATH" diff --git a/bitnami/external-dns/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/external-dns/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 62e50671b4aeb..8173ce5009d73 100644 --- a/bitnami/external-dns/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/external-dns/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.14.2-0" + "version": "0.15.1-0" } } \ No newline at end of file diff --git a/bitnami/external-dns/0/debian-12/tags-info.yaml b/bitnami/external-dns/0/debian-12/tags-info.yaml index 1d5a1a05d0b4d..d5bf35bb42d21 100644 --- a/bitnami/external-dns/0/debian-12/tags-info.yaml +++ b/bitnami/external-dns/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.14.2 +- 0.15.1 - latest diff --git a/bitnami/external-dns/README.md b/bitnami/external-dns/README.md index a58f5e92587c1..749dca1e729a7 100644 --- a/bitnami/external-dns/README.md +++ b/bitnami/external-dns/README.md @@ -24,7 +24,7 @@ docker run --name external-dns bitnami/external-dns:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use ExternalDNS in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use ExternalDNS in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy ExternalDNS in Kubernetes? @@ -34,11 +34,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/flink/1/debian-12/Dockerfile b/bitnami/flink/1/debian-12/Dockerfile index dc286435383a8..83381ffcdc5a5 100644 --- a/bitnami/flink/1/debian-12/Dockerfile +++ b/bitnami/flink/1/debian-12/Dockerfile @@ -3,20 +3,21 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:29:39Z" \ + org.opencontainers.image.created="2025-01-08T22:15:39Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/flink/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.19.0-debian-12-r5" \ + org.opencontainers.image.ref.name="1.20.0-debian-12-r10" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/flink" \ org.opencontainers.image.title="flink" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.19.0" + org.opencontainers.image.version="1.20.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -29,13 +30,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages acl ca-certificates curl gettext libjemalloc2 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "java-11.0.23-10-1-linux-${OS_ARCH}-debian-12" \ - "flink-1.19.0-2-linux-${OS_ARCH}-debian-12" \ + "java-11.0.25-11-1-linux-${OS_ARCH}-debian-12" \ + "flink-1.20.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/flink/postunpack.sh RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="1.19.0" \ +ENV APP_VERSION="1.20.0" \ BITNAMI_APP_NAME="flink" \ FLINK_HOME="/opt/bitnami/flink" \ JAVA_HOME="/opt/bitnami/java" \ diff --git a/bitnami/flink/1/debian-12/docker-compose.yml b/bitnami/flink/1/debian-12/docker-compose.yml index fdbdb11dc4bed..a42f86310bbb0 100644 --- a/bitnami/flink/1/debian-12/docker-compose.yml +++ b/bitnami/flink/1/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: jobmanager: image: docker.io/bitnami/flink:1 diff --git a/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 4454b6bf0e56d..7dacceefcc8d9 100644 --- a/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.19.0-2" + "version": "1.20.0-4" }, "java": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "11.0.23-10-1" + "version": "11.0.25-11-1" } } \ No newline at end of file diff --git a/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/flink/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/flink/1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/flink/1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh index 8557631d25490..38802fc0bfe91 100755 --- a/bitnami/flink/1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ b/bitnami/flink/1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -13,6 +13,11 @@ set -o pipefail . /opt/bitnami/scripts/libbitnami.sh . /opt/bitnami/scripts/liblog.sh +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + print_welcome_page echo "" diff --git a/bitnami/flink/1/debian-12/tags-info.yaml b/bitnami/flink/1/debian-12/tags-info.yaml index 39663e11990ee..0953f1a16ecdc 100644 --- a/bitnami/flink/1/debian-12/tags-info.yaml +++ b/bitnami/flink/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.19.0 +- 1.20.0 - latest diff --git a/bitnami/flink/README.md b/bitnami/flink/README.md index ca4248a0c0cdf..835829a0653b5 100644 --- a/bitnami/flink/README.md +++ b/bitnami/flink/README.md @@ -23,11 +23,17 @@ docker run --name flink bitnami/flink:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Apache Flink in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Apache Flink in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -57,7 +63,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -124,7 +130,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/flink/docker-compose.yml b/bitnami/flink/docker-compose.yml index fdbdb11dc4bed..a42f86310bbb0 100644 --- a/bitnami/flink/docker-compose.yml +++ b/bitnami/flink/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: jobmanager: image: docker.io/bitnami/flink:1 diff --git a/bitnami/fluent-bit/2/README.md b/bitnami/fluent-bit/2/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/fluent-bit/2/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/fluent-bit/2/debian-12/Dockerfile b/bitnami/fluent-bit/2/debian-12/Dockerfile deleted file mode 100644 index 207b5d446b775..0000000000000 --- a/bitnami/fluent-bit/2/debian-12/Dockerfile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-22T07:11:12Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/fluent-bit/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.2.3-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/fluent-bit" \ - org.opencontainers.image.title="fluent-bit" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.2.3" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libcap2 libgcc-s1 libgcrypt20 libgpg-error0 liblz4-1 liblzma5 libsasl2-2 libssl3 libsystemd0 libyaml-0-2 libzstd1 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "fluent-bit-2.2.3-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN chown -R 1001:1001 /opt/bitnami/fluent-bit - -ENV APP_VERSION="2.2.3" \ - BITNAMI_APP_NAME="fluent-bit" \ - PATH="/opt/bitnami/fluent-bit/bin:$PATH" - -EXPOSE 2020 - -WORKDIR /opt/bitnami/fluent-bit -USER 1001 -ENTRYPOINT [ "fluent-bit" ] -CMD [ "-c", "/opt/bitnami/fluent-bit/conf/fluent-bit.conf" ] diff --git a/bitnami/fluent-bit/2/debian-12/docker-compose.yml b/bitnami/fluent-bit/2/debian-12/docker-compose.yml deleted file mode 100644 index 81f7406565f42..0000000000000 --- a/bitnami/fluent-bit/2/debian-12/docker-compose.yml +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - fluent-bit: - image: docker.io/bitnami/fluent-bit:2 - ports: - - '2020:2020' diff --git a/bitnami/fluent-bit/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluent-bit/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 2fdbfeaf269b8..0000000000000 --- a/bitnami/fluent-bit/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "fluent-bit": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.2.3-0" - } -} \ No newline at end of file diff --git a/bitnami/fluent-bit/2/debian-12/tags-info.yaml b/bitnami/fluent-bit/2/debian-12/tags-info.yaml deleted file mode 100644 index bd7a52ffe5c61..0000000000000 --- a/bitnami/fluent-bit/2/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "2" -- 2-debian-12 -- 2.2.3 diff --git a/bitnami/fluent-bit/3/debian-12/Dockerfile b/bitnami/fluent-bit/3/debian-12/Dockerfile index 63c668e2248ed..fbab5f33c2ada 100644 --- a/bitnami/fluent-bit/3/debian-12/Dockerfile +++ b/bitnami/fluent-bit/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-26T23:09:58Z" \ + org.opencontainers.image.created="2024-12-30T22:55:56Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/fluent-bit/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.0.6-debian-12-r0" \ + org.opencontainers.image.ref.name="3.2.4-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/fluent-bit" \ org.opencontainers.image.title="fluent-bit" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.0.6" + org.opencontainers.image.version="3.2.4" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libcap2 libgcc-s1 libgcrypt20 libgpg-error0 liblz4-1 liblzma5 libsasl2-2 libssl3 libsystemd0 libyaml-0-2 libzstd1 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "fluent-bit-3.0.6-0-linux-${OS_ARCH}-debian-12" \ + "fluent-bit-3.2.4-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN chown -R 1001:1001 /opt/bitnami/fluent-bit -ENV APP_VERSION="3.0.6" \ +ENV APP_VERSION="3.2.4" \ BITNAMI_APP_NAME="fluent-bit" \ PATH="/opt/bitnami/fluent-bit/bin:$PATH" diff --git a/bitnami/fluent-bit/3/debian-12/docker-compose.yml b/bitnami/fluent-bit/3/debian-12/docker-compose.yml index e14f5b3c721fb..4fd0087435319 100644 --- a/bitnami/fluent-bit/3/debian-12/docker-compose.yml +++ b/bitnami/fluent-bit/3/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: fluent-bit: image: docker.io/bitnami/fluent-bit:3 diff --git a/bitnami/fluent-bit/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluent-bit/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index c724ceff4a3ba..65885092e336e 100644 --- a/bitnami/fluent-bit/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/fluent-bit/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.0.6-0" + "version": "3.2.4-0" } } \ No newline at end of file diff --git a/bitnami/fluent-bit/3/debian-12/tags-info.yaml b/bitnami/fluent-bit/3/debian-12/tags-info.yaml index ca13c2443a217..33586bdcbd47d 100644 --- a/bitnami/fluent-bit/3/debian-12/tags-info.yaml +++ b/bitnami/fluent-bit/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.0.6 +- 3.2.4 - latest diff --git a/bitnami/fluent-bit/README.md b/bitnami/fluent-bit/README.md index 911d8f7e62ec8..5d2b881e8d053 100644 --- a/bitnami/fluent-bit/README.md +++ b/bitnami/fluent-bit/README.md @@ -22,15 +22,21 @@ docker run --name fluent-bit bitnami/fluent-bit:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Fluent Bit in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Fluent Bit in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/fluent-bit/docker-compose.yml b/bitnami/fluent-bit/docker-compose.yml index e14f5b3c721fb..4fd0087435319 100644 --- a/bitnami/fluent-bit/docker-compose.yml +++ b/bitnami/fluent-bit/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: fluent-bit: image: docker.io/bitnami/fluent-bit:3 diff --git a/bitnami/fluentd/1/debian-12/Dockerfile b/bitnami/fluentd/1/debian-12/Dockerfile index bb1fe6fce7728..5d7aade97315a 100644 --- a/bitnami/fluentd/1/debian-12/Dockerfile +++ b/bitnami/fluentd/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:29:08Z" \ + org.opencontainers.image.created="2025-01-11T18:19:53Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/fluentd/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.17.0-debian-12-r3" \ + org.opencontainers.image.ref.name="1.18.0-debian-12-r2" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/fluentd" \ org.opencontainers.image.title="fluentd" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.17.0" + org.opencontainers.image.version="1.18.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,16 +26,16 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl libcrypt1 libgcc-s1 libjemalloc-dev libreadline-dev libreadline8 libssl-dev libssl3 libstdc++6 libtinfo6 libyaml-dev procps sqlite3 zlib1g +RUN install_packages ca-certificates curl libcrypt1 libjemalloc-dev libreadline-dev libreadline8 libssl-dev libssl3 libtinfo6 libyaml-dev procps sqlite3 zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "ruby-3.1.5-0-linux-${OS_ARCH}-debian-12" \ - "fluentd-1.17.0-1-linux-${OS_ARCH}-debian-12" \ + "ruby-3.1.6-2-linux-${OS_ARCH}-debian-12" \ + "fluentd-1.18.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/fluentd/postunpack.sh -ENV APP_VERSION="1.17.0" \ +ENV APP_VERSION="1.18.0" \ BITNAMI_APP_NAME="fluentd" \ GEM_HOME="/opt/bitnami/fluentd" \ PATH="/opt/bitnami/ruby/bin:/opt/bitnami/fluentd/bin:$PATH" diff --git a/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index c9ad660f06bb7..d638a212be68b 100644 --- a/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.17.0-1" + "version": "1.18.0-0" }, "ruby": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.1.5-0" + "version": "3.1.6-2" } } \ No newline at end of file diff --git a/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/fluentd/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/fluentd/1/debian-12/tags-info.yaml b/bitnami/fluentd/1/debian-12/tags-info.yaml index 10ab931ad0559..1a70f797234e2 100644 --- a/bitnami/fluentd/1/debian-12/tags-info.yaml +++ b/bitnami/fluentd/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.17.0 +- 1.18.0 - latest diff --git a/bitnami/fluentd/README.md b/bitnami/fluentd/README.md index 8950f77b0a2b5..6bacafe9c70d9 100644 --- a/bitnami/fluentd/README.md +++ b/bitnami/fluentd/README.md @@ -24,15 +24,21 @@ You can find the available configuration options in the [Environment Variables]( * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Fluentd in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Fluentd in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -226,7 +232,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/fluxcd-helm-controller/1/debian-12/Dockerfile b/bitnami/fluxcd-helm-controller/1/debian-12/Dockerfile index f94dc5de2fb19..927f9207a64c5 100644 --- a/bitnami/fluxcd-helm-controller/1/debian-12/Dockerfile +++ b/bitnami/fluxcd-helm-controller/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:42:56Z" \ + org.opencontainers.image.created="2025-01-02T22:02:51Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-helm-controller/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.0.1-debian-12-r1" \ + org.opencontainers.image.ref.name="1.1.0-debian-12-r6" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-helm-controller" \ org.opencontainers.image.title="fluxcd-helm-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.0.1" + org.opencontainers.image.version="1.1.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "fluxcd-helm-controller-1.0.1-1-linux-${OS_ARCH}-debian-12" \ + "fluxcd-helm-controller-1.1.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root fluxcd-helm-controller RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.0.1" \ +ENV APP_VERSION="1.1.0" \ BITNAMI_APP_NAME="fluxcd-helm-controller" \ PATH="/opt/bitnami/fluxcd-helm-controller/bin:$PATH" diff --git a/bitnami/fluxcd-helm-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluxcd-helm-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 96ffbc2b8cead..566948ca1b831 100644 --- a/bitnami/fluxcd-helm-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/fluxcd-helm-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.1-1" + "version": "1.1.0-4" } } \ No newline at end of file diff --git a/bitnami/fluxcd-helm-controller/1/debian-12/tags-info.yaml b/bitnami/fluxcd-helm-controller/1/debian-12/tags-info.yaml index 93e8302ccd434..a300d2da2ff2f 100644 --- a/bitnami/fluxcd-helm-controller/1/debian-12/tags-info.yaml +++ b/bitnami/fluxcd-helm-controller/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.0.1 +- 1.1.0 - latest diff --git a/bitnami/fluxcd-helm-controller/README.md b/bitnami/fluxcd-helm-controller/README.md index 9025f3250f99f..5829cc1834ddc 100644 --- a/bitnami/fluxcd-helm-controller/README.md +++ b/bitnami/fluxcd-helm-controller/README.md @@ -22,11 +22,17 @@ docker run -it --name fluxcd-helm-controller bitnami/fluxcd-helm-controller * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Flux Helm Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Flux Helm Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/fluxcd-image-automation-controller/0/debian-12/Dockerfile b/bitnami/fluxcd-image-automation-controller/0/debian-12/Dockerfile index 0fe2b44a1a200..2a5f43f98f27c 100644 --- a/bitnami/fluxcd-image-automation-controller/0/debian-12/Dockerfile +++ b/bitnami/fluxcd-image-automation-controller/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:42:52Z" \ + org.opencontainers.image.created="2025-01-02T22:08:12Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-image-automation-controller/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.38.0-debian-12-r3" \ + org.opencontainers.image.ref.name="0.39.0-debian-12-r6" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-image-automation-controller" \ org.opencontainers.image.title="fluxcd-image-automation-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.38.0" + org.opencontainers.image.version="0.39.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "fluxcd-image-automation-controller-0.38.0-2-linux-${OS_ARCH}-debian-12" \ + "fluxcd-image-automation-controller-0.39.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root fluxcd-image-automation-controll RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="0.38.0" \ +ENV APP_VERSION="0.39.0" \ BITNAMI_APP_NAME="fluxcd-image-automation-controller" \ PATH="/opt/bitnami/fluxcd-image-automation-controller/bin:$PATH" diff --git a/bitnami/fluxcd-image-automation-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluxcd-image-automation-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 5e4ed3568a17e..b195dc1e8e39f 100644 --- a/bitnami/fluxcd-image-automation-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/fluxcd-image-automation-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.38.0-2" + "version": "0.39.0-4" } } \ No newline at end of file diff --git a/bitnami/fluxcd-image-automation-controller/0/debian-12/tags-info.yaml b/bitnami/fluxcd-image-automation-controller/0/debian-12/tags-info.yaml index d0a031bfbd70c..7da39a0c63f48 100644 --- a/bitnami/fluxcd-image-automation-controller/0/debian-12/tags-info.yaml +++ b/bitnami/fluxcd-image-automation-controller/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.38.0 +- 0.39.0 - latest diff --git a/bitnami/fluxcd-image-automation-controller/README.md b/bitnami/fluxcd-image-automation-controller/README.md index 4d34adb28ef9d..843dec231c576 100644 --- a/bitnami/fluxcd-image-automation-controller/README.md +++ b/bitnami/fluxcd-image-automation-controller/README.md @@ -23,11 +23,17 @@ docker run -it --name fluxcd-image-automation-controller bitnami/fluxcd-image-au * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Flux Image Automation Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Flux Image Automation Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -109,7 +115,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/fluxcd-image-reflector-controller/0/debian-12/Dockerfile b/bitnami/fluxcd-image-reflector-controller/0/debian-12/Dockerfile index 975ba75d6937b..4985b2f1718aa 100644 --- a/bitnami/fluxcd-image-reflector-controller/0/debian-12/Dockerfile +++ b/bitnami/fluxcd-image-reflector-controller/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:48:20Z" \ + org.opencontainers.image.created="2025-01-02T22:14:53Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-image-reflector-controller/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.32.0-debian-12-r3" \ + org.opencontainers.image.ref.name="0.33.0-debian-12-r6" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-image-reflector-controller" \ org.opencontainers.image.title="fluxcd-image-reflector-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.32.0" + org.opencontainers.image.version="0.33.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "fluxcd-image-reflector-controller-0.32.0-2-linux-${OS_ARCH}-debian-12" \ + "fluxcd-image-reflector-controller-0.33.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root fluxcd-image-reflector-controlle RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="0.32.0" \ +ENV APP_VERSION="0.33.0" \ BITNAMI_APP_NAME="fluxcd-image-reflector-controller" \ PATH="/opt/bitnami/fluxcd-image-reflector-controller/bin:$PATH" diff --git a/bitnami/fluxcd-image-reflector-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluxcd-image-reflector-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index a6ae45fb1cdb3..7471af68e9421 100644 --- a/bitnami/fluxcd-image-reflector-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/fluxcd-image-reflector-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.32.0-2" + "version": "0.33.0-4" } } \ No newline at end of file diff --git a/bitnami/fluxcd-image-reflector-controller/0/debian-12/tags-info.yaml b/bitnami/fluxcd-image-reflector-controller/0/debian-12/tags-info.yaml index 73cc811b0cc23..331acac6d03a9 100644 --- a/bitnami/fluxcd-image-reflector-controller/0/debian-12/tags-info.yaml +++ b/bitnami/fluxcd-image-reflector-controller/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.32.0 +- 0.33.0 - latest diff --git a/bitnami/fluxcd-image-reflector-controller/README.md b/bitnami/fluxcd-image-reflector-controller/README.md index 7804e54b104f2..859c8194a8427 100644 --- a/bitnami/fluxcd-image-reflector-controller/README.md +++ b/bitnami/fluxcd-image-reflector-controller/README.md @@ -23,11 +23,17 @@ docker run -it --name fluxcd-image-reflector-controller bitnami/fluxcd-image-ref * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Flux Image Reflector Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Flux Image Reflector Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -109,7 +115,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/fluxcd-kustomize-controller/1/debian-12/Dockerfile b/bitnami/fluxcd-kustomize-controller/1/debian-12/Dockerfile index 7ae60e6a99478..0c3cb45ffc991 100644 --- a/bitnami/fluxcd-kustomize-controller/1/debian-12/Dockerfile +++ b/bitnami/fluxcd-kustomize-controller/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:53:43Z" \ + org.opencontainers.image.created="2025-01-02T22:23:34Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-kustomize-controller/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.3.0-debian-12-r3" \ + org.opencontainers.image.ref.name="1.4.0-debian-12-r6" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-kustomize-controller" \ org.opencontainers.image.title="fluxcd-kustomize-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.3.0" + org.opencontainers.image.version="1.4.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl git gnupg openssh-client procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "fluxcd-kustomize-controller-1.3.0-2-linux-${OS_ARCH}-debian-12" \ + "fluxcd-kustomize-controller-1.4.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root fluxcd-kustomize-controller RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.3.0" \ +ENV APP_VERSION="1.4.0" \ BITNAMI_APP_NAME="fluxcd-kustomize-controller" \ PATH="/opt/bitnami/fluxcd-kustomize-controller/bin:$PATH" diff --git a/bitnami/fluxcd-kustomize-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluxcd-kustomize-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 4e937439829bc..222250dc2c181 100644 --- a/bitnami/fluxcd-kustomize-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/fluxcd-kustomize-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.3.0-2" + "version": "1.4.0-4" } } \ No newline at end of file diff --git a/bitnami/fluxcd-kustomize-controller/1/debian-12/tags-info.yaml b/bitnami/fluxcd-kustomize-controller/1/debian-12/tags-info.yaml index ddd335b19bd58..689ae5f3a6d1e 100644 --- a/bitnami/fluxcd-kustomize-controller/1/debian-12/tags-info.yaml +++ b/bitnami/fluxcd-kustomize-controller/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.3.0 +- 1.4.0 - latest diff --git a/bitnami/fluxcd-kustomize-controller/README.md b/bitnami/fluxcd-kustomize-controller/README.md index 8a0418cba79e5..2c387b34b6f79 100644 --- a/bitnami/fluxcd-kustomize-controller/README.md +++ b/bitnami/fluxcd-kustomize-controller/README.md @@ -22,11 +22,17 @@ docker run -it --name fluxcd-kustomize-controller bitnami/fluxcd-kustomize-contr * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Flux Kustomize Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Flux Kustomize Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/fluxcd-notification-controller/1/debian-12/Dockerfile b/bitnami/fluxcd-notification-controller/1/debian-12/Dockerfile index 33cdde8356ec8..ec15a6e7c0222 100644 --- a/bitnami/fluxcd-notification-controller/1/debian-12/Dockerfile +++ b/bitnami/fluxcd-notification-controller/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:59:19Z" \ + org.opencontainers.image.created="2025-01-02T22:17:34Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-notification-controller/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.3.0-debian-12-r3" \ + org.opencontainers.image.ref.name="1.4.0-debian-12-r7" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/fluxcd-notification-controller" \ org.opencontainers.image.title="fluxcd-notification-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.3.0" + org.opencontainers.image.version="1.4.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "fluxcd-notification-controller-1.3.0-2-linux-${OS_ARCH}-debian-12" \ + "fluxcd-notification-controller-1.4.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root fluxcd-notification-controller RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.3.0" \ +ENV APP_VERSION="1.4.0" \ BITNAMI_APP_NAME="fluxcd-notification-controller" \ PATH="/opt/bitnami/fluxcd-notification-controller/bin:$PATH" diff --git a/bitnami/fluxcd-notification-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluxcd-notification-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index f820bf534fbee..b870c05bc0b64 100644 --- a/bitnami/fluxcd-notification-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/fluxcd-notification-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.3.0-2" + "version": "1.4.0-4" } } \ No newline at end of file diff --git a/bitnami/fluxcd-notification-controller/1/debian-12/tags-info.yaml b/bitnami/fluxcd-notification-controller/1/debian-12/tags-info.yaml index ddd335b19bd58..689ae5f3a6d1e 100644 --- a/bitnami/fluxcd-notification-controller/1/debian-12/tags-info.yaml +++ b/bitnami/fluxcd-notification-controller/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.3.0 +- 1.4.0 - latest diff --git a/bitnami/fluxcd-notification-controller/README.md b/bitnami/fluxcd-notification-controller/README.md index 7dc243cc41daa..cd2f3c891fdbb 100644 --- a/bitnami/fluxcd-notification-controller/README.md +++ b/bitnami/fluxcd-notification-controller/README.md @@ -23,11 +23,17 @@ docker run -it --name fluxcd-notification-controller bitnami/fluxcd-notification * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Flux Notification Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Flux Notification Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -109,7 +115,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/fluxcd-source-controller/1/debian-12/Dockerfile b/bitnami/fluxcd-source-controller/1/debian-12/Dockerfile index 458d933ced07b..44b7cd7761c86 100644 --- a/bitnami/fluxcd-source-controller/1/debian-12/Dockerfile +++ b/bitnami/fluxcd-source-controller/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T19:29:36Z" \ + org.opencontainers.image.created="2025-01-02T22:02:27Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/flux/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.3.0-debian-12-r4" \ + org.opencontainers.image.ref.name="1.4.1-debian-12-r6" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/flux" \ org.opencontainers.image.title="flux" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.3.0" + org.opencontainers.image.version="1.4.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "flux-1.3.0-2-linux-${OS_ARCH}-debian-12" \ + "flux-1.4.1-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root flux RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="1.3.0" \ +ENV APP_VERSION="1.4.1" \ BITNAMI_APP_NAME="flux" \ PATH="/opt/bitnami/flux/bin:$PATH" diff --git a/bitnami/fluxcd-source-controller/1/debian-12/docker-compose.yml b/bitnami/fluxcd-source-controller/1/debian-12/docker-compose.yml index ef3078154301a..d244223c5a381 100644 --- a/bitnami/fluxcd-source-controller/1/debian-12/docker-compose.yml +++ b/bitnami/fluxcd-source-controller/1/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: fluxcd-source-controller: - image: + image: docker.io/bitnami/fluxcd-source-controller:1 diff --git a/bitnami/fluxcd-source-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/fluxcd-source-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 39807bbd3f599..7a0ee45c28952 100644 --- a/bitnami/fluxcd-source-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/fluxcd-source-controller/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.3.0-2" + "version": "1.4.1-4" } } \ No newline at end of file diff --git a/bitnami/fluxcd-source-controller/1/debian-12/tags-info.yaml b/bitnami/fluxcd-source-controller/1/debian-12/tags-info.yaml index ddd335b19bd58..b0f3b437c871d 100644 --- a/bitnami/fluxcd-source-controller/1/debian-12/tags-info.yaml +++ b/bitnami/fluxcd-source-controller/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.3.0 +- 1.4.1 - latest diff --git a/bitnami/fluxcd-source-controller/README.md b/bitnami/fluxcd-source-controller/README.md index 9db05d1fe0922..9049c2394db5e 100644 --- a/bitnami/fluxcd-source-controller/README.md +++ b/bitnami/fluxcd-source-controller/README.md @@ -29,11 +29,17 @@ docker-compose up -d * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Flux in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Flux in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -123,7 +129,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/fluxcd-source-controller/docker-compose-testing.yml b/bitnami/fluxcd-source-controller/docker-compose-testing.yml new file mode 100644 index 0000000000000..2e161f6ac6219 --- /dev/null +++ b/bitnami/fluxcd-source-controller/docker-compose-testing.yml @@ -0,0 +1,8 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + fluxcd-source-controller: + image: docker.io/bitnami/fluxcd-source-controller:1 + # Overriding entrypoint so the container does not exit and we can run some basic tests + entrypoint: tail -f /dev/null diff --git a/bitnami/fluxcd-source-controller/docker-compose.yml b/bitnami/fluxcd-source-controller/docker-compose.yml index ef3078154301a..d244223c5a381 100644 --- a/bitnami/fluxcd-source-controller/docker-compose.yml +++ b/bitnami/fluxcd-source-controller/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: fluxcd-source-controller: - image: + image: docker.io/bitnami/fluxcd-source-controller:1 diff --git a/bitnami/ghost/5/debian-12/Dockerfile b/bitnami/ghost/5/debian-12/Dockerfile index dbaf4c73f8d4c..be0d230b1af02 100644 --- a/bitnami/ghost/5/debian-12/Dockerfile +++ b/bitnami/ghost/5/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T17:19:42Z" \ + org.opencontainers.image.created="2025-01-13T09:05:50Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ghost/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="5.83.0-debian-12-r0" \ + org.opencontainers.image.ref.name="5.106.1-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ghost" \ org.opencontainers.image.title="ghost" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="5.83.0" + org.opencontainers.image.version="5.106.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,15 +29,15 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages acl ca-certificates curl jq libaudit1 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libicu72 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncurses6 libncursesw6 libnsl2 libpam0g libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 libxml2 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "node-18.20.3-0-linux-${OS_ARCH}-debian-12" \ - "mysql-client-10.11.8-0-linux-${OS_ARCH}-debian-12" \ - "ghost-5.83.0-0-linux-${OS_ARCH}-debian-12" \ + "python-3.12.8-1-linux-${OS_ARCH}-debian-12" \ + "node-18.20.5-2-linux-${OS_ARCH}-debian-12" \ + "mysql-client-10.11.10-0-linux-${OS_ARCH}-debian-12" \ + "ghost-5.106.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -50,7 +51,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/ghost/postunpack.sh RUN /opt/bitnami/scripts/mysql-client/postunpack.sh -ENV APP_VERSION="5.83.0" \ +ENV APP_VERSION="5.106.1" \ BITNAMI_APP_NAME="ghost" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/node/bin:/opt/bitnami/mysql/bin:/opt/bitnami/ghost/bin:$PATH" diff --git a/bitnami/ghost/5/debian-12/docker-compose.yml b/bitnami/ghost/5/debian-12/docker-compose.yml index 7588ded697df4..c0f1191df3c4d 100644 --- a/bitnami/ghost/5/debian-12/docker-compose.yml +++ b/bitnami/ghost/5/debian-12/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: mysql: - image: docker.io/bitnami/mysql:8.4 + image: docker.io/bitnami/mysql:latest volumes: - 'mysql_data:/bitnami/mysql' environment: diff --git a/bitnami/ghost/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ghost/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index b1b9ca4ccf91b..a5e8c8039b67a 100644 --- a/bitnami/ghost/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/ghost/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,24 +3,24 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "5.83.0-0" + "version": "5.106.1-0" }, "mysql-client": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "10.11.8-0" + "version": "10.11.10-0" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "18.20.3-0" + "version": "18.20.5-2" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.12.8-1" } } \ No newline at end of file diff --git a/bitnami/ghost/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ghost/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/ghost/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/ghost/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/ghost/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/ghost/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh index 39569da01dc3d..c702d828bc843 100644 --- a/bitnami/ghost/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh +++ b/bitnami/ghost/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh @@ -10,6 +10,7 @@ . /opt/bitnami/scripts/liblog.sh . /opt/bitnami/scripts/libos.sh . /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh ######################## # Validate settings in MYSQL_CLIENT_* environment variables @@ -438,69 +439,6 @@ mysql_stop() { fi } -######################## -# Initialize database data -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_install_db() { - local command="${DB_BIN_DIR}/mysql_install_db" - local -a args=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && args+=("${db_extra_flags[@]}") - - am_i_root && args=("${args[@]}" "--user=$DB_DAEMON_USER") - if [[ "$DB_FLAVOR" = "mariadb" ]]; then - args+=("--auth-root-authentication-method=normal") - # Feature available only in MariaDB 10.5+ - # ref: https://mariadb.com/kb/en/mysql_install_db/#not-creating-the-test-database-and-anonymous-user - if [[ ! "$(mysql_get_version)" =~ ^10\.[01234]\. ]]; then - is_boolean_yes "$DB_SKIP_TEST_DB" && args+=("--skip-test-db") - fi - else - command="${DB_BIN_DIR}/mysqld" - args+=("--initialize-insecure") - fi - debug_execute "$command" "${args[@]}" -} - -######################## -# Upgrade Database Schema -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_upgrade() { - local -a args=("--defaults-file=${DB_CONF_FILE}" "-u" "$DB_ROOT_USER") - local major_version minor_version patch_version - major_version="$(get_sematic_version "$(mysql_get_version)" 1)" - minor_version="$(get_sematic_version "$(mysql_get_version)" 2)" - patch_version="$(get_sematic_version "$(mysql_get_version)" 3)" - info "Running mysql_upgrade" - if [[ "$DB_FLAVOR" = *"mysql"* ]] && [[ - "$major_version" -gt "8" - || ( "$major_version" -eq "8" && "$minor_version" -gt "0" ) - || ( "$major_version" -eq "8" && "$minor_version" -eq "0" && "$patch_version" -ge "16" ) - ]]; then - mysql_stop - mysql_start_bg "--upgrade=FORCE" - else - mysql_start_bg - is_boolean_yes "${ROOT_AUTH_ENABLED:-false}" && args+=("-p$(get_master_env_var_value ROOT_PASSWORD)") - debug_execute "${DB_BIN_DIR}/mysql_upgrade" "${args[@]}" || echo "This installation is already upgraded" - fi -} ######################## # Migrate old custom configuration files @@ -1021,14 +959,14 @@ find_jemalloc_lib() { ######################## # Execute a reliable health check against the current mysql instance # Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD +# DB_ROOT_USER, DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD # Arguments: # None # Returns: # mysqladmin output ######################### mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") + local args=("-u${DB_ROOT_USER}" "-h0.0.0.0") local root_password root_password="$(get_master_env_var_value ROOT_PASSWORD)" @@ -1089,6 +1027,20 @@ mysql_client_extra_opts() { value="$(mysql_client_env_value "SSL_${key^^}_FILE")" [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") done + else + # Skip SSL validation + if [[ "$(mysql_client_flavor)" = "mariadb" ]]; then + # SSL connections are enabled by default in MariaDB >=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi fi echo "${opts[@]:-}" } diff --git a/bitnami/ghost/5/debian-12/tags-info.yaml b/bitnami/ghost/5/debian-12/tags-info.yaml index 0c41bd7378a1d..c42d25e69e8a3 100644 --- a/bitnami/ghost/5/debian-12/tags-info.yaml +++ b/bitnami/ghost/5/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "5" - 5-debian-12 -- 5.83.0 +- 5.106.1 - latest diff --git a/bitnami/ghost/README.md b/bitnami/ghost/README.md index f1be8d73494a3..6b7a4232972f3 100644 --- a/bitnami/ghost/README.md +++ b/bitnami/ghost/README.md @@ -25,7 +25,7 @@ eployment. * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Ghost in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Ghost in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Ghost in Kubernetes? @@ -35,11 +35,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -527,7 +533,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/ghost/docker-compose.yml b/bitnami/ghost/docker-compose.yml index 7588ded697df4..c0f1191df3c4d 100644 --- a/bitnami/ghost/docker-compose.yml +++ b/bitnami/ghost/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: mysql: - image: docker.io/bitnami/mysql:8.4 + image: docker.io/bitnami/mysql:latest volumes: - 'mysql_data:/bitnami/mysql' environment: diff --git a/bitnami/git/2/debian-12/Dockerfile b/bitnami/git/2/debian-12/Dockerfile index 5e502adc1e841..8064970d56b0c 100644 --- a/bitnami/git/2/debian-12/Dockerfile +++ b/bitnami/git/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T19:55:51Z" \ + org.opencontainers.image.created="2025-01-10T19:49:40Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/git/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.45.2-debian-12-r0" \ + org.opencontainers.image.ref.name="2.48.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/git" \ org.opencontainers.image.title="git" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.45.2" + org.opencontainers.image.version="2.48.0" ENV OS_ARCH="${TARGETARCH:-amd64}" \ OS_FLAVOUR="debian-12" \ @@ -24,15 +25,15 @@ ENV OS_ARCH="${TARGETARCH:-amd64}" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl git-lfs less libbrotli1 libcom-err2 libcurl4 libffi8 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.5-0 libnettle8 libnghttp2-14 libp11-kit0 libpsl5 librtmp1 libsasl2-2 libssh2-1 libssl3 libtasn1-6 libunistring2 libzstd1 procps ssh zlib1g +RUN install_packages ca-certificates curl git-lfs less libbrotli1 libcom-err2 libcurl4 libffi8 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.5-0 libnettle8 libnghttp2-14 libp11-kit0 libpsl5 librtmp1 libsasl2-2 libssh2-1 libssl3 libtasn1-6 libunistring2 libzstd1 openssh-client procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "git-2.45.2-0-linux-${OS_ARCH}-debian-12" \ + "git-2.48.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN rm -f /etc/ssh/ssh_host_* > /dev/null 2>&1 && \ chmod g+w /etc/ssh -ENV APP_VERSION="2.45.2" \ +ENV APP_VERSION="2.48.0" \ BITNAMI_APP_NAME="git" \ NSS_WRAPPER_LIB="/opt/bitnami/common/lib/libnss_wrapper.so" \ PATH="/opt/bitnami/git/bin:$PATH" diff --git a/bitnami/git/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/git/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 9557724a423e9..5d788769f25c7 100644 --- a/bitnami/git/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/git/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.45.2-0" + "version": "2.48.0-0" } } \ No newline at end of file diff --git a/bitnami/git/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/git/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/git/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/git/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/git/2/debian-12/tags-info.yaml b/bitnami/git/2/debian-12/tags-info.yaml index a94a6f4ed17f9..06a4375c70ae5 100644 --- a/bitnami/git/2/debian-12/tags-info.yaml +++ b/bitnami/git/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.45.2 +- 2.48.0 - latest diff --git a/bitnami/git/README.md b/bitnami/git/README.md index debd4959af2fd..f6ac4ff6fbc54 100644 --- a/bitnami/git/README.md +++ b/bitnami/git/README.md @@ -22,11 +22,17 @@ docker run --name git bitnami/git:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Git in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Git in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -92,7 +98,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/gitea/1/debian-12/Dockerfile b/bitnami/gitea/1/debian-12/Dockerfile index ade71560bb9e0..0ae6cb425f61c 100644 --- a/bitnami/gitea/1/debian-12/Dockerfile +++ b/bitnami/gitea/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-27T12:49:33Z" \ + org.opencontainers.image.created="2025-01-10T09:47:42Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/gitea/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.22.0-debian-12-r0" \ + org.opencontainers.image.ref.name="1.23.1-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/gitea" \ org.opencontainers.image.title="gitea" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.22.0" + org.opencontainers.image.version="1.23.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,15 +29,15 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages acl ca-certificates curl git procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "gitea-1.22.0-0-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "ini-file-1.4.7-8-linux-${OS_ARCH}-debian-12" \ + "gitea-1.23.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/gitea/postunpack.sh -ENV APP_VERSION="1.22.0" \ +ENV APP_VERSION="1.23.1" \ BITNAMI_APP_NAME="gitea" \ NSS_WRAPPER_LIB="/opt/bitnami/common/lib/libnss_wrapper.so" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/gitea/bin:$PATH" diff --git a/bitnami/gitea/1/debian-12/docker-compose.yml b/bitnami/gitea/1/debian-12/docker-compose.yml index 8a3a73c448e1a..b887f1b610666 100644 --- a/bitnami/gitea/1/debian-12/docker-compose.yml +++ b/bitnami/gitea/1/debian-12/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: diff --git a/bitnami/gitea/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/gitea/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 08e5176a42b98..d68592d4b0318 100644 --- a/bitnami/gitea/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/gitea/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,24 +3,24 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.22.0-0" + "version": "1.23.1-0" }, "ini-file": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.4.6-13" + "version": "1.4.7-8" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/gitea/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/gitea/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/gitea/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/gitea/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/gitea/custom/conf/app.ini.template b/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/gitea/custom/conf/app.ini.template index 31100c04a51b1..e528a951e6111 100644 --- a/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/gitea/custom/conf/app.ini.template +++ b/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/gitea/custom/conf/app.ini.template @@ -55,4 +55,8 @@ REVERSE_PROXY_TRUSTED_PROXIES = * [openid] ENABLE_OPENID_SIGNIN = {{GITEA_ENABLE_OPENID_SIGNIN}} -ENABLE_OPENID_SIGNUP = {{GITEA_ENABLE_OPENID_SIGNUP}} \ No newline at end of file +ENABLE_OPENID_SIGNUP = {{GITEA_ENABLE_OPENID_SIGNUP}} + +[oauth2_client] +ENABLE_AUTO_REGISTRATION = {{GITEA_OAUTH2_CLIENT_AUTO_REGISTRATION_ENABLED}} +USERNAME = {{GITEA_OAUTH2_CLIENT_USERNAME}} diff --git a/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/scripts/gitea-env.sh b/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/scripts/gitea-env.sh index 6a18f5b14cb18..67ec6e3680d21 100644 --- a/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/scripts/gitea-env.sh +++ b/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/scripts/gitea-env.sh @@ -60,6 +60,8 @@ gitea_env_vars=( GITEA_SMTP_FROM GITEA_SMTP_USER GITEA_SMTP_PASSWORD + GITEA_OAUTH2_CLIENT_AUTO_REGISTRATION_ENABLED + GITEA_OAUTH2_CLIENT_USERNAME ) for env_var in "${gitea_env_vars[@]}"; do file_env_var="${env_var}_FILE" @@ -125,6 +127,8 @@ export GITEA_SMTP_PORT="${GITEA_SMTP_PORT:-}" export GITEA_SMTP_FROM="${GITEA_SMTP_FROM:-}" export GITEA_SMTP_USER="${GITEA_SMTP_USER:-}" export GITEA_SMTP_PASSWORD="${GITEA_SMTP_PASSWORD:-}" +export GITEA_OAUTH2_CLIENT_AUTO_REGISTRATION_ENABLED="${GITEA_OAUTH2_CLIENT_AUTO_REGISTRATION_ENABLED:-false}" +export GITEA_OAUTH2_CLIENT_USERNAME="${GITEA_OAUTH2_CLIENT_USERNAME:-nickname}" # Gitea system parameters export GITEA_DAEMON_USER="gitea" diff --git a/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/scripts/libgitea.sh b/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/scripts/libgitea.sh index 4a82ccbf5a9e1..700150a2511df 100644 --- a/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/scripts/libgitea.sh +++ b/bitnami/gitea/1/debian-12/rootfs/opt/bitnami/scripts/libgitea.sh @@ -47,6 +47,17 @@ gitea_validate() { fi } + check_true_false_value() { + if ! is_true_false_value "${!1}"; then + print_validation_error "The allowed values for $1 are [true, false]" + fi + } + check_multi_value() { + if [[ " ${2} " != *" ${!1} "* ]]; then + print_validation_error "The allowed values for ${1} are: ${2}" + fi + } + ! is_empty_value "$GITEA_HTTP_PORT" && check_valid_port "GITEA_HTTP_PORT" ! is_empty_value "$GITEA_SSH_PORT" && check_valid_port "GITEA_SSH_PORT" ! is_empty_value "$GITEA_SSH_LISTEN_PORT" && check_valid_port "GITEA_SSH_LISTEN_PORT" @@ -56,6 +67,9 @@ gitea_validate() { check_empty_value "GITEA_SMTP_FROM" fi + check_true_false_value 'GITEA_OAUTH2_CLIENT_AUTO_REGISTRATION_ENABLED' + check_multi_value 'GITEA_OAUTH2_CLIENT_USERNAME' 'userid nickname preferred_username email' + return "$error_code" } @@ -221,6 +235,9 @@ gitea_update_conf_file() { is_empty_value "$GITEA_SMTP_USER" || gitea_conf_set "mailer" "USER" "$GITEA_SMTP_USER" is_empty_value "$GITEA_SMTP_PASSWORD" || gitea_conf_set "mailer" "PASSWD" "$GITEA_SMTP_PASSWORD" is_empty_value "$GITEA_LFS_ROOT_PATH" || gitea_conf_set "lfs" "PATH" "$GITEA_LFS_ROOT_PATH" + + is_empty_value "$GITEA_OAUTH2_CLIENT_AUTO_REGISTRATION_ENABLED" || gitea_conf_set "oauth2_client" "ENABLE_AUTO_REGISTRATION" "$GITEA_OAUTH2_CLIENT_AUTO_REGISTRATION_ENABLED" + is_empty_value "$GITEA_OAUTH2_CLIENT_USERNAME" || gitea_conf_set "oauth2_client" "USERNAME" "$GITEA_OAUTH2_CLIENT_USERNAME" } ######################## diff --git a/bitnami/gitea/1/debian-12/tags-info.yaml b/bitnami/gitea/1/debian-12/tags-info.yaml index 04d4b013fd763..cad5af5b768cf 100644 --- a/bitnami/gitea/1/debian-12/tags-info.yaml +++ b/bitnami/gitea/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.22.0 +- 1.23.1 - latest diff --git a/bitnami/gitea/README.md b/bitnami/gitea/README.md index 223fca290237b..d45cb3156f17d 100644 --- a/bitnami/gitea/README.md +++ b/bitnami/gitea/README.md @@ -22,7 +22,7 @@ docker run --name gitea bitnami/gitea:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Gitea in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Gitea in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Gitea in Kubernetes? @@ -30,9 +30,15 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -163,44 +169,46 @@ Gitea can be configured via environment variables or using a configuration file #### Customizable environment variables -| Name | Description | Default Value | -|------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------| -| `GITEA_REPO_ROOT_PATH` | Gitea git repositories path. | `${GITEA_DATA_DIR}/git/repositories` | -| `GITEA_LFS_ROOT_PATH` | Gitea git LFS path. | `nil` | -| `GITEA_LOG_ROOT_PATH` | Gitea log path. | `${GITEA_TMP_DIR}/log` | -| `GITEA_LOG_MODE` | Gitea log mode. | `nil` | -| `GITEA_LOG_ROUTER` | Gitea log router. | `nil` | -| `GITEA_ADMIN_USER` | Admin username. | `bn_user` | -| `GITEA_ADMIN_PASSWORD` | Admin password. | `bitnami` | -| `GITEA_ADMIN_EMAIL` | Admin user email. | `user@bitnami.org` | -| `GITEA_APP_NAME` | Application name, used in the page title | `Gitea: Git with a cup of tea` | -| `GITEA_RUN_MODE` | Application run mode, affects performance and debugging. Either "dev", "prod" or "test". | `prod` | -| `GITEA_DOMAIN` | Domain name of this server. | `localhost` | -| `GITEA_SSH_DOMAIN` | Domain name of this server, used for displayed clone URL. | `${GITEA_DOMAIN}` | -| `GITEA_SSH_LISTEN_PORT` | Port for the built-in SSH server. | `2222` | -| `GITEA_SSH_PORT` | SSH port displayed in clone URL. | `${GITEA_SSH_LISTEN_PORT}` | -| `GITEA_HTTP_PORT` | Gitea HTTP listen port | `3000` | -| `GITEA_PROTOCOL` | [http, https, fcgi, http+unix, fcgi+unix] | `http` | -| `GITEA_ROOT_URL` | Overwrite the automatically generated public URL. This is useful if the internal and the external URL don't match | `${GITEA_PROTOCOL}://${GITEA_DOMAIN}:${GITEA_HTTP_PORT}` | -| `GITEA_PASSWORD_HASH_ALGO` | The hash algorithm to use [argon2, pbkdf2, scrypt, bcrypt], argon2 will spend more memory than others. | `pbkdf2` | -| `GITEA_LFS_START_SERVER` | Enables Git LFS support | `false` | -| `GITEA_ENABLE_OPENID_SIGNIN` | Enable OpenID sign-in. | `false` | -| `GITEA_ENABLE_OPENID_SIGNUP` | Enable OpenID sign-up. | `false` | -| `GITEA_DATABASE_TYPE` | The database type in use [mysql, postgres]. | `postgres` | -| `GITEA_DATABASE_HOST` | Database host address. | `postgresql` | -| `GITEA_DATABASE_PORT_NUMBER` | Database host port. | `5432` | -| `GITEA_DATABASE_NAME` | Database name. | `bitnami_gitea` | -| `GITEA_DATABASE_USERNAME` | Database username. | `bn_gitea` | -| `GITEA_DATABASE_PASSWORD` | Database password. | `nil` | -| `GITEA_DATABASE_SSL_MODE` | Database SSL mode. | `disable` | -| `GITEA_DATABASE_SCHEMA` | Database Schema. | `nil` | -| `GITEA_DATABASE_CHARSET` | Database character set. | `utf8` | -| `GITEA_SMTP_ENABLED` | Enable to use a mail service. | `false` | -| `GITEA_SMTP_HOST` | SMTP mail host address (example: smtp.gitea.io). | `nil` | -| `GITEA_SMTP_PORT` | SMTP mail port (example: 587). | `nil` | -| `GITEA_SMTP_FROM` | Mail from address, RFC 5322. This can be just an email address, or the "Name" email@example.com format. | `nil` | -| `GITEA_SMTP_USER` | Username of mailing user (usually the senders e-mail address). | `nil` | -| `GITEA_SMTP_PASSWORD` | Password of mailing user. Use "your password" for quoting if you use special characters in the password. | `nil` | +| Name | Description | Default Value | +|-------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------| +| `GITEA_REPO_ROOT_PATH` | Gitea git repositories path. | `${GITEA_DATA_DIR}/git/repositories` | +| `GITEA_LFS_ROOT_PATH` | Gitea git LFS path. | `nil` | +| `GITEA_LOG_ROOT_PATH` | Gitea log path. | `${GITEA_TMP_DIR}/log` | +| `GITEA_LOG_MODE` | Gitea log mode. | `nil` | +| `GITEA_LOG_ROUTER` | Gitea log router. | `nil` | +| `GITEA_ADMIN_USER` | Admin username. | `bn_user` | +| `GITEA_ADMIN_PASSWORD` | Admin password. | `bitnami` | +| `GITEA_ADMIN_EMAIL` | Admin user email. | `user@bitnami.org` | +| `GITEA_APP_NAME` | Application name, used in the page title | `Gitea: Git with a cup of tea` | +| `GITEA_RUN_MODE` | Application run mode, affects performance and debugging. Either "dev", "prod" or "test". | `prod` | +| `GITEA_DOMAIN` | Domain name of this server. | `localhost` | +| `GITEA_SSH_DOMAIN` | Domain name of this server, used for displayed clone URL. | `${GITEA_DOMAIN}` | +| `GITEA_SSH_LISTEN_PORT` | Port for the built-in SSH server. | `2222` | +| `GITEA_SSH_PORT` | SSH port displayed in clone URL. | `${GITEA_SSH_LISTEN_PORT}` | +| `GITEA_HTTP_PORT` | Gitea HTTP listen port | `3000` | +| `GITEA_PROTOCOL` | [http, https, fcgi, http+unix, fcgi+unix] | `http` | +| `GITEA_ROOT_URL` | Overwrite the automatically generated public URL. This is useful if the internal and the external URL don't match | `${GITEA_PROTOCOL}://${GITEA_DOMAIN}:${GITEA_HTTP_PORT}` | +| `GITEA_PASSWORD_HASH_ALGO` | The hash algorithm to use [argon2, pbkdf2, scrypt, bcrypt], argon2 will spend more memory than others. | `pbkdf2` | +| `GITEA_LFS_START_SERVER` | Enables Git LFS support | `false` | +| `GITEA_ENABLE_OPENID_SIGNIN` | Enable OpenID sign-in. | `false` | +| `GITEA_ENABLE_OPENID_SIGNUP` | Enable OpenID sign-up. | `false` | +| `GITEA_DATABASE_TYPE` | The database type in use [mysql, postgres]. | `postgres` | +| `GITEA_DATABASE_HOST` | Database host address. | `postgresql` | +| `GITEA_DATABASE_PORT_NUMBER` | Database host port. | `5432` | +| `GITEA_DATABASE_NAME` | Database name. | `bitnami_gitea` | +| `GITEA_DATABASE_USERNAME` | Database username. | `bn_gitea` | +| `GITEA_DATABASE_PASSWORD` | Database password. | `nil` | +| `GITEA_DATABASE_SSL_MODE` | Database SSL mode. | `disable` | +| `GITEA_DATABASE_SCHEMA` | Database Schema. | `nil` | +| `GITEA_DATABASE_CHARSET` | Database character set. | `utf8` | +| `GITEA_SMTP_ENABLED` | Enable to use a mail service. | `false` | +| `GITEA_SMTP_HOST` | SMTP mail host address (example: smtp.gitea.io). | `nil` | +| `GITEA_SMTP_PORT` | SMTP mail port (example: 587). | `nil` | +| `GITEA_SMTP_FROM` | Mail from address, RFC 5322. This can be just an email address, or the "Name" email@example.com format. | `nil` | +| `GITEA_SMTP_USER` | Username of mailing user (usually the senders e-mail address). | `nil` | +| `GITEA_SMTP_PASSWORD` | Password of mailing user. Use "your password" for quoting if you use special characters in the password. | `nil` | +| `GITEA_OAUTH2_CLIENT_AUTO_REGISTRATION_ENABLED` | Password of mailing user. Use "your password" for quoting if you use special characters in the password. | `false` | +| `GITEA_OAUTH2_CLIENT_USERNAME` | Password of mailing user. Use "your password" for quoting if you use special characters in the password. | `nickname` | #### Read-only environment variables @@ -352,7 +360,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/gitea/docker-compose.yml b/bitnami/gitea/docker-compose.yml index 8a3a73c448e1a..b887f1b610666 100644 --- a/bitnami/gitea/docker-compose.yml +++ b/bitnami/gitea/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: diff --git a/bitnami/gitlab-runner-helper/16/debian-12/Dockerfile b/bitnami/gitlab-runner-helper/16/debian-12/Dockerfile deleted file mode 100644 index 91a9ce7445700..0000000000000 --- a/bitnami/gitlab-runner-helper/16/debian-12/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T20:06:17Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/gitlab-runner-helper/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="16.11.1-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/gitlab-runner-helper" \ - org.opencontainers.image.title="gitlab-runner-helper" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="16.11.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl git git-lfs openssh-client procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "gitlab-runner-helper-16.11.1-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN mkdir /home/gitlab-runner && \ - chmod -R g+rwX /home/gitlab-runner && \ - ln -s /opt/bitnami/common/bin/dumb-init /usr/bin/dumb-init && \ - ln -s /opt/bitnami/scripts/gitlab-runner-helper/entrypoint.sh /entrypoint && \ - ln -s /opt/bitnami/gitlab-runner-helper/bin/gitlab-runner-helper /usr/bin/gitlab-runner-helper -ENV APP_VERSION="16.11.1" \ - BITNAMI_APP_NAME="gitlab-runner-helper" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/gitlab-runner-helper/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/usr/bin/dumb-init", "/opt/bitnami/scripts/gitlab-runner-helper/entrypoint.sh" ] -CMD [ "sh" ] diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 242bdda3b7d03..0000000000000 --- a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "gitlab-runner-helper": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "16.11.1-2" - } -} \ No newline at end of file diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/gitlab-runner-helper/16/debian-12/tags-info.yaml b/bitnami/gitlab-runner-helper/16/debian-12/tags-info.yaml deleted file mode 100644 index d534d8befc2bc..0000000000000 --- a/bitnami/gitlab-runner-helper/16/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "16" -- 16-debian-12 -- 16.11.1 -- latest diff --git a/bitnami/gitlab-runner-helper/17/debian-12/Dockerfile b/bitnami/gitlab-runner-helper/17/debian-12/Dockerfile new file mode 100644 index 0000000000000..1806f86d260d9 --- /dev/null +++ b/bitnami/gitlab-runner-helper/17/debian-12/Dockerfile @@ -0,0 +1,60 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2024-12-20T10:06:55Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/gitlab-runner-helper/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="17.7.0-debian-12-r0" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/gitlab-runner-helper" \ + org.opencontainers.image.title="gitlab-runner-helper" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="17.7.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl git git-lfs openssh-client procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "gitlab-runner-helper-17.7.0-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN mkdir /home/gitlab-runner && \ + chmod -R g+rwX /home/gitlab-runner && \ + ln -s /opt/bitnami/common/bin/dumb-init /usr/bin/dumb-init && \ + ln -s /opt/bitnami/scripts/gitlab-runner-helper/entrypoint.sh /entrypoint && \ + ln -s /opt/bitnami/gitlab-runner-helper/bin/gitlab-runner-helper /usr/bin/gitlab-runner-helper +ENV APP_VERSION="17.7.0" \ + BITNAMI_APP_NAME="gitlab-runner-helper" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/gitlab-runner-helper/bin:$PATH" + +USER 1001 +ENTRYPOINT [ "/usr/bin/dumb-init", "/opt/bitnami/scripts/gitlab-runner-helper/entrypoint.sh" ] +CMD [ "sh" ] diff --git a/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..07ca6f9f757cb --- /dev/null +++ b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "gitlab-runner-helper": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "17.7.0-0" + } +} \ No newline at end of file diff --git a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/dotnet-sdk/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/dotnet-sdk/6/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/dotnet-sdk/6/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/dotnet-sdk/6/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/gitlab-runner-helper/17/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/gitlab-runner-helper/16/debian-12/rootfs/opt/bitnami/scripts/gitlab-runner-helper/entrypoint.sh b/bitnami/gitlab-runner-helper/17/debian-12/rootfs/opt/bitnami/scripts/gitlab-runner-helper/entrypoint.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/rootfs/opt/bitnami/scripts/gitlab-runner-helper/entrypoint.sh rename to bitnami/gitlab-runner-helper/17/debian-12/rootfs/opt/bitnami/scripts/gitlab-runner-helper/entrypoint.sh diff --git a/bitnami/gitlab-runner-helper/17/debian-12/tags-info.yaml b/bitnami/gitlab-runner-helper/17/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..e750920488c45 --- /dev/null +++ b/bitnami/gitlab-runner-helper/17/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "17" +- 17-debian-12 +- 17.7.0 +- latest diff --git a/bitnami/gitlab-runner-helper/README.md b/bitnami/gitlab-runner-helper/README.md index 10a9488e18dce..de21e448c2600 100644 --- a/bitnami/gitlab-runner-helper/README.md +++ b/bitnami/gitlab-runner-helper/README.md @@ -22,11 +22,17 @@ docker run -it --name gitlab-runner-helper bitnami/gitlab-runner-helper * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Gitlab Runner Helper in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Gitlab Runner Helper in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/gitlab-runner/16/debian-12/Dockerfile b/bitnami/gitlab-runner/16/debian-12/Dockerfile deleted file mode 100644 index 805ecdf4d8ac3..0000000000000 --- a/bitnami/gitlab-runner/16/debian-12/Dockerfile +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T20:09:49Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/gitlab-runner/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="16.11.1-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/gitlab-runner" \ - org.opencontainers.image.title="gitlab-runner" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="16.11.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl git git-lfs openssh-client procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "gitlab-runner-16.11.1-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN mkdir /home/gitlab-runner && chmod -R g+rwX /home/gitlab-runner && ln -s /opt/bitnami/common/bin/dumb-init /usr/bin/dumb-init && ln -s /opt/bitnami/scripts/gitlab-runner/entrypoint.sh /entrypoint -ENV APP_VERSION="16.11.1" \ - BITNAMI_APP_NAME="gitlab-runner" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/gitlab-runner/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/usr/bin/dumb-init", "/opt/bitnami/scripts/gitlab-runner/entrypoint.sh" ] -CMD [ "run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner" ] diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 2bad27b1cfa9d..0000000000000 --- a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "gitlab-runner": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "16.11.1-2" - } -} \ No newline at end of file diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/gitlab-runner/16/debian-12/tags-info.yaml b/bitnami/gitlab-runner/16/debian-12/tags-info.yaml deleted file mode 100644 index d534d8befc2bc..0000000000000 --- a/bitnami/gitlab-runner/16/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "16" -- 16-debian-12 -- 16.11.1 -- latest diff --git a/bitnami/gitlab-runner/17/debian-12/Dockerfile b/bitnami/gitlab-runner/17/debian-12/Dockerfile new file mode 100644 index 0000000000000..2eb185b6032d9 --- /dev/null +++ b/bitnami/gitlab-runner/17/debian-12/Dockerfile @@ -0,0 +1,56 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2024-12-20T10:06:56Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/gitlab-runner/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="17.7.0-debian-12-r0" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/gitlab-runner" \ + org.opencontainers.image.title="gitlab-runner" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="17.7.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl git git-lfs openssh-client procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "gitlab-runner-17.7.0-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN mkdir /home/gitlab-runner && chmod -R g+rwX /home/gitlab-runner && ln -s /opt/bitnami/common/bin/dumb-init /usr/bin/dumb-init && ln -s /opt/bitnami/scripts/gitlab-runner/entrypoint.sh /entrypoint +ENV APP_VERSION="17.7.0" \ + BITNAMI_APP_NAME="gitlab-runner" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/gitlab-runner/bin:$PATH" + +USER 1001 +ENTRYPOINT [ "/usr/bin/dumb-init", "/opt/bitnami/scripts/gitlab-runner/entrypoint.sh" ] +CMD [ "run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner" ] diff --git a/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..8e3295ce2f524 --- /dev/null +++ b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "gitlab-runner": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "17.7.0-0" + } +} \ No newline at end of file diff --git a/bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/dotnet/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/mongodb/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/mongodb/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/dotnet/6/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/gitlab-runner/17/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/dotnet/6/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/dotnet/6/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/gitlab-runner/17/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/dotnet/6/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/gitlab-runner/17/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/gitlab-runner/16/debian-12/rootfs/opt/bitnami/scripts/gitlab-runner/entrypoint.sh b/bitnami/gitlab-runner/17/debian-12/rootfs/opt/bitnami/scripts/gitlab-runner/entrypoint.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/rootfs/opt/bitnami/scripts/gitlab-runner/entrypoint.sh rename to bitnami/gitlab-runner/17/debian-12/rootfs/opt/bitnami/scripts/gitlab-runner/entrypoint.sh diff --git a/bitnami/gitlab-runner/17/debian-12/tags-info.yaml b/bitnami/gitlab-runner/17/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..e750920488c45 --- /dev/null +++ b/bitnami/gitlab-runner/17/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "17" +- 17-debian-12 +- 17.7.0 +- latest diff --git a/bitnami/gitlab-runner/README.md b/bitnami/gitlab-runner/README.md index 715b7dedb00a7..db8a5fdbc2c1d 100644 --- a/bitnami/gitlab-runner/README.md +++ b/bitnami/gitlab-runner/README.md @@ -22,11 +22,17 @@ docker run -it --name gitlab-runner bitnami/gitlab-runner * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Gitlab Runner in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Gitlab Runner in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/golang/1.21/debian-12/Dockerfile b/bitnami/golang/1.21/debian-12/Dockerfile deleted file mode 100644 index 9460241294d62..0000000000000 --- a/bitnami/golang/1.21/debian-12/Dockerfile +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T20:09:50Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/golang/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.21.10-debian-12-r1" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/golang" \ - org.opencontainers.image.title="golang" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.21.10" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages build-essential ca-certificates curl git pkg-config procps unzip -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "golang-1.21.10-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir -p "/go/src" "/go/bin" && chmod -R 777 "/go" - -ENV APP_VERSION="1.21.10" \ - BITNAMI_APP_NAME="golang" \ - GOCACHE="/go/.cache" \ - GOPATH="/go" \ - PATH="/go/bin:/opt/bitnami/go/bin:$PATH" - -WORKDIR $GOPATH -CMD [ "bash" ] diff --git a/bitnami/golang/1.21/debian-12/docker-compose.yml b/bitnami/golang/1.21/debian-12/docker-compose.yml deleted file mode 100644 index 4bce0c327aa03..0000000000000 --- a/bitnami/golang/1.21/debian-12/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - golang: - tty: true # Enables debugging capabilities when attached to this container. - image: docker.io/bitnami/golang:1.21 - command: ["sleep", "infinity"] # To keep the container running diff --git a/bitnami/golang/1.21/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/golang/1.21/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index d6c4a58090c84..0000000000000 --- a/bitnami/golang/1.21/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "golang": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.21.10-1" - } -} \ No newline at end of file diff --git a/bitnami/golang/1.21/debian-12/tags-info.yaml b/bitnami/golang/1.21/debian-12/tags-info.yaml deleted file mode 100644 index 41c3583287d41..0000000000000 --- a/bitnami/golang/1.21/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "1.21" -- 1.21-debian-12 -- 1.21.10 diff --git a/bitnami/golang/1.22/README.md b/bitnami/golang/1.22/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/golang/1.22/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/golang/1.22/debian-12/Dockerfile b/bitnami/golang/1.22/debian-12/Dockerfile deleted file mode 100644 index 96c9e6827278d..0000000000000 --- a/bitnami/golang/1.22/debian-12/Dockerfile +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T21:51:49Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/golang/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.22.3-debian-12-r1" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/golang" \ - org.opencontainers.image.title="golang" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.22.3" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages build-essential ca-certificates curl git pkg-config procps unzip -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "golang-1.22.3-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir -p "/go/src" "/go/bin" && chmod -R 777 "/go" - -ENV APP_VERSION="1.22.3" \ - BITNAMI_APP_NAME="golang" \ - GOCACHE="/go/.cache" \ - GOPATH="/go" \ - PATH="/go/bin:/opt/bitnami/go/bin:$PATH" - -WORKDIR $GOPATH -CMD [ "bash" ] diff --git a/bitnami/golang/1.22/debian-12/docker-compose.yml b/bitnami/golang/1.22/debian-12/docker-compose.yml deleted file mode 100644 index 21069582d4652..0000000000000 --- a/bitnami/golang/1.22/debian-12/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - golang: - tty: true # Enables debugging capabilities when attached to this container. - image: docker.io/bitnami/golang:1.22 - command: ["sleep", "infinity"] # To keep the container running diff --git a/bitnami/golang/1.22/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/golang/1.22/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 9620df70fab27..0000000000000 --- a/bitnami/golang/1.22/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "golang": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.22.3-1" - } -} \ No newline at end of file diff --git a/bitnami/golang/1.22/debian-12/tags-info.yaml b/bitnami/golang/1.22/debian-12/tags-info.yaml deleted file mode 100644 index 11d1ef0f457e7..0000000000000 --- a/bitnami/golang/1.22/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "1.22" -- 1.22-debian-12 -- 1.22.3 -- latest diff --git a/bitnami/golang/1.23/debian-12/Dockerfile b/bitnami/golang/1.23/debian-12/Dockerfile new file mode 100644 index 0000000000000..cebc6b6dd2b86 --- /dev/null +++ b/bitnami/golang/1.23/debian-12/Dockerfile @@ -0,0 +1,54 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-11T18:19:50Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/golang/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="1.23.4-debian-12-r2" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/golang" \ + org.opencontainers.image.title="golang" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="1.23.4" + +ENV OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages build-essential ca-certificates curl git pkg-config procps unzip +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "golang-1.23.4-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN mkdir -p "/go/src" "/go/bin" && chmod -R 777 "/go" + +ENV APP_VERSION="1.23.4" \ + BITNAMI_APP_NAME="golang" \ + GOCACHE="/go/.cache" \ + GOPATH="/go" \ + PATH="/go/bin:/opt/bitnami/go/bin:$PATH" + +WORKDIR $GOPATH +CMD [ "bash" ] diff --git a/bitnami/golang/1.23/debian-12/docker-compose.yml b/bitnami/golang/1.23/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..0756ec8bfbcc0 --- /dev/null +++ b/bitnami/golang/1.23/debian-12/docker-compose.yml @@ -0,0 +1,8 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + golang: + tty: true # Enables debugging capabilities when attached to this container. + image: docker.io/bitnami/golang:1.23 + command: ["sleep", "infinity"] # To keep the container running diff --git a/bitnami/golang/1.23/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/golang/1.23/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..6a162a2b26ef6 --- /dev/null +++ b/bitnami/golang/1.23/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "golang": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.23.4-0" + } +} \ No newline at end of file diff --git a/bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/golang/1.23/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/golang/1.23/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/drupal/10/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/golang/1.23/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/golang/1.23/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/drupal/10/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/golang/1.23/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/drupal/10/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/golang/1.23/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/golang/1.23/debian-12/tags-info.yaml b/bitnami/golang/1.23/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..882b27c837d5e --- /dev/null +++ b/bitnami/golang/1.23/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "1.23" +- 1.23-debian-12 +- 1.23.4 +- latest diff --git a/bitnami/golang/README.md b/bitnami/golang/README.md index b71d7818ee1b1..59547f0a0a668 100644 --- a/bitnami/golang/README.md +++ b/bitnami/golang/README.md @@ -22,11 +22,17 @@ docker run --name golang bitnami/golang:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Golang in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Golang in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -173,7 +179,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/golang/docker-compose.yml b/bitnami/golang/docker-compose.yml index 21069582d4652..0756ec8bfbcc0 100644 --- a/bitnami/golang/docker-compose.yml +++ b/bitnami/golang/docker-compose.yml @@ -1,9 +1,8 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: golang: tty: true # Enables debugging capabilities when attached to this container. - image: docker.io/bitnami/golang:1.22 + image: docker.io/bitnami/golang:1.23 command: ["sleep", "infinity"] # To keep the container running diff --git a/bitnami/google-cloud-sdk/0/debian-12/Dockerfile b/bitnami/google-cloud-sdk/0/debian-12/Dockerfile index a600f79c322e9..67c180bada17b 100644 --- a/bitnami/google-cloud-sdk/0/debian-12/Dockerfile +++ b/bitnami/google-cloud-sdk/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T20:05:01Z" \ + org.opencontainers.image.created="2025-01-07T21:50:55Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/google-cloud-sdk/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.478.0-debian-12-r0" \ + org.opencontainers.image.ref.name="0.505.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/google-cloud-sdk" \ org.opencontainers.image.title="google-cloud-sdk" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.478.0" + org.opencontainers.image.version="0.505.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libtinfo6 libtirpc3 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "google-cloud-sdk-0.478.0-0-linux-${OS_ARCH}-debian-12" \ + "python-3.11.11-1-linux-${OS_ARCH}-debian-12" \ + "google-cloud-sdk-0.505.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir /.config /.gsutil && chmod g+rwX /.config /.gsutil RUN mkdir /.local && chmod g+rwX /.local -ENV APP_VERSION="0.478.0" \ +ENV APP_VERSION="0.505.0" \ BITNAMI_APP_NAME="google-cloud-sdk" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/google-cloud-sdk/bin:$PATH" diff --git a/bitnami/google-cloud-sdk/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/google-cloud-sdk/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 2a29d767332cc..9cb526f739f9d 100644 --- a/bitnami/google-cloud-sdk/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/google-cloud-sdk/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.478.0-0" + "version": "0.505.0-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.11.11-1" } } \ No newline at end of file diff --git a/bitnami/google-cloud-sdk/0/debian-12/tags-info.yaml b/bitnami/google-cloud-sdk/0/debian-12/tags-info.yaml index e0a26e24f2b1b..401868f7d0446 100644 --- a/bitnami/google-cloud-sdk/0/debian-12/tags-info.yaml +++ b/bitnami/google-cloud-sdk/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.478.0 +- 0.505.0 - latest diff --git a/bitnami/google-cloud-sdk/README.md b/bitnami/google-cloud-sdk/README.md index 130ca4ce89e67..2b3f171a136a7 100644 --- a/bitnami/google-cloud-sdk/README.md +++ b/bitnami/google-cloud-sdk/README.md @@ -22,11 +22,17 @@ docker run --name google-cloud-sdk bitnami/google-cloud-sdk:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Google Cloud SDK in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Google Cloud SDK in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -90,7 +96,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/gotrue/2/debian-12/Dockerfile b/bitnami/gotrue/2/debian-12/Dockerfile index 92c88ac91b955..0b8d80b320f86 100644 --- a/bitnami/gotrue/2/debian-12/Dockerfile +++ b/bitnami/gotrue/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-30T14:06:02Z" \ + org.opencontainers.image.created="2025-01-07T18:13:58Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/gotrue/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.152.1-debian-12-r0" \ + org.opencontainers.image.ref.name="2.168.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/gotrue" \ org.opencontainers.image.title="gotrue" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.152.1" + org.opencontainers.image.version="2.168.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "gotrue-2.152.1-0-linux-${OS_ARCH}-debian-12" \ + "gotrue-2.168.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root gotrue RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="2.152.1" \ +ENV APP_VERSION="2.168.0" \ BITNAMI_APP_NAME="gotrue" \ PATH="/opt/bitnami/gotrue/bin:$PATH" diff --git a/bitnami/gotrue/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/gotrue/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index a22285ab21d92..e499de4ef028b 100644 --- a/bitnami/gotrue/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/gotrue/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.152.1-0" + "version": "2.168.0-0" } } \ No newline at end of file diff --git a/bitnami/gotrue/2/debian-12/tags-info.yaml b/bitnami/gotrue/2/debian-12/tags-info.yaml index 96c8a6eaab2ea..b8c30685125bf 100644 --- a/bitnami/gotrue/2/debian-12/tags-info.yaml +++ b/bitnami/gotrue/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.152.1 +- 2.168.0 - latest diff --git a/bitnami/gotrue/README.md b/bitnami/gotrue/README.md index 38339ab7ea245..5f779032cc8dd 100644 --- a/bitnami/gotrue/README.md +++ b/bitnami/gotrue/README.md @@ -22,11 +22,17 @@ docker run -it --name gotrue bitnami/gotrue * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use GoTrue in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use GoTrue in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -159,7 +165,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/gradle/8/debian-12/Dockerfile b/bitnami/gradle/8/debian-12/Dockerfile index 6277f03a00b7f..ae8903cfdddb5 100644 --- a/bitnami/gradle/8/debian-12/Dockerfile +++ b/bitnami/gradle/8/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-06-01T02:02:41Z" \ + org.opencontainers.image.created="2024-12-20T17:57:35Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/gradle/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="8.8.0-debian-12-r0" \ + org.opencontainers.image.ref.name="8.12.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/gradle" \ org.opencontainers.image.title="gradle" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="8.8.0" + org.opencontainers.image.version="8.12.0" ENV HOME="/app" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "java-17.0.11-12-0-linux-${OS_ARCH}-debian-12" \ - "gradle-8.8.0-0-linux-${OS_ARCH}-debian-12" \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "gradle-8.12.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get update && apt-get upgrade -y && \ RUN mkdir /app && chmod g+rwX /app RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="8.8.0" \ +ENV APP_VERSION="8.12.0" \ BITNAMI_APP_NAME="gradle" \ PATH="/opt/bitnami/java/bin:/opt/bitnami/gradle/bin:$PATH" diff --git a/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 4d02e5351733c..a1f6ccaf3556b 100644 --- a/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.8.0-0" + "version": "8.12.0-0" }, "java": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "17.0.11-12-0" + "version": "17.0.13-12-1" } } \ No newline at end of file diff --git a/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/nginx/1.25/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/nginx/1.25/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/ejbca/8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/gradle/8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/gradle/8/debian-12/tags-info.yaml b/bitnami/gradle/8/debian-12/tags-info.yaml index 4eb074dd19b24..f818896a21fcc 100644 --- a/bitnami/gradle/8/debian-12/tags-info.yaml +++ b/bitnami/gradle/8/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "8" - 8-debian-12 -- 8.8.0 +- 8.12.0 - latest diff --git a/bitnami/gradle/README.md b/bitnami/gradle/README.md index 014e17edbbdde..5a871c9d82114 100644 --- a/bitnami/gradle/README.md +++ b/bitnami/gradle/README.md @@ -22,11 +22,17 @@ docker run -it --name gradle bitnami/gradle:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Gradle in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Gradle in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/grafana-image-renderer/3/debian-12/Dockerfile b/bitnami/grafana-image-renderer/3/debian-12/Dockerfile index 55015799e898c..aa3f12bd74f72 100644 --- a/bitnami/grafana-image-renderer/3/debian-12/Dockerfile +++ b/bitnami/grafana-image-renderer/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T08:01:37Z" \ + org.opencontainers.image.created="2025-01-11T18:20:06Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/grafana-image-renderer/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.10.5-debian-12-r1" \ + org.opencontainers.image.ref.name="3.11.6-debian-12-r9" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/grafana-image-renderer" \ org.opencontainers.image.title="grafana-image-renderer" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.10.5" + org.opencontainers.image.version="3.11.6" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,17 +26,17 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates chromium curl fonts-freefont-ttf fonts-ipafont-gothic fonts-kacst fonts-thai-tlwg fonts-wqy-zenhei gnupg jq libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 libx11-xcb1 libxcb-dri3-0 libxshmfence1 libxss1 libxtst6 procps wget zlib1g +RUN install_packages ca-certificates chromium curl fonts-freefont-ttf fonts-ipafont-gothic fonts-kacst fonts-thai-tlwg fonts-wqy-zenhei gnupg jq libbz2-1.0 libffi8 libgcc-s1 liblzma5 libncursesw6 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libx11-xcb1 libxcb-dri3-0 libxshmfence1 libxss1 libxtst6 procps wget zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "node-18.20.3-0-linux-${OS_ARCH}-debian-12" \ - "grafana-image-renderer-3.10.5-0-linux-${OS_ARCH}-debian-12" \ + "python-3.13.1-1-linux-${OS_ARCH}-debian-12" \ + "node-22.13.0-1-linux-${OS_ARCH}-debian-12" \ + "grafana-image-renderer-3.11.6-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="3.10.5" \ +ENV APP_VERSION="3.11.6" \ BITNAMI_APP_NAME="grafana-image-renderer" \ HTTP_HOST="0.0.0.0" \ HTTP_PORT="8080" \ diff --git a/bitnami/grafana-image-renderer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/grafana-image-renderer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index f5824c5c678c4..7a10929601dc5 100644 --- a/bitnami/grafana-image-renderer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/grafana-image-renderer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.10.5-0" + "version": "3.11.6-1" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "18.20.3-0" + "version": "22.13.0-1" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.13.1-1" } } \ No newline at end of file diff --git a/bitnami/grafana-image-renderer/3/debian-12/tags-info.yaml b/bitnami/grafana-image-renderer/3/debian-12/tags-info.yaml index 4bc2e0d528616..f0f65206ca4c0 100644 --- a/bitnami/grafana-image-renderer/3/debian-12/tags-info.yaml +++ b/bitnami/grafana-image-renderer/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.10.5 +- 3.11.6 - latest diff --git a/bitnami/grafana-image-renderer/README.md b/bitnami/grafana-image-renderer/README.md index f88696fce9079..50439957cdf2b 100644 --- a/bitnami/grafana-image-renderer/README.md +++ b/bitnami/grafana-image-renderer/README.md @@ -22,7 +22,7 @@ docker run --name grafana-image-renderer bitnami/grafana-image-renderer:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Grafana Image Renderer in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Grafana Image Renderer in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Grafana Image Renderer in Kubernetes? @@ -32,11 +32,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -226,7 +232,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/grafana-loki/3/debian-12/Dockerfile b/bitnami/grafana-loki/3/debian-12/Dockerfile index 3a630bfdac81f..c279d64e3de78 100644 --- a/bitnami/grafana-loki/3/debian-12/Dockerfile +++ b/bitnami/grafana-loki/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T20:10:48Z" \ + org.opencontainers.image.created="2024-12-18T19:54:29Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/grafana-loki/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.0.0-debian-12-r5" \ + org.opencontainers.image.ref.name="3.3.2-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/grafana-loki" \ org.opencontainers.image.title="grafana-loki" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.0.0" + org.opencontainers.image.version="3.3.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "grafana-loki-3.0.0-2-linux-${OS_ARCH}-debian-12" \ + "grafana-loki-3.3.2-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN chmod g+rwX /opt/bitnami RUN mkdir -p /bitnami/grafana-loki/data /bitnami/grafana-loki/loki /bitnami/grafana-loki/wal && chmod -R g+rwX /bitnami/grafana-loki && ln -s /bitnami/grafana-loki/loki /loki && ln -s /bitnami/grafana-loki/data /data && ln -s /bitnami/grafana-loki/wal /wal RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="3.0.0" \ +ENV APP_VERSION="3.3.2" \ BITNAMI_APP_NAME="grafana-loki" \ PATH="/opt/bitnami/grafana-loki/bin:$PATH" diff --git a/bitnami/grafana-loki/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/grafana-loki/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index e52e0360e35c8..ba5108a81bce1 100644 --- a/bitnami/grafana-loki/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/grafana-loki/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.0.0-2" + "version": "3.3.2-0" } } \ No newline at end of file diff --git a/bitnami/grafana-loki/3/debian-12/tags-info.yaml b/bitnami/grafana-loki/3/debian-12/tags-info.yaml index 93635c7a7f7f6..e44dc98107649 100644 --- a/bitnami/grafana-loki/3/debian-12/tags-info.yaml +++ b/bitnami/grafana-loki/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.0.0 +- 3.3.2 - latest diff --git a/bitnami/grafana-loki/README.md b/bitnami/grafana-loki/README.md index 7d3a67cd1e6ec..a8f50a60fbd9d 100644 --- a/bitnami/grafana-loki/README.md +++ b/bitnami/grafana-loki/README.md @@ -22,11 +22,17 @@ docker run --name grafana-loki bitnami/grafana-loki:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Grafana Loki in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Grafana Loki in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -56,7 +62,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration diff --git a/bitnami/grafana-mimir/2/debian-12/Dockerfile b/bitnami/grafana-mimir/2/debian-12/Dockerfile index 75e418bbf238c..c4718d20f5747 100644 --- a/bitnami/grafana-mimir/2/debian-12/Dockerfile +++ b/bitnami/grafana-mimir/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T20:10:54Z" \ + org.opencontainers.image.created="2025-01-03T08:56:46Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/grafana-mimir/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.12.0-debian-12-r7" \ + org.opencontainers.image.ref.name="2.15.0-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/grafana-mimir" \ org.opencontainers.image.title="grafana-mimir" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.12.0" + org.opencontainers.image.version="2.15.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "grafana-mimir-2.12.0-2-linux-${OS_ARCH}-debian-12" \ + "grafana-mimir-2.15.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN chmod g+rwX /opt/bitnami RUN mkdir -p /bitnami/grafana-mimir/data /bitnami/grafana-mimir/mimir && chmod -R g+rwX /bitnami/grafana-mimir && ln -s /bitnami/grafana-mimir/mimir /mimir && ln -s /bitnami/grafana-mimir/data /data RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="2.12.0" \ +ENV APP_VERSION="2.15.0" \ BITNAMI_APP_NAME="grafana-mimir" \ PATH="/opt/bitnami/grafana-mimir/bin:$PATH" diff --git a/bitnami/grafana-mimir/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/grafana-mimir/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index e5c387e733348..ca8cf186f8483 100644 --- a/bitnami/grafana-mimir/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/grafana-mimir/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.12.0-2" + "version": "2.15.0-0" } } \ No newline at end of file diff --git a/bitnami/grafana-mimir/2/debian-12/tags-info.yaml b/bitnami/grafana-mimir/2/debian-12/tags-info.yaml index 9d04fd2169720..9c8d046e5cb06 100644 --- a/bitnami/grafana-mimir/2/debian-12/tags-info.yaml +++ b/bitnami/grafana-mimir/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.12.0 +- 2.15.0 - latest diff --git a/bitnami/grafana-mimir/README.md b/bitnami/grafana-mimir/README.md index 8a0b6081d7f71..67e2d866139f0 100644 --- a/bitnami/grafana-mimir/README.md +++ b/bitnami/grafana-mimir/README.md @@ -22,11 +22,17 @@ docker run --name grafana-mimir bitnami/grafana-mimir:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Grafana Mimir in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Grafana Mimir in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -56,7 +62,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -92,7 +98,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/grafana-operator/5/debian-12/Dockerfile b/bitnami/grafana-operator/5/debian-12/Dockerfile index a0b272ff064a7..912a7a8e150ea 100644 --- a/bitnami/grafana-operator/5/debian-12/Dockerfile +++ b/bitnami/grafana-operator/5/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-26T20:15:08Z" \ + org.opencontainers.image.created="2025-01-02T22:47:58Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/grafana-operator/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="5.9.1-debian-12-r0" \ + org.opencontainers.image.ref.name="5.15.1-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/grafana-operator" \ org.opencontainers.image.title="grafana-operator" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="5.9.1" + org.opencontainers.image.version="5.15.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "grafana-operator-5.9.1-0-linux-${OS_ARCH}-debian-12" \ + "grafana-operator-5.15.1-2-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN ln -sf /opt/bitnami/grafana-operator/bin/grafana-operator /usr/local/bin/grafana-operator RUN mkdir -p /opt/jsonnet && ln -sf /opt/bitnami/grafonnet-lib/grafonnet /opt/jsonnet/grafonnet -ENV APP_VERSION="5.9.1" \ +ENV APP_VERSION="5.15.1" \ BITNAMI_APP_NAME="grafana-operator" \ PATH="/opt/bitnami/grafana-operator/bin:$PATH" diff --git a/bitnami/grafana-operator/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/grafana-operator/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 799977ffce5b5..fb5d0a4405a3b 100644 --- a/bitnami/grafana-operator/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/grafana-operator/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "5.9.1-0" + "version": "5.15.1-2" } } \ No newline at end of file diff --git a/bitnami/grafana-operator/5/debian-12/tags-info.yaml b/bitnami/grafana-operator/5/debian-12/tags-info.yaml index a59092a7aba8e..35ea74995a50c 100644 --- a/bitnami/grafana-operator/5/debian-12/tags-info.yaml +++ b/bitnami/grafana-operator/5/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "5" - 5-debian-12 -- 5.9.1 +- 5.15.1 - latest diff --git a/bitnami/grafana-operator/README.md b/bitnami/grafana-operator/README.md index 156cf75abb635..b32963ad7f0ca 100644 --- a/bitnami/grafana-operator/README.md +++ b/bitnami/grafana-operator/README.md @@ -20,11 +20,11 @@ Deploy [Grafana Operator](https://github.com/integr8ly/grafana-operator/tree/mas * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Grafana Operator in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Grafana Operator in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## How to deploy Grafana Operator in Kubernetes? @@ -32,9 +32,15 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -82,7 +88,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/grafana-tempo-query/2/debian-12/Dockerfile b/bitnami/grafana-tempo-query/2/debian-12/Dockerfile index 7d693a7a69358..f55f54d39a274 100644 --- a/bitnami/grafana-tempo-query/2/debian-12/Dockerfile +++ b/bitnami/grafana-tempo-query/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T17:09:45Z" \ + org.opencontainers.image.created="2025-01-02T22:54:23Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/grafana-tempo-query/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.5.0-debian-12-r0" \ + org.opencontainers.image.ref.name="2.6.1-debian-12-r5" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/grafana-tempo-query" \ org.opencontainers.image.title="grafana-tempo-query" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.5.0" + org.opencontainers.image.version="2.6.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "grafana-tempo-query-2.5.0-0-linux-${OS_ARCH}-debian-12" \ + "grafana-tempo-query-2.6.1-3-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="2.5.0" \ +ENV APP_VERSION="2.6.1" \ BITNAMI_APP_NAME="grafana-tempo-query" \ GRPC_STORAGE_PLUGIN_BINARY="/opt/bitnami/grafana-tempo-query/bin/tempo-query" \ PATH="/opt/bitnami/grafana-tempo-query/bin:/opt/bitnami/jaeger-query/bin:$PATH" \ diff --git a/bitnami/grafana-tempo-query/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/grafana-tempo-query/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 17cf01e61d465..120f7f8bea61c 100644 --- a/bitnami/grafana-tempo-query/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/grafana-tempo-query/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.5.0-0" + "version": "2.6.1-3" } } \ No newline at end of file diff --git a/bitnami/grafana-tempo-query/2/debian-12/tags-info.yaml b/bitnami/grafana-tempo-query/2/debian-12/tags-info.yaml index b5193bbe68811..3ded67fc17a27 100644 --- a/bitnami/grafana-tempo-query/2/debian-12/tags-info.yaml +++ b/bitnami/grafana-tempo-query/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.5.0 +- 2.6.1 - latest diff --git a/bitnami/grafana-tempo-query/README.md b/bitnami/grafana-tempo-query/README.md index 74701f1e5d246..54b305108a2b0 100644 --- a/bitnami/grafana-tempo-query/README.md +++ b/bitnami/grafana-tempo-query/README.md @@ -22,11 +22,17 @@ docker run --name grafana-tempo-query bitnami/grafana-tempo-query:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Grafana Tempo Query in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Grafana Tempo Query in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -56,7 +62,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -92,7 +98,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/grafana-tempo-vulture/2/debian-12/Dockerfile b/bitnami/grafana-tempo-vulture/2/debian-12/Dockerfile index b7cd507c72815..7a4505b991645 100644 --- a/bitnami/grafana-tempo-vulture/2/debian-12/Dockerfile +++ b/bitnami/grafana-tempo-vulture/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T17:00:05Z" \ + org.opencontainers.image.created="2025-01-02T22:54:25Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/grafana-tempo-vulture/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.5.0-debian-12-r0" \ + org.opencontainers.image.ref.name="2.6.1-debian-12-r5" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/grafana-tempo-vulture" \ org.opencontainers.image.title="grafana-tempo-vulture" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.5.0" + org.opencontainers.image.version="2.6.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "grafana-tempo-vulture-2.5.0-0-linux-${OS_ARCH}-debian-12" \ + "grafana-tempo-vulture-2.6.1-3-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="2.5.0" \ +ENV APP_VERSION="2.6.1" \ BITNAMI_APP_NAME="grafana-tempo-vulture" \ PATH="/opt/bitnami/grafana-tempo-vulture/bin:$PATH" diff --git a/bitnami/grafana-tempo-vulture/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/grafana-tempo-vulture/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index af037e62bda34..2f663cafa4954 100644 --- a/bitnami/grafana-tempo-vulture/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/grafana-tempo-vulture/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.5.0-0" + "version": "2.6.1-3" } } \ No newline at end of file diff --git a/bitnami/grafana-tempo-vulture/2/debian-12/tags-info.yaml b/bitnami/grafana-tempo-vulture/2/debian-12/tags-info.yaml index b5193bbe68811..3ded67fc17a27 100644 --- a/bitnami/grafana-tempo-vulture/2/debian-12/tags-info.yaml +++ b/bitnami/grafana-tempo-vulture/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.5.0 +- 2.6.1 - latest diff --git a/bitnami/grafana-tempo-vulture/README.md b/bitnami/grafana-tempo-vulture/README.md index aaaaca29c78c7..da45549f3a58b 100644 --- a/bitnami/grafana-tempo-vulture/README.md +++ b/bitnami/grafana-tempo-vulture/README.md @@ -22,11 +22,17 @@ docker run --name grafana-tempo-vulture bitnami/grafana-tempo-vulture:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Grafana Tempo Vulture in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Grafana Tempo Vulture in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -56,7 +62,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -86,7 +92,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/grafana-tempo/2/debian-12/Dockerfile b/bitnami/grafana-tempo/2/debian-12/Dockerfile index 763c0bab80c00..be22d94b89c6a 100644 --- a/bitnami/grafana-tempo/2/debian-12/Dockerfile +++ b/bitnami/grafana-tempo/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T17:06:36Z" \ + org.opencontainers.image.created="2025-01-02T23:03:36Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/grafana-tempo/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.5.0-debian-12-r0" \ + org.opencontainers.image.ref.name="2.6.1-debian-12-r5" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/grafana-tempo" \ org.opencontainers.image.title="grafana-tempo" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.5.0" + org.opencontainers.image.version="2.6.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "grafana-tempo-2.5.0-0-linux-${OS_ARCH}-debian-12" \ + "grafana-tempo-2.6.1-3-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN chmod g+rwX /opt/bitnami RUN mkdir -p /bitnami/grafana-tempo && chmod g+rwX /bitnami/grafana-tempo RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="2.5.0" \ +ENV APP_VERSION="2.6.1" \ BITNAMI_APP_NAME="grafana-tempo" \ PATH="/opt/bitnami/grafana-tempo/bin:$PATH" diff --git a/bitnami/grafana-tempo/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/grafana-tempo/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 1148891b87db8..1b55281d1b6ca 100644 --- a/bitnami/grafana-tempo/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/grafana-tempo/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.5.0-0" + "version": "2.6.1-3" } } \ No newline at end of file diff --git a/bitnami/grafana-tempo/2/debian-12/tags-info.yaml b/bitnami/grafana-tempo/2/debian-12/tags-info.yaml index b5193bbe68811..3ded67fc17a27 100644 --- a/bitnami/grafana-tempo/2/debian-12/tags-info.yaml +++ b/bitnami/grafana-tempo/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.5.0 +- 2.6.1 - latest diff --git a/bitnami/grafana-tempo/README.md b/bitnami/grafana-tempo/README.md index 0c484e1907611..fc5e2c4716500 100644 --- a/bitnami/grafana-tempo/README.md +++ b/bitnami/grafana-tempo/README.md @@ -22,11 +22,17 @@ docker run --name grafana-tempo bitnami/grafana-tempo:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Grafana Tempo in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Grafana Tempo in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -56,7 +62,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -98,7 +104,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/grafana/10/README.md b/bitnami/grafana/10/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/grafana/10/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/grafana/10/debian-12/Dockerfile b/bitnami/grafana/10/debian-12/Dockerfile deleted file mode 100644 index 1299b8850d279..0000000000000 --- a/bitnami/grafana/10/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T14:46:15Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/grafana/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.4.3-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/grafana" \ - org.opencontainers.image.title="grafana" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.4.3" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libaudit1 libcap-ng0 libfontconfig libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "mysql-client-10.11.7-4-linux-${OS_ARCH}-debian-12" \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "grafana-10.4.3-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/grafana/postunpack.sh -ENV APP_VERSION="10.4.3" \ - BITNAMI_APP_NAME="grafana" \ - PATH="/opt/bitnami/mysql/bin:/opt/bitnami/common/bin:/opt/bitnami/grafana/bin:$PATH" - -EXPOSE 3000 - -WORKDIR /opt/bitnami/grafana -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/grafana/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/grafana/run.sh" ] diff --git a/bitnami/grafana/10/debian-12/docker-compose.yml b/bitnami/grafana/10/debian-12/docker-compose.yml deleted file mode 100644 index 3ce89762fa116..0000000000000 --- a/bitnami/grafana/10/debian-12/docker-compose.yml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - grafana: - image: docker.io/bitnami/grafana:10 - ports: - - '3000:3000' - environment: - - 'GF_SECURITY_ADMIN_PASSWORD=bitnami' - volumes: - - grafana_data:/opt/bitnami/grafana/data -volumes: - grafana_data: - driver: local diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 223a8b2a58b26..0000000000000 --- a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "grafana": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.4.3-0" - }, - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mysql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.11.7-4" - } -} \ No newline at end of file diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana-env.sh b/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana-env.sh deleted file mode 100644 index 6fe8b45453817..0000000000000 --- a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana-env.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for grafana - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-grafana}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -grafana_env_vars=( - GRAFANA_TMP_DIR - GRAFANA_PID_FILE - GRAFANA_DEFAULT_CONF_DIR - GRAFANA_DEFAULT_PLUGINS_DIR - GF_PATHS_HOME - GF_PATHS_CONFIG - GF_PATHS_DATA - GF_PATHS_LOGS - GF_PATHS_PLUGINS - GF_PATHS_PROVISIONING - GF_INSTALL_PLUGINS - GF_INSTALL_PLUGINS_SKIP_TLS - GF_FEATURE_TOGGLES - GRAFANA_MIGRATION_LOCK - GRAFANA_SLEEP_TIME - GRAFANA_RETRY_ATTEMPTS - GRAFANA_PLUGINS -) -for env_var in "${grafana_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset grafana_env_vars - -# Grafana paths -export GRAFANA_BASE_DIR="${BITNAMI_ROOT_DIR}/grafana" -export GRAFANA_BIN_DIR="${GRAFANA_BASE_DIR}/bin" -export GRAFANA_TMP_DIR="${GRAFANA_TMP_DIR:-${GRAFANA_BASE_DIR}/tmp}" -export GRAFANA_CONF_DIR="${GRAFANA_BASE_DIR}/conf" -export GRAFANA_PID_FILE="${GRAFANA_PID_FILE:-${GRAFANA_TMP_DIR}/grafana.pid}" -export PATH="${GRAFANA_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" -export GRAFANA_DEFAULT_CONF_DIR="${GRAFANA_DEFAULT_CONF_DIR:-${GRAFANA_BASE_DIR}/conf.default}" -export GRAFANA_DEFAULT_PLUGINS_DIR="${GRAFANA_DEFAULT_PLUGINS_DIR:-${GRAFANA_BASE_DIR}/default-plugins}" - -# System users (when running with a privileged user) -export GRAFANA_DAEMON_USER="grafana" -export GRAFANA_DAEMON_GROUP="grafana" - -# Grafana configuration -export GF_PATHS_HOME="${GF_PATHS_HOME:-$GRAFANA_BASE_DIR}" -export GF_PATHS_CONFIG="${GF_PATHS_CONFIG:-${GRAFANA_BASE_DIR}/conf/grafana.ini}" -export GF_PATHS_DATA="${GF_PATHS_DATA:-${GRAFANA_BASE_DIR}/data}" -export GF_PATHS_LOGS="${GF_PATHS_LOGS:-${GRAFANA_BASE_DIR}/logs}" -export GF_PATHS_PLUGINS="${GF_PATHS_PLUGINS:-${GF_PATHS_DATA}/plugins}" -export GF_PATHS_PROVISIONING="${GF_PATHS_PROVISIONING:-${GRAFANA_BASE_DIR}/conf/provisioning}" -GF_INSTALL_PLUGINS="${GF_INSTALL_PLUGINS:-"${GRAFANA_PLUGINS:-}"}" -export GF_INSTALL_PLUGINS="${GF_INSTALL_PLUGINS:-}" -export GF_INSTALL_PLUGINS_SKIP_TLS="${GF_INSTALL_PLUGINS_SKIP_TLS:-yes}" -export GF_FEATURE_TOGGLES="${GF_FEATURE_TOGGLES:-}" -export GF_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/grafana" -export GRAFANA_MIGRATION_LOCK="${GRAFANA_MIGRATION_LOCK:-false}" -export GRAFANA_SLEEP_TIME="${GRAFANA_SLEEP_TIME:-10}" -export GRAFANA_RETRY_ATTEMPTS="${GRAFANA_RETRY_ATTEMPTS:-12}" - -# Grafana Operator configuration -export GF_OP_PATHS_CONFIG="/etc/grafana/grafana.ini" -export GF_OP_PATHS_DATA="/var/lib/grafana" -export GF_OP_PATHS_LOGS="/var/log/grafana" -export GF_OP_PATHS_PROVISIONING="/etc/grafana/provisioning" -export GF_OP_PLUGINS_INIT_DIR="/opt/plugins" - -# Custom environment variables may be defined below diff --git a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/entrypoint.sh b/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/entrypoint.sh deleted file mode 100755 index c0e9e706f81be..0000000000000 --- a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/entrypoint.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Grafana environment -. /opt/bitnami/scripts/grafana-env.sh - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -function is_exec() { - # This checks if the first provided argument is executable or if only args was used - exec_in_path=$(builtin type -P "$1" 2> /dev/null) - if [[ -f "$1" && -x $(realpath "$1" 2> /dev/null) || -x $(realpath "$exec_in_path" 2> /dev/null) ]]; then - true; - else - false; - fi; -} - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/postgresql/conf) -debug "Copying files from $GRAFANA_DEFAULT_CONF_DIR to $GRAFANA_CONF_DIR" -cp -nr "$GRAFANA_DEFAULT_CONF_DIR"/. "$GRAFANA_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/grafana/run.sh" ]] || ! is_exec "$1"; then - # This catches the error-code from libgrafana.sh for the immediate exit when the grafana-operator is used. And ensure that the exit code is kept silently. - /opt/bitnami/scripts/grafana/setup.sh || GRAFANA_OPERATOR_IMMEDIATE_EXIT=$? - if [[ "${GRAFANA_OPERATOR_IMMEDIATE_EXIT:-0}" -eq 255 ]]; then - exit 0 - elif [[ "${GRAFANA_OPERATOR_IMMEDIATE_EXIT:-0}" -ne 0 ]]; then - exit "$GRAFANA_OPERATOR_IMMEDIATE_EXIT" - fi - /post-init.sh - info "** Grafana setup finished! **" -fi - -echo "" - -if is_exec "$1"; then - exec "$@" -else - exec "/opt/bitnami/scripts/grafana/run.sh" "$@" -fi diff --git a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/postunpack.sh b/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/postunpack.sh deleted file mode 100755 index 5f7eadfffed5d..0000000000000 --- a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/postunpack.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Grafana environment -. /opt/bitnami/scripts/grafana-env.sh - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libgrafana.sh - -info "Creating configuration file" -cp "${GRAFANA_BASE_DIR}/conf/sample.ini" "$(grafana_env_var_value PATHS_CONFIG)" - -info "Creating system user" -ensure_user_exists "$GRAFANA_DAEMON_USER" --group "$GRAFANA_DAEMON_GROUP" --system - -info "Configuring file permissions" -for dir in "$(grafana_env_var_value PATHS_DATA)" "$(grafana_env_var_value PATHS_LOGS)" "$(grafana_env_var_value PATHS_PLUGINS)" "$(grafana_env_var_value PATHS_PROVISIONING)" "$(grafana_env_var_value VOLUME_DIR)" "${GRAFANA_DEFAULT_CONF_DIR}"; do - ensure_dir_exists "$dir" - # Use grafana:root ownership for compatibility when running as a non-root user - configure_permissions_ownership "$dir" -d "775" -f "664" -u "$GRAFANA_DAEMON_USER" -g "root" -done - -# Use grafana:root ownership for compatibility when running as a non-root user -configure_permissions_ownership "$(grafana_env_var_value PATHS_CONFIG)" -f "664" -u "$GRAFANA_DAEMON_USER" -g "root" - -# Ensure permissions to parent directories of configs -# Used when replacing configs with symlinks for grafana-operator compatibility -for dir in "$(grafana_env_var_value PATHS_CONFIG)" "$(grafana_env_var_value PATHS_DATA)" "$(grafana_env_var_value PATHS_LOGS)" "$(grafana_env_var_value PATHS_PROVISIONING)"; do - chmod 775 "$(dirname "$dir")" -done - -# Install well-known plugins -grafana_plugin_list=( - "grafana-clock-panel" - "grafana-piechart-panel" - "michaeldmoore-annunciator-panel" - "briangann-gauge-panel" - "briangann-datatable-panel" - "jdbranham-diagram-panel" - "natel-discrete-panel" - "digiapulssi-organisations-panel" - "vonage-status-panel" - "neocat-cal-heatmap-panel" - "agenty-flowcharting-panel" - "larona-epict-panel" - "pierosavi-imageit-panel" - "michaeldmoore-multistat-panel" - "grafana-polystat-panel" - "scadavis-synoptic-panel" - "marcuscalidus-svg-panel" - "snuids-trafficlights-panel" -) -for plugin in "${grafana_plugin_list[@]}"; do - info "Installing ${plugin} plugin" - grafana cli --pluginsDir "$(grafana_env_var_value PATHS_PLUGINS)" plugins install "$plugin" -done - -# The Grafana Helm chart mounts the data directory at "/opt/bitnami/grafana/data" -# Therefore, all the plugins installed when building the image will be lost -# As a workaround, we can move them to a "default-plugins" directory and recover them -# during the 1st boot of the container -ensure_dir_exists "$GRAFANA_DEFAULT_PLUGINS_DIR" -mv "$(grafana_env_var_value PATHS_PLUGINS)"/* "$GRAFANA_DEFAULT_PLUGINS_DIR" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "$GRAFANA_CONF_DIR"/* "$GRAFANA_DEFAULT_CONF_DIR" diff --git a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/run.sh b/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/run.sh deleted file mode 100755 index 3c5cef524ad26..0000000000000 --- a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/run.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Grafana environment -. /opt/bitnami/scripts/grafana-env.sh - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -declare cmd="grafana" -declare -a args=( - # Based on https://github.com/grafana/grafana/blob/v8.2.5/packaging/docker/run.sh - "server" - "--homepath=${GF_PATHS_HOME}" - "--config=${GF_PATHS_CONFIG}" - "--pidfile=${GRAFANA_PID_FILE}" - "--packaging=docker" - "$@" - "cfg:default.log.mode=console" - "cfg:default.paths.data=${GF_PATHS_DATA}" - "cfg:default.paths.logs=${GF_PATHS_LOGS}" - "cfg:default.paths.plugins=${GF_PATHS_PLUGINS}" - "cfg:default.paths.provisioning=${GF_PATHS_PROVISIONING}" -) - -cd "$GRAFANA_BASE_DIR" - -info "** Starting Grafana **" -if am_i_root; then - exec_as_user "$GRAFANA_DAEMON_USER" "$cmd" "${args[@]}" -else - exec "$cmd" "${args[@]}" -fi diff --git a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/setup.sh b/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/setup.sh deleted file mode 100755 index c6efe21857ebc..0000000000000 --- a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/grafana/setup.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Grafana environment -. /opt/bitnami/scripts/grafana-env.sh - -# Load MySQL Client environment for 'mysql_remote_execute' (after 'grafana-env.sh' so that MODULE is not set to a wrong value) -if [[ -f /opt/bitnami/scripts/mysql-client-env.sh ]]; then - . /opt/bitnami/scripts/mysql-client-env.sh -elif [[ -f /opt/bitnami/scripts/mysql-env.sh ]]; then - . /opt/bitnami/scripts/mysql-env.sh -elif [[ -f /opt/bitnami/scripts/mariadb-env.sh ]]; then - . /opt/bitnami/scripts/mariadb-env.sh -fi - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libgrafana.sh - -# Ensure Grafana environment variables are valid -grafana_validate - -# Ensure Grafana is initialized -grafana_initialize diff --git a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/libgrafana.sh b/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/libgrafana.sh deleted file mode 100644 index 4ca82f5988be3..0000000000000 --- a/bitnami/grafana/10/debian-12/rootfs/opt/bitnami/scripts/libgrafana.sh +++ /dev/null @@ -1,387 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Grafana library - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Load database library -if [[ -f /opt/bitnami/scripts/libmysqlclient.sh ]]; then - . /opt/bitnami/scripts/libmysqlclient.sh -elif [[ -f /opt/bitnami/scripts/libmysql.sh ]]; then - . /opt/bitnami/scripts/libmysql.sh -elif [[ -f /opt/bitnami/scripts/libmariadb.sh ]]; then - . /opt/bitnami/scripts/libmariadb.sh -fi - -######################## -# Print the value of a Grafana environment variable -# Globals: -# GF_* -# GRAFANA_CFG_* -# Arguments: -# None -# Returns: -# The value in the environment variable -######################### -grafana_env_var_value() { - local -r name="${1:?missing name}" - local gf_env_var="GF_${name}" - local grafana_cfg_env_var="GRAFANA_CFG_${name}" - if [[ -n "${!gf_env_var:-}" ]]; then - echo "${!gf_env_var:-}" - elif [[ -n "${!grafana_cfg_env_var}" ]]; then - echo "${!grafana_cfg_env_var:-}" - else - error "${gf_env_var} or ${grafana_cfg_env_var} must be set" - fi -} - -######################## -# Validate settings in GRAFANA_* env vars -# Globals: -# GRAFANA_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -grafana_validate() { - debug "Validating settings in GRAFANA_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_path_exists() { - if [[ ! -e "$1" ]]; then - print_validation_error "The directory ${1} does not exist" - fi - } - - # Validate user inputs - [[ -e "$GF_OP_PATHS_CONFIG" ]] || check_path_exists "$(grafana_env_var_value PATHS_CONFIG)" - [[ -e "$GF_OP_PATHS_DATA" ]] || check_path_exists "$(grafana_env_var_value PATHS_DATA)" - [[ -e "$GF_OP_PATHS_LOGS" ]] || check_path_exists "$(grafana_env_var_value PATHS_LOGS)" - [[ -e "$GF_OP_PATHS_PROVISIONING" ]] || check_path_exists "$(grafana_env_var_value PATHS_PROVISIONING)" - - return "$error_code" -} - -######################## -# Ensure Grafana is initialized -# Globals: -# GRAFANA_* -# Arguments: -# None -# Returns: -# None -######################### -grafana_initialize() { - # Ensure compatibility with Grafana Operator - local grafana_var grafana_operator_var - for path_suffix in "config" "data" "logs" "provisioning"; do - grafana_var="GF_PATHS_${path_suffix^^}" - grafana_operator_var="GF_OP_PATHS_${path_suffix^^}" - if [[ -e "${!grafana_operator_var}" && "${!grafana_operator_var}" != "${!grafana_var}" ]]; then - info "Ensuring ${!grafana_operator_var} points to ${!grafana_var}" - rm -rf "${!grafana_var}" - ln -sfn "${!grafana_operator_var}" "${!grafana_var}" - fi - done - - if am_i_root; then - for dir in "$GF_PATHS_DATA" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS"; do - is_mounted_dir_empty "$dir" && configure_permissions_ownership "$dir" -d "775" -f "664" -u "$GRAFANA_DAEMON_USER" - done - fi - - # Install plugins in a Grafana operator-compatible environment, useful to for starting the image as an init container - # Based on https://github.com/grafana-operator/grafana-operator/blob/master/controllers/grafana/pluginsHelper.go - if [[ -d "$GF_OP_PLUGINS_INIT_DIR" ]]; then - info "Detected mounted plugins directory at '${GF_OP_PLUGINS_INIT_DIR}'. The container will exit after installing plugins as grafana-operator." - if [[ -n "$GF_INSTALL_PLUGINS" ]]; then - GF_PATHS_PLUGINS="$GF_OP_PLUGINS_INIT_DIR" grafana_install_plugins - else - warn "There are no plugins to install" - fi - return 255 - fi - - # Recover plugins installed when building the image - if [[ ! -e "$(grafana_env_var_value PATHS_PLUGINS)" ]] || [[ -z "$(ls -A "$(grafana_env_var_value PATHS_PLUGINS)")" ]]; then - mkdir -p "$(grafana_env_var_value PATHS_PLUGINS)" - if [[ -e "$GRAFANA_DEFAULT_PLUGINS_DIR" ]] && [[ -n "$(ls -A "$GRAFANA_DEFAULT_PLUGINS_DIR")" ]]; then - cp -r "$GRAFANA_DEFAULT_PLUGINS_DIR"/* "$(grafana_env_var_value PATHS_PLUGINS)" - fi - fi - - # Configure configuration file based on environment variables - grafana_configure_from_environment_variables - - # Install plugins - grafana_install_plugins - - # Configure Grafana feature toggles - ! is_empty_value "$GF_FEATURE_TOGGLES" && grafana_conf_set "feature_toggles" "enable" "$GF_FEATURE_TOGGLES" - - # If using an external database, avoid nodes collition during migration - if is_boolean_yes "$GRAFANA_MIGRATION_LOCK"; then - grafana_migrate_db - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Runs Grafana migration using a database lock to avoid collision with other Grafana nodes -# If database is locked, wait until unlocked and continue. Otherwise, run Grafana to perform migration. -# Globals: -# GRAFANA_CFG_* -# Arguments: -# None -# Returns: -# None -######################### -grafana_migrate_db() { - local -r db_host="${GRAFANA_CFG_DATABASE_HOST:-mysql}" - local -r db_port="${GRAFANA_CFG_DATABASE_PORT:-3306}" - local -r db_name="${GRAFANA_CFG_DATABASE_NAME:-}" - local -r db_user="${GRAFANA_CFG_DATABASE_USER:-}" - local -r db_pass="${GRAFANA_CFG_DATABASE_PASSWORD:-}" - - local -r grafana_host="${GRAFANA_CFG_SERVER_HTTP_ADDR:-localhost}" - local -r grafana_port="${GRAFANA_CFG_SERVER_HTTP_PORT:-3000}" - local -r grafana_protocol="${GRAFANA_CFG_SERVER_PROTOCOL:-http}" - - local -r sleep_time="${GRAFANA_SLEEP_TIME:-5}" - local -r retries="${GRAFANA_RETRY_ATTEMPTS:-12}" - - lock_db() { - debug_execute mysql_remote_execute_print_output "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" <> "$NGINX_CONF_FILE" < Hubble Relay collects eBPF-based visibility data from every running Hubble server in a cluster by connecting to their respective gRPC APIs and providing an unique API that represents all of them. -[Overview of Hubble](https://cilium.io/) +[Overview of Hubble Relay](https://cilium.io/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. ## TL;DR -This container is part of the [Hubble chart](https://github.com/bitnami/charts/tree/main/bitnami/hubble) that is primarily intended to be deployed in Kubernetes. +This container is part of the [Cilium chart](https://github.com/bitnami/charts/tree/main/bitnami/cilium) that is primarily intended to be deployed in Kubernetes. ```console docker run --name hubble-relay bitnami/hubble-relay:latest @@ -24,21 +24,27 @@ docker run --name hubble-relay bitnami/hubble-relay:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Hubble Relay in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Hubble Relay in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. -## How to deploy Hubble in Kubernetes? +## How to deploy Hubble Relay in Kubernetes? -Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami Hubble Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/harbor). +Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami Cilium Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/cilium). Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -76,7 +82,7 @@ To run commands inside this container you can use `docker run`, for example to e docker run --rm --name hubble-relay bitnami/hubble-relay:latest help ``` -Check the [official Hubble documentation](https://docs.cilium.io/en/stable/internals/hubble/) for more information about configuration options. +Check the [official Hubble Relay documentation](https://docs.cilium.io/en/stable/internals/hubble/) for more information about configuration options. ## Contributing diff --git a/bitnami/hubble-relay/docker-compose.yml b/bitnami/hubble-relay/docker-compose.yml index 40fb910ef0b0e..9e3cd23a59d53 100644 --- a/bitnami/hubble-relay/docker-compose.yml +++ b/bitnami/hubble-relay/docker-compose.yml @@ -1,9 +1,7 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 - -version: "2" - + services: - hubble: + hubble-relay: image: docker.io/bitnami/hubble-relay:1 container_name: hubble-relay diff --git a/bitnami/hubble-ui-backend/0/debian-12/Dockerfile b/bitnami/hubble-ui-backend/0/debian-12/Dockerfile index bbeced15c58e2..92bb9ec2edd2f 100644 --- a/bitnami/hubble-ui-backend/0/debian-12/Dockerfile +++ b/bitnami/hubble-ui-backend/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T11:42:23Z" \ + org.opencontainers.image.created="2025-01-02T23:41:50Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/hubble-ui-backend/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.13.0-debian-12-r0" \ + org.opencontainers.image.ref.name="0.13.1-debian-12-r17" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/hubble-ui-backend" \ org.opencontainers.image.title="hubble-ui-backend" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.13.0" + org.opencontainers.image.version="0.13.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "hubble-ui-backend-0.13.0-0-linux-${OS_ARCH}-debian-12" \ + "gops-0.3.28-11-linux-${OS_ARCH}-debian-12" \ + "hubble-ui-backend-0.13.1-10-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,9 +47,9 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="0.13.0" \ +ENV APP_VERSION="0.13.1" \ BITNAMI_APP_NAME="hubble-ui-backend" \ - PATH="/opt/bitnami/hubble-ui-backend/bin:$PATH" + PATH="/opt/bitnami/common/bin:/opt/bitnami/hubble-ui-backend/bin:$PATH" EXPOSE 8090 diff --git a/bitnami/hubble-ui-backend/0/debian-12/docker-compose.yml b/bitnami/hubble-ui-backend/0/debian-12/docker-compose.yml index 7e34cbcd68464..95bd5a30c77a9 100644 --- a/bitnami/hubble-ui-backend/0/debian-12/docker-compose.yml +++ b/bitnami/hubble-ui-backend/0/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 - -version: "2" - + services: hubble-ui-backend: image: docker.io/bitnami/hubble-ui-backend:0 diff --git a/bitnami/hubble-ui-backend/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/hubble-ui-backend/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 16d4a88967ff6..8557a902c305a 100644 --- a/bitnami/hubble-ui-backend/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/hubble-ui-backend/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -1,8 +1,14 @@ { + "gops": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "0.3.28-11" + }, "hubble-ui-backend": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.13.0-0" + "version": "0.13.1-10" } } \ No newline at end of file diff --git a/bitnami/hubble-ui-backend/0/debian-12/tags-info.yaml b/bitnami/hubble-ui-backend/0/debian-12/tags-info.yaml index 3e31067460f28..a29895df75fb2 100644 --- a/bitnami/hubble-ui-backend/0/debian-12/tags-info.yaml +++ b/bitnami/hubble-ui-backend/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.13.0 +- 0.13.1 - latest diff --git a/bitnami/hubble-ui-backend/README.md b/bitnami/hubble-ui-backend/README.md index de4b8b4bc09d0..31c2d2d1088ea 100644 --- a/bitnami/hubble-ui-backend/README.md +++ b/bitnami/hubble-ui-backend/README.md @@ -22,15 +22,21 @@ docker run --name hubble-ui-backend bitnami/hubble-ui-backend:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Hubble UI Backend in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Hubble UI Backend in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -74,7 +80,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/hubble-ui-backend/docker-compose.yml b/bitnami/hubble-ui-backend/docker-compose.yml index 7e34cbcd68464..95bd5a30c77a9 100644 --- a/bitnami/hubble-ui-backend/docker-compose.yml +++ b/bitnami/hubble-ui-backend/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 - -version: "2" - + services: hubble-ui-backend: image: docker.io/bitnami/hubble-ui-backend:0 diff --git a/bitnami/hubble-ui/0/debian-12/Dockerfile b/bitnami/hubble-ui/0/debian-12/Dockerfile index 9608f5ff29214..e4a5974bf77d6 100644 --- a/bitnami/hubble-ui/0/debian-12/Dockerfile +++ b/bitnami/hubble-ui/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T11:44:15Z" \ + org.opencontainers.image.created="2025-01-08T21:38:34Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/hubble-ui/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.13.0-debian-12-r0" \ + org.opencontainers.image.ref.name="0.13.1-debian-12-r12" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/hubble-ui" \ org.opencontainers.image.title="hubble-ui" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.13.0" + org.opencontainers.image.version="0.13.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,14 +29,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl gettext libcrypt1 libgeoip1 libpcre3 libssl3 openssl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "nginx-1.26.0-1-linux-${OS_ARCH}-debian-12" \ - "hubble-ui-0.13.0-1-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "nginx-1.27.3-3-linux-${OS_ARCH}-debian-12" \ + "hubble-ui-0.13.1-2-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -53,7 +54,7 @@ COPY rootfs / RUN /opt/bitnami/scripts/nginx/postunpack.sh RUN rm -rf /app && \ ln -sf /opt/bitnami/hubble-ui/public /app -ENV APP_VERSION="0.13.0" \ +ENV APP_VERSION="0.13.1" \ BITNAMI_APP_NAME="hubble-ui" \ NGINX_HTTPS_PORT_NUMBER="" \ NGINX_HTTP_PORT_NUMBER="" \ diff --git a/bitnami/hubble-ui/0/debian-12/docker-compose.yml b/bitnami/hubble-ui/0/debian-12/docker-compose.yml index b93d50a4860ac..733b81f0beada 100644 --- a/bitnami/hubble-ui/0/debian-12/docker-compose.yml +++ b/bitnami/hubble-ui/0/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 - -version: "2" - + services: hubble-ui: image: docker.io/bitnami/hubble-ui:0 diff --git a/bitnami/hubble-ui/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/hubble-ui/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index b4ed4eff1140e..fb2e670a10182 100644 --- a/bitnami/hubble-ui/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/hubble-ui/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.13.0-1" + "version": "0.13.1-2" }, "nginx": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.26.0-1" + "version": "1.27.3-3" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" } } \ No newline at end of file diff --git a/bitnami/hubble-ui/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/hubble-ui/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/hubble-ui/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/hubble-ui/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/hubble-ui/0/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh b/bitnami/hubble-ui/0/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh index c36866212b9be..e7f0bfe83a0e1 100644 --- a/bitnami/hubble-ui/0/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh +++ b/bitnami/hubble-ui/0/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh @@ -208,6 +208,17 @@ nginx_initialize() { fi nginx_configure "absolute_redirect" "$(is_boolean_yes "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && echo "on" || echo "off" )" nginx_configure "port_in_redirect" "$(is_boolean_yes "$NGINX_ENABLE_PORT_IN_REDIRECT" && echo "on" || echo "off" )" + # Stream configuration + if is_boolean_yes "$NGINX_ENABLE_STREAM" && + is_file_writable "$NGINX_CONF_FILE" && + ! grep -q "include \"$NGINX_STREAM_SERVER_BLOCKS_DIR" "$NGINX_CONF_FILE"; then + cat >> "$NGINX_CONF_FILE" < The Hyperledger Fabric CA is an identity manager in a Fabric blockchain. Hyperledger Fabric is the open-source permissioned blockchain framework. + +[Overview of Hyperledger Fabric CA](https://www.hyperledger.org/projects/fabric) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name hyperledger-fabric-ca bitnami/hyperledger-fabric-ca:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Hyperledger Fabric CA in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Hyperledger Fabric CA Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/hyperledger-fabric-ca). + +```console +docker pull bitnami/hyperledger-fabric-ca:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/hyperledger-fabric-ca/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/hyperledger-fabric-ca:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `fabric-ca-server start` you can follow below example + +```console +docker run --name git bitnami/hyperledger-fabric-ca:latest fabric-ca-server start +``` + +Read the [official Hyperledger Fabric documentation](https://hyperledger-fabric.readthedocs.io/en/latest/commands/fabric-ca-commands.html) documentation for the list of available commands. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/hyperledger-fabric-orderer/2/README.md b/bitnami/hyperledger-fabric-orderer/2/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/hyperledger-fabric-orderer/2/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/hyperledger-fabric-orderer/3/debian-12/Dockerfile b/bitnami/hyperledger-fabric-orderer/3/debian-12/Dockerfile new file mode 100644 index 0000000000000..4015970495352 --- /dev/null +++ b/bitnami/hyperledger-fabric-orderer/3/debian-12/Dockerfile @@ -0,0 +1,58 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-02T23:53:24Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/hyperledger-fabric-orderer/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="3.0.0-debian-12-r6" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/hyperledger-fabric-orderer" \ + org.opencontainers.image.title="hyperledger-fabric-orderer" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="3.0.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "hyperledger-fabric-orderer-3.0.0-4-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN mkdir /opt/bitnami/hyperledger-fabric-orderer/var && chmod g+rwX /opt/bitnami/hyperledger-fabric-orderer/var && ln -s /opt/bitnami/hyperledger-fabric-orderer/var /var/hyperledger && mkdir -p /etc/hyperledger && ln -s /opt/bitnami/hyperledger-fabric-orderer/etc /etc/hyperledger/fabric && echo "hosts: files dns" > /etc/nsswitch.conf +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +ENV APP_VERSION="3.0.0" \ + BITNAMI_APP_NAME="hyperledger-fabric-orderer" \ + FABRIC_CFG_PATH="/opt/bitnami/hyperledger-fabric-orderer/etc" \ + PATH="/opt/bitnami/hyperledger-fabric-orderer/bin:$PATH" + +EXPOSE 7050 + +USER 1001 +CMD [ "orderer", "start" ] diff --git a/bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..b8086f7734516 --- /dev/null +++ b/bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "hyperledger-fabric-orderer": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "3.0.0-4" + } +} \ No newline at end of file diff --git a/bitnami/envoy/1.27/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/envoy/1.27/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/envoy/1.27/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/envoy/1.27/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/envoy/1.27/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/envoy/1.27/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/hyperledger-fabric-orderer/3/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/hyperledger-fabric-orderer/3/debian-12/tags-info.yaml b/bitnami/hyperledger-fabric-orderer/3/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..93635c7a7f7f6 --- /dev/null +++ b/bitnami/hyperledger-fabric-orderer/3/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "3" +- 3-debian-12 +- 3.0.0 +- latest diff --git a/bitnami/hyperledger-fabric-orderer/README.md b/bitnami/hyperledger-fabric-orderer/README.md new file mode 100644 index 0000000000000..d28ae10569ad4 --- /dev/null +++ b/bitnami/hyperledger-fabric-orderer/README.md @@ -0,0 +1,97 @@ +# Bitnami package for Hyperledger Fabric Orderer + +## What is Hyperledger Fabric Orderer? + +> Hyperledger Fabric Orderer is responsible for transactions inside a Fabric blockchain. Hyperledger Fabric is the open-source permissioned blockchain framework. + +[Overview of Hyperledger Fabric Orderer](https://www.hyperledger.org/projects/fabric) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name hyperledger-fabric-orderer bitnami/hyperledger-fabric-orderer:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Hyperledger Fabric Orderer in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Hyperledger Fabric Orderer Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/hyperledger-fabric-orderer). + +```console +docker pull bitnami/hyperledger-fabric-orderer:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/hyperledger-fabric-orderer/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/hyperledger-fabric-orderer:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `peer version` you can follow below example + +```console +docker run --name git bitnami/hyperledger-fabric-orderer:latest peer version +``` + +Read the [official Hyperledger Fabric documentation](https://hyperledger-fabric.readthedocs.io/en/latest/command_ref.html) documentation for the list of available commands. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/hyperledger-fabric-peer/2/README.md b/bitnami/hyperledger-fabric-peer/2/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/hyperledger-fabric-peer/2/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/hyperledger-fabric-peer/3/debian-12/Dockerfile b/bitnami/hyperledger-fabric-peer/3/debian-12/Dockerfile new file mode 100644 index 0000000000000..e8377efe12bd7 --- /dev/null +++ b/bitnami/hyperledger-fabric-peer/3/debian-12/Dockerfile @@ -0,0 +1,58 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-02T23:59:20Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/hyperledger-fabric-peer/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="3.0.0-debian-12-r6" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/hyperledger-fabric-peer" \ + org.opencontainers.image.title="hyperledger-fabric-peer" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="3.0.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "hyperledger-fabric-peer-3.0.0-4-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN mkdir /opt/bitnami/hyperledger-fabric-peer/var && chmod g+rwX /opt/bitnami/hyperledger-fabric-peer/var && ln -s /opt/bitnami/hyperledger-fabric-peer/var /var/hyperledger && mkdir -p /etc/hyperledger && ln -s /opt/bitnami/hyperledger-fabric-peer/etc /etc/hyperledger/fabric && echo "hosts: files dns" > /etc/nsswitch.conf +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +ENV APP_VERSION="3.0.0" \ + BITNAMI_APP_NAME="hyperledger-fabric-peer" \ + FABRIC_CFG_PATH="/opt/bitnami/hyperledger-fabric-peer/etc" \ + PATH="/opt/bitnami/hyperledger-fabric-peer/bin:$PATH" + +EXPOSE 7051 + +USER 1001 +CMD [ "peer", "node", "start" ] diff --git a/bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..a85e9341fe568 --- /dev/null +++ b/bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "hyperledger-fabric-peer": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "3.0.0-4" + } +} \ No newline at end of file diff --git a/bitnami/envoy/1.28/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/envoy/1.28/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/envoy/1.28/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/envoy/1.28/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/envoy/1.28/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/envoy/1.28/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/hyperledger-fabric-peer/3/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/hyperledger-fabric-peer/3/debian-12/tags-info.yaml b/bitnami/hyperledger-fabric-peer/3/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..93635c7a7f7f6 --- /dev/null +++ b/bitnami/hyperledger-fabric-peer/3/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "3" +- 3-debian-12 +- 3.0.0 +- latest diff --git a/bitnami/hyperledger-fabric-peer/README.md b/bitnami/hyperledger-fabric-peer/README.md new file mode 100644 index 0000000000000..f61c153ddb6c9 --- /dev/null +++ b/bitnami/hyperledger-fabric-peer/README.md @@ -0,0 +1,97 @@ +# Bitnami package for Hyperledger Fabric Peer + +## What is Hyperledger Fabric Peer? + +> Hyperledger Fabric Peer is a server that part of a network of peer nodes that make up a Fabric blockchain. Hyperledger Fabric is the open-source permissioned blockchain framework. + +[Overview of Hyperledger Fabric Peer](https://www.hyperledger.org/projects/fabric) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name hyperledger-fabric-peer bitnami/hyperledger-fabric-peer:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Hyperledger Fabric Peer in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Hyperledger Fabric Peer Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/hyperledger-fabric-peer). + +```console +docker pull bitnami/hyperledger-fabric-peer:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/hyperledger-fabric-peer/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/hyperledger-fabric-peer:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `peer version` you can follow below example + +```console +docker run --name git bitnami/hyperledger-fabric-peer:latest peer version +``` + +Read the [official Hyperledger Fabric documentation](https://hyperledger-fabric.readthedocs.io/en/latest/command_ref.html) documentation for the list of available commands. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/hyperledger-fabric-tools/2/README.md b/bitnami/hyperledger-fabric-tools/2/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/hyperledger-fabric-tools/2/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/hyperledger-fabric-tools/3/debian-12/Dockerfile b/bitnami/hyperledger-fabric-tools/3/debian-12/Dockerfile new file mode 100644 index 0000000000000..2dcbec8bc08fe --- /dev/null +++ b/bitnami/hyperledger-fabric-tools/3/debian-12/Dockerfile @@ -0,0 +1,55 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-03T00:15:01Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/hyperledger-fabric-tools/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="3.0.0-debian-12-r6" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/hyperledger-fabric-tools" \ + org.opencontainers.image.title="hyperledger-fabric-tools" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="3.0.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "golang-1.23.4-0-linux-${OS_ARCH}-debian-12" \ + "hyperledger-fabric-tools-3.0.0-4-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN mkdir /opt/bitnami/hyperledger-fabric-tools/var && chmod g+rw /opt/bitnami/hyperledger-fabric-tools/var && ln -s /opt/bitnami/hyperledger-fabric-tools/var /var/hyperledger && mkdir -p /etc/hyperledger && ln -s /opt/bitnami/hyperledger-fabric-tools/etc /etc/hyperledger/fabric && echo "hosts: files dns" > /etc/nsswitch.conf +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +ENV APP_VERSION="3.0.0" \ + BITNAMI_APP_NAME="hyperledger-fabric-tools" \ + PATH="/go/bin:/opt/bitnami/go/bin:/opt/bitnami/hyperledger-fabric-tools/bin:$PATH" + +USER 1001 diff --git a/bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..78b0dac1029c7 --- /dev/null +++ b/bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "golang": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.23.4-0" + }, + "hyperledger-fabric-tools": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "3.0.0-4" + } +} \ No newline at end of file diff --git a/bitnami/envoy/1.29/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/envoy/1.29/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/envoy/1.29/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/envoy/1.29/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/envoy/1.29/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/envoy/1.29/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/hyperledger-fabric-tools/3/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/hyperledger-fabric-tools/3/debian-12/tags-info.yaml b/bitnami/hyperledger-fabric-tools/3/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..93635c7a7f7f6 --- /dev/null +++ b/bitnami/hyperledger-fabric-tools/3/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "3" +- 3-debian-12 +- 3.0.0 +- latest diff --git a/bitnami/hyperledger-fabric-tools/README.md b/bitnami/hyperledger-fabric-tools/README.md new file mode 100644 index 0000000000000..ba6ecd5ed48ae --- /dev/null +++ b/bitnami/hyperledger-fabric-tools/README.md @@ -0,0 +1,97 @@ +# Bitnami package for Hyperledger Fabric Tools + +## What is Hyperledger Fabric Tools? + +> Hyperledger Fabric Tools is a set of tools for Hyperledger Fabric, the open-source permissioned blockchain framework. + +[Overview of Hyperledger Fabric Tools](https://www.hyperledger.org/projects/fabric) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name hyperledger-fabric-tools bitnami/hyperledger-fabric-tools:latest +``` + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use Hyperledger Fabric Tools in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami Hyperledger Fabric Tools Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/hyperledger-fabric-tools). + +```console +docker pull bitnami/hyperledger-fabric-tools:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/hyperledger-fabric-tools/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/hyperledger-fabric-tools:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Configuration + +### Running commands + +To run commands inside this container you can use `docker run`, for example to execute `configtxgen -version` you can follow below example + +```console +docker run --name git bitnami/hyperledger-fabric-tools:latest configtxgen -version +``` + +Read the [official Hyperledger Fabric documentation](https://hyperledger-fabric.readthedocs.io/en/latest/command_ref.html) documentation for the list of available commands. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/influxdb/2/debian-12/Dockerfile b/bitnami/influxdb/2/debian-12/Dockerfile index a6883a0ce7769..305334f498ee1 100644 --- a/bitnami/influxdb/2/debian-12/Dockerfile +++ b/bitnami/influxdb/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-30T10:11:11Z" \ + org.opencontainers.image.created="2025-01-03T00:09:56Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/influxdb/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.7.6-debian-12-r11" \ + org.opencontainers.image.ref.name="2.7.11-debian-12-r2" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/influxdb" \ org.opencontainers.image.title="influxdb" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.7.6" + org.opencontainers.image.version="2.7.11" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libgcc-s1 procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "influxdb-2.7.6-7-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "influxdb-2.7.11-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/influxdb/postunpack.sh -ENV APP_VERSION="2.7.6" \ +ENV APP_VERSION="2.7.11" \ BITNAMI_APP_NAME="influxdb" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/influxdb/bin:$PATH" diff --git a/bitnami/influxdb/2/debian-12/docker-compose.yml b/bitnami/influxdb/2/debian-12/docker-compose.yml index 8bb8e3e369d12..d41d0c09421fb 100644 --- a/bitnami/influxdb/2/debian-12/docker-compose.yml +++ b/bitnami/influxdb/2/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: influxdb: image: docker.io/bitnami/influxdb:2 diff --git a/bitnami/influxdb/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/influxdb/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index d80275bab4384..8d34e4c03fe3f 100644 --- a/bitnami/influxdb/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/influxdb/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.7.6-7" + "version": "2.7.11-1" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/influxdb/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/influxdb/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/influxdb/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/influxdb/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/influxdb/2/debian-12/tags-info.yaml b/bitnami/influxdb/2/debian-12/tags-info.yaml index c4179bcf7ed3b..070df3461757d 100644 --- a/bitnami/influxdb/2/debian-12/tags-info.yaml +++ b/bitnami/influxdb/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.7.6 +- 2.7.11 - latest diff --git a/bitnami/influxdb/README.md b/bitnami/influxdb/README.md index aa527d56f51c2..0c75f948b0a6f 100644 --- a/bitnami/influxdb/README.md +++ b/bitnami/influxdb/README.md @@ -22,7 +22,7 @@ docker run --name influxdb bitnami/influxdb:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use InfluxDB™ in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use InfluxDB™ in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy InfluxDB (TM) in Kubernetes? @@ -30,9 +30,15 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -490,7 +496,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/influxdb/docker-compose.yml b/bitnami/influxdb/docker-compose.yml index 8bb8e3e369d12..d41d0c09421fb 100644 --- a/bitnami/influxdb/docker-compose.yml +++ b/bitnami/influxdb/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: influxdb: image: docker.io/bitnami/influxdb:2 diff --git a/bitnami/jaeger/1/README.md b/bitnami/jaeger/1/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/jaeger/1/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/jaeger/1/debian-12/Dockerfile b/bitnami/jaeger/1/debian-12/Dockerfile deleted file mode 100644 index 9c3ca5bf7a50b..0000000000000 --- a/bitnami/jaeger/1/debian-12/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T20:19:45Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jaeger/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.57.0-debian-12-r4" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jaeger" \ - org.opencontainers.image.title="jaeger" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.57.0" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "jaeger-1.57.0-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -ENV APP_VERSION="1.57.0" \ - BITNAMI_APP_NAME="jaeger" \ - PATH="/opt/bitnami/jaeger/bin:$PATH" - -WORKDIR /opt/bitnami/jaeger -USER 1001 -ENTRYPOINT [ "/opt/bitnami/jaeger/bin/jaeger-all-in-one" ] diff --git a/bitnami/jaeger/1/debian-12/docker-compose.yml b/bitnami/jaeger/1/debian-12/docker-compose.yml deleted file mode 100644 index 3b2b092c2c570..0000000000000 --- a/bitnami/jaeger/1/debian-12/docker-compose.yml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - jaeger: - image: docker.io/bitnami/jaeger:1 - ports: - - 6831:6831 - - 6832:6832 - - 5778:5778 - - 16686:16686 - - 4317:4317 - - 4318:4318 - - 14250:14250 - - 14268:14268 - - 14269:14269 - - 9411:9411 - environment: - - COLLECTOR_ZIPKIN_HOST_PORT=:9411 - - COLLECTOR_OTLP_ENABLED=true diff --git a/bitnami/jaeger/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jaeger/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index cada70d575de1..0000000000000 --- a/bitnami/jaeger/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "jaeger": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.57.0-2" - } -} \ No newline at end of file diff --git a/bitnami/jaeger/1/debian-12/tags-info.yaml b/bitnami/jaeger/1/debian-12/tags-info.yaml deleted file mode 100644 index 3718e1ac3e205..0000000000000 --- a/bitnami/jaeger/1/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "1" -- 1-debian-12 -- 1.57.0 -- latest diff --git a/bitnami/jaeger/2/debian-12/Dockerfile b/bitnami/jaeger/2/debian-12/Dockerfile new file mode 100644 index 0000000000000..b1f69f524bcec --- /dev/null +++ b/bitnami/jaeger/2/debian-12/Dockerfile @@ -0,0 +1,55 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-08T01:50:37Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jaeger/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="2.2.0-debian-12-r0" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jaeger" \ + org.opencontainers.image.title="jaeger" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="2.2.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "jaeger-2.2.0-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +ENV APP_VERSION="2.2.0" \ + BITNAMI_APP_NAME="jaeger" \ + PATH="/opt/bitnami/jaeger/bin:$PATH" + +WORKDIR /opt/bitnami/jaeger +USER 1001 +ENTRYPOINT [ "/opt/bitnami/jaeger/bin/jaeger-all-in-one" ] diff --git a/bitnami/jaeger/2/debian-12/docker-compose.yml b/bitnami/jaeger/2/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..e539a0098e326 --- /dev/null +++ b/bitnami/jaeger/2/debian-12/docker-compose.yml @@ -0,0 +1,20 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + jaeger: + image: docker.io/bitnami/jaeger:2 + ports: + - 6831:6831 + - 6832:6832 + - 5778:5778 + - 16686:16686 + - 4317:4317 + - 4318:4318 + - 14250:14250 + - 14268:14268 + - 14269:14269 + - 9411:9411 + environment: + - COLLECTOR_ZIPKIN_HOST_PORT=:9411 + - COLLECTOR_OTLP_ENABLED=true diff --git a/bitnami/jaeger/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jaeger/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..5e293c8fae52a --- /dev/null +++ b/bitnami/jaeger/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,8 @@ +{ + "jaeger": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "2.2.0-0" + } +} \ No newline at end of file diff --git a/bitnami/envoy/1.30/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/jaeger/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/envoy/1.30/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/jaeger/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/envoy/1.30/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/jaeger/2/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/envoy/1.30/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/jaeger/2/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/envoy/1.30/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/jaeger/2/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/envoy/1.30/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/jaeger/2/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/jaeger/2/debian-12/tags-info.yaml b/bitnami/jaeger/2/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..37b12d381176d --- /dev/null +++ b/bitnami/jaeger/2/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "2" +- 2-debian-12 +- 2.2.0 +- latest diff --git a/bitnami/jaeger/README.md b/bitnami/jaeger/README.md index 35bec956635a0..147a42fe4913e 100644 --- a/bitnami/jaeger/README.md +++ b/bitnami/jaeger/README.md @@ -21,11 +21,17 @@ docker run --name jaeger bitnami/jaeger:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use jaeger in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use jaeger in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -55,7 +61,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -63,41 +69,42 @@ Non-root container images add an extra layer of security and are generally recom #### Customizable environment variables -| Name | Description | Default Value | -|---------------------------------------------|----------------------------------------------------------------------------|---------------| -| `JAEGER_USERNAME` | Jaeger username. | `user` | -| `JAEGER_PASSWORD` | Jaeger password. | `bitnami` | -| `JAEGER_AGENT_ZIPKIN_UDP_PORT_NUMBER` | Jaeger Agent UDP port. Accept zipkin.thrift over compact thrift protocol | `5775` | -| `JAEGER_AGENT_COMPACT_UDP_PORT_NUMBER` | Jaeger Agent UDP port. Accept jaeger.thrift over compact thrift protocol | `6831` | -| `JAEGER_AGENT_BINARY_UDP_PORT_NUMBER` | Jaeger Agent UDP port. Accept jaeger.thrift over binary thrift protocol | `6832` | -| `JAEGER_AGENT_HTTP_PORT_NUMBER` | Jaeger Agent HTTP port. Serve configs. | `5778` | -| `JAEGER_QUERY_HTTP_PORT_NUMBER` | Jaeger Query HTTP port. | `16686` | -| `JAEGER_QUERY_GRPC_PORT_NUMBER` | Jaeger Query GRPC port. | `16685` | -| `JAEGER_COLLECTOR_ZIPKIN_PORT_NUMBER` | Jaeger Collector Zipkin compatible port. | `nil` | -| `JAEGER_COLLECTOR_HTTP_PORT_NUMBER` | Jaeger Collector HTTP port. Accept jaeger.thrift directly from clients | `14268` | -| `JAEGER_COLLECTOR_GRPC_PORT_NUMBER` | Jaeger Collector GRPC port. Accept jaeger.thrift directly from clients | `14250` | -| `JAEGER_ADMIN_HTTP_PORT_NUMBER` | Jaeger Admin port. | `14269` | -| `JAEGER_AGENT_ZIPKIN_UDP_HOST` | Jaeger Agent UDP host. Accept zipkin.thrift over compact thrift protocol | `nil` | -| `JAEGER_AGENT_COMPACT_UDP_HOST` | Jaeger Agent UDP host. Accept jaeger.thrift over compact thrift protocol | `nil` | -| `JAEGER_AGENT_BINARY_UDP_HOST` | Jaeger Agent UDP host. Accept jaeger.thrift over binary thrift protocol | `nil` | -| `JAEGER_AGENT_HTTP_HOST` | Jaeger Agent HTTP host. Serve configs. | `nil` | -| `JAEGER_QUERY_HTTP_HOST` | Jaeger Query HTTP host. | `nil` | -| `JAEGER_QUERY_GRPC_HOST` | Jaeger Query GRPC host. | `nil` | -| `JAEGER_COLLECTOR_HTTP_HOST` | Jaeger Collector Zipkin compatible host. | `nil` | -| `JAEGER_COLLECTOR_GRPC_HOST` | Jaeger Collector HTTP host. Accept jaeger.thrift directly from clients | `nil` | -| `JAEGER_ADMIN_HTTP_HOST` | Jaeger Collector GRPC host. Accept jaeger.thrift directly from clients | `nil` | -| `JAEGER_COLLECTOR_ZIPKIN_HOST` | Jaeger Admin host. | `nil` | -| `JAEGER_APACHE_QUERY_HTTP_PORT_NUMBER` | Jaeger Query UI HTTP port, exposed via Apache with basic authentication. | `nil` | -| `JAEGER_APACHE_QUERY_HTTPS_PORT_NUMBER` | Jaeger Query UI HTTPS port, exposed via Apache with basic authentication. | `nil` | -| `JAEGER_APACHE_COLLECTOR_HTTP_PORT_NUMBER` | Jaeger Collector HTTP port, exposed via Apache with basic authentication. | `14270` | -| `JAEGER_APACHE_COLLECTOR_HTTPS_PORT_NUMBER` | Jaeger Collector HTTPS port, exposed via Apache with basic authentication. | `14271` | -| `SPAN_STORAGE_TYPE` | Jaeger storage type. | `cassandra` | -| `JAEGER_CASSANDRA_HOST` | Cassandra server host. | `127.0.0.1` | -| `JAEGER_CASSANDRA_PORT_NUMBER` | Cassandra server port. | `9042` | -| `JAEGER_CASSANDRA_KEYSPACE` | Cassandra keyspace. | `bn_jaeger` | -| `JAEGER_CASSANDRA_DATACENTER` | Cassandra keyspace. | `dc1` | -| `JAEGER_CASSANDRA_USER` | Cassandra user name. | `cassandra` | -| `JAEGER_CASSANDRA_PASSWORD` | Cassandra user password. | `nil` | +| Name | Description | Default Value | +|---------------------------------------------|----------------------------------------------------------------------------|---------------------------------------------------| +| `JAEGER_USERNAME` | Jaeger username. | `user` | +| `JAEGER_PASSWORD` | Jaeger password. | `bitnami` | +| `JAEGER_AGENT_ZIPKIN_UDP_PORT_NUMBER` | Jaeger Agent UDP port. Accept zipkin.thrift over compact thrift protocol | `5775` | +| `JAEGER_AGENT_COMPACT_UDP_PORT_NUMBER` | Jaeger Agent UDP port. Accept jaeger.thrift over compact thrift protocol | `6831` | +| `JAEGER_AGENT_BINARY_UDP_PORT_NUMBER` | Jaeger Agent UDP port. Accept jaeger.thrift over binary thrift protocol | `6832` | +| `JAEGER_AGENT_HTTP_PORT_NUMBER` | Jaeger Agent HTTP port. Serve configs. | `5778` | +| `JAEGER_QUERY_HTTP_PORT_NUMBER` | Jaeger Query HTTP port. | `16686` | +| `JAEGER_QUERY_GRPC_PORT_NUMBER` | Jaeger Query GRPC port. | `16685` | +| `JAEGER_COLLECTOR_ZIPKIN_PORT_NUMBER` | Jaeger Collector Zipkin compatible port. | `nil` | +| `JAEGER_COLLECTOR_HTTP_PORT_NUMBER` | Jaeger Collector HTTP port. Accept jaeger.thrift directly from clients | `14268` | +| `JAEGER_COLLECTOR_GRPC_PORT_NUMBER` | Jaeger Collector GRPC port. Accept jaeger.thrift directly from clients | `14250` | +| `JAEGER_ADMIN_HTTP_PORT_NUMBER` | Jaeger Admin port. | `14269` | +| `JAEGER_AGENT_ZIPKIN_UDP_HOST` | Jaeger Agent UDP host. Accept zipkin.thrift over compact thrift protocol | `nil` | +| `JAEGER_AGENT_COMPACT_UDP_HOST` | Jaeger Agent UDP host. Accept jaeger.thrift over compact thrift protocol | `nil` | +| `JAEGER_AGENT_BINARY_UDP_HOST` | Jaeger Agent UDP host. Accept jaeger.thrift over binary thrift protocol | `nil` | +| `JAEGER_AGENT_HTTP_HOST` | Jaeger Agent HTTP host. Serve configs. | `nil` | +| `JAEGER_QUERY_HTTP_HOST` | Jaeger Query HTTP host. | `nil` | +| `JAEGER_QUERY_GRPC_HOST` | Jaeger Query GRPC host. | `nil` | +| `JAEGER_COLLECTOR_HTTP_HOST` | Jaeger Collector Zipkin compatible host. | `nil` | +| `JAEGER_COLLECTOR_GRPC_HOST` | Jaeger Collector HTTP host. Accept jaeger.thrift directly from clients | `nil` | +| `JAEGER_ADMIN_HTTP_HOST` | Jaeger Collector GRPC host. Accept jaeger.thrift directly from clients | `nil` | +| `JAEGER_COLLECTOR_ZIPKIN_HOST` | Jaeger Admin host. | `nil` | +| `JAEGER_APACHE_QUERY_HTTP_PORT_NUMBER` | Jaeger Query UI HTTP port, exposed via Apache with basic authentication. | `nil` | +| `JAEGER_APACHE_QUERY_HTTPS_PORT_NUMBER` | Jaeger Query UI HTTPS port, exposed via Apache with basic authentication. | `nil` | +| `JAEGER_APACHE_COLLECTOR_HTTP_PORT_NUMBER` | Jaeger Collector HTTP port, exposed via Apache with basic authentication. | `14270` | +| `JAEGER_APACHE_COLLECTOR_HTTPS_PORT_NUMBER` | Jaeger Collector HTTPS port, exposed via Apache with basic authentication. | `14271` | +| `SPAN_STORAGE_TYPE` | Jaeger storage type. | `cassandra` | +| `JAEGER_CASSANDRA_HOST` | Cassandra server host. | `127.0.0.1` | +| `JAEGER_CASSANDRA_PORT_NUMBER` | Cassandra server port. | `9042` | +| `JAEGER_CASSANDRA_KEYSPACE` | Cassandra keyspace. | `bn_jaeger` | +| `JAEGER_CASSANDRA_DATACENTER` | Cassandra keyspace. | `dc1` | +| `JAEGER_CASSANDRA_USER` | Cassandra user name. | `cassandra` | +| `JAEGER_CASSANDRA_PASSWORD` | Cassandra user password. | `nil` | +| `JAEGER_CASSANDRA_ALLOWED_AUTHENTICATORS` | Comma-separated list of allowed password authenticators for Cassandra. | `org.apache.cassandra.auth.PasswordAuthenticator` | #### Read-only environment variables @@ -140,7 +147,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/jaeger/docker-compose.yml b/bitnami/jaeger/docker-compose.yml index 3b2b092c2c570..e539a0098e326 100644 --- a/bitnami/jaeger/docker-compose.yml +++ b/bitnami/jaeger/docker-compose.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: jaeger: - image: docker.io/bitnami/jaeger:1 + image: docker.io/bitnami/jaeger:2 ports: - 6831:6831 - 6832:6832 diff --git a/bitnami/janusgraph/1/debian-12/Dockerfile b/bitnami/janusgraph/1/debian-12/Dockerfile index daf378e79aa00..b743e8795da41 100644 --- a/bitnami/janusgraph/1/debian-12/Dockerfile +++ b/bitnami/janusgraph/1/debian-12/Dockerfile @@ -3,20 +3,21 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T20:19:46Z" \ + org.opencontainers.image.created="2025-01-10T11:54:47Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/janusgraph/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.0.0-debian-12-r4" \ + org.opencontainers.image.ref.name="1.1.0-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/janusgraph" \ org.opencontainers.image.title="janusgraph" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.0.0" + org.opencontainers.image.version="1.1.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -30,14 +31,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-0-linux-${OS_ARCH}-debian-12" \ - "java-11.0.23-10-1-linux-${OS_ARCH}-debian-12" \ - "janusgraph-1.0.0-1-linux-${OS_ARCH}-debian-12" \ + "yq-4.44.6-0-linux-${OS_ARCH}-debian-12" \ + "java-11.0.25-11-1-linux-${OS_ARCH}-debian-12" \ + "janusgraph-1.1.0-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -52,7 +53,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/janusgraph/postunpack.sh RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="1.0.0" \ +ENV APP_VERSION="1.1.0" \ BITNAMI_APP_NAME="janusgraph" \ JAVA_HOME="/opt/bitnami/java" diff --git a/bitnami/janusgraph/1/debian-12/docker-compose.yml b/bitnami/janusgraph/1/debian-12/docker-compose.yml index e99dd045b2816..4964daedaae15 100644 --- a/bitnami/janusgraph/1/debian-12/docker-compose.yml +++ b/bitnami/janusgraph/1/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: "2" - services: janusgraph: image: docker.io/bitnami/janusgraph:1 @@ -17,7 +15,7 @@ services: volumes: - "janusgraph_data:/bitnami/janusgraph" cassandra: - image: docker.io/bitnami/cassandra:4.1 + image: docker.io/bitnami/cassandra:latest volumes: - 'cassandra_data:/bitnami' environment: diff --git a/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 717d68039b7dc..dc38b4f697e71 100644 --- a/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.0-1" + "version": "1.1.0-1" }, "java": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "11.0.23-10-1" + "version": "11.0.25-11-1" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-0" + "version": "4.44.6-0" } } \ No newline at end of file diff --git a/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/janusgraph/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/janusgraph/1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/janusgraph/1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh index 8557631d25490..38802fc0bfe91 100755 --- a/bitnami/janusgraph/1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ b/bitnami/janusgraph/1/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -13,6 +13,11 @@ set -o pipefail . /opt/bitnami/scripts/libbitnami.sh . /opt/bitnami/scripts/liblog.sh +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + print_welcome_page echo "" diff --git a/bitnami/janusgraph/1/debian-12/tags-info.yaml b/bitnami/janusgraph/1/debian-12/tags-info.yaml index 9406eab00793e..a300d2da2ff2f 100644 --- a/bitnami/janusgraph/1/debian-12/tags-info.yaml +++ b/bitnami/janusgraph/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.0.0 +- 1.1.0 - latest diff --git a/bitnami/janusgraph/README.md b/bitnami/janusgraph/README.md index a2bdfbcc92ac1..dfdda4609fd47 100644 --- a/bitnami/janusgraph/README.md +++ b/bitnami/janusgraph/README.md @@ -22,11 +22,17 @@ docker run --name janusgraph bitnami/janusgraph:latest * All Bitnami images available in Docker Hub are signed with [Docker Content Trust (DCT)](https://docs.docker.com/engine/security/trust/content_trust/). You can use `DOCKER_CONTENT_TRUST=1` to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use JanusGraph in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use JanusGraph in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -111,7 +117,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/janusgraph/docker-compose.yml b/bitnami/janusgraph/docker-compose.yml index e99dd045b2816..4964daedaae15 100644 --- a/bitnami/janusgraph/docker-compose.yml +++ b/bitnami/janusgraph/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: "2" - services: janusgraph: image: docker.io/bitnami/janusgraph:1 @@ -17,7 +15,7 @@ services: volumes: - "janusgraph_data:/bitnami/janusgraph" cassandra: - image: docker.io/bitnami/cassandra:4.1 + image: docker.io/bitnami/cassandra:latest volumes: - 'cassandra_data:/bitnami' environment: diff --git a/bitnami/java/1.8/README.md b/bitnami/java/1.8/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/java/1.8/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/java/1.8/debian-12/Dockerfile b/bitnami/java/1.8/debian-12/Dockerfile deleted file mode 100644 index dbe7c031ce6ee..0000000000000 --- a/bitnami/java/1.8/debian-12/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:01:37Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/java/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.8.412-9-debian-12-r4" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/java" \ - org.opencontainers.image.title="java" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.8.412-9" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libfontconfig libgcc-s1 libsqlite3-dev libssl-dev locales procps wget -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-1.8.412-9-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8 -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales -RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen -RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ - sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 0/' /etc/login.defs && \ - sed -i 's/sha512/sha512 minlen=8/' /etc/pam.d/common-password - -COPY rootfs / -RUN /opt/bitnami/scripts/locales/add-extra-locales.sh -RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="1.8.412-9" \ - BITNAMI_APP_NAME="java" \ - JAVA_HOME="/opt/bitnami/java" \ - LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - PATH="/opt/bitnami/java/bin:$PATH" - -ENTRYPOINT [ "/opt/bitnami/scripts/java/entrypoint.sh" ] -CMD [ "bash" ] diff --git a/bitnami/java/1.8/debian-12/docker-compose.yml b/bitnami/java/1.8/debian-12/docker-compose.yml deleted file mode 100644 index 703a11ca6b4b6..0000000000000 --- a/bitnami/java/1.8/debian-12/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - java: - tty: true # Enables debugging capabilities when attached to this container. - image: docker.io/bitnami/java:1.8 - command: ["tail", "-f", "/dev/null"] # To keep the container running - ports: - - 8080:8080 - volumes: - - .:/app diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 6b57863a25764..0000000000000 --- a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.8.412-9-1" - } -} \ No newline at end of file diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/java/1.8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/java/1.8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/java/1.8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/java/1.8/debian-12/tags-info.yaml b/bitnami/java/1.8/debian-12/tags-info.yaml deleted file mode 100644 index e7e75d29644fd..0000000000000 --- a/bitnami/java/1.8/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "1.8" -- 1.8-debian-12 -- 1.8.412-9 diff --git a/bitnami/java/11/README.md b/bitnami/java/11/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/java/11/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/java/11/debian-12/Dockerfile b/bitnami/java/11/debian-12/Dockerfile deleted file mode 100644 index 2648d0b3465cd..0000000000000 --- a/bitnami/java/11/debian-12/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-19T16:26:20Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/java/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.0.23-12-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/java" \ - org.opencontainers.image.title="java" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.0.23-12" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libfontconfig libsqlite3-dev libssl-dev locales procps wget zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-11.0.23-12-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8 -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales -RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen -RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ - sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 0/' /etc/login.defs && \ - sed -i 's/sha512/sha512 minlen=8/' /etc/pam.d/common-password - -COPY rootfs / -RUN /opt/bitnami/scripts/locales/add-extra-locales.sh -RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="11.0.23-12" \ - BITNAMI_APP_NAME="java" \ - JAVA_HOME="/opt/bitnami/java" \ - LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - PATH="/opt/bitnami/java/bin:$PATH" - -ENTRYPOINT [ "/opt/bitnami/scripts/java/entrypoint.sh" ] -CMD [ "bash" ] diff --git a/bitnami/java/11/debian-12/docker-compose.yml b/bitnami/java/11/debian-12/docker-compose.yml deleted file mode 100644 index 0b74c86f84af1..0000000000000 --- a/bitnami/java/11/debian-12/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - java: - tty: true # Enables debugging capabilities when attached to this container. - image: docker.io/bitnami/java:11 - command: ["tail", "-f", "/dev/null"] # To keep the container running - ports: - - 8080:8080 - volumes: - - .:/app diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 25d3643e9e398..0000000000000 --- a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.0.23-12-0" - } -} \ No newline at end of file diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/java/11/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/java/11/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/java/11/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/java/11/debian-12/tags-info.yaml b/bitnami/java/11/debian-12/tags-info.yaml deleted file mode 100644 index 8f277563bf0eb..0000000000000 --- a/bitnami/java/11/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "11" -- 11-debian-12 -- 11.0.23-12 diff --git a/bitnami/java/17/README.md b/bitnami/java/17/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/java/17/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/java/17/debian-12/Dockerfile b/bitnami/java/17/debian-12/Dockerfile deleted file mode 100644 index a7698996bbd01..0000000000000 --- a/bitnami/java/17/debian-12/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-16T20:34:07Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/java/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="17.0.11-12-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/java" \ - org.opencontainers.image.title="java" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="17.0.11-12" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libfontconfig libsqlite3-dev libssl-dev locales procps wget zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-17.0.11-12-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8 -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales -RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen -RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ - sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 0/' /etc/login.defs && \ - sed -i 's/sha512/sha512 minlen=8/' /etc/pam.d/common-password - -COPY rootfs / -RUN /opt/bitnami/scripts/locales/add-extra-locales.sh -RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="17.0.11-12" \ - BITNAMI_APP_NAME="java" \ - JAVA_HOME="/opt/bitnami/java" \ - LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - PATH="/opt/bitnami/java/bin:$PATH" - -ENTRYPOINT [ "/opt/bitnami/scripts/java/entrypoint.sh" ] -CMD [ "bash" ] diff --git a/bitnami/java/17/debian-12/docker-compose.yml b/bitnami/java/17/debian-12/docker-compose.yml deleted file mode 100644 index 992436c26d7f6..0000000000000 --- a/bitnami/java/17/debian-12/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - java: - tty: true # Enables debugging capabilities when attached to this container. - image: docker.io/bitnami/java:17 - command: ["tail", "-f", "/dev/null"] # To keep the container running - ports: - - 8080:8080 - volumes: - - .:/app diff --git a/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 26991ceab57f4..0000000000000 --- a/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-12-0" - } -} \ No newline at end of file diff --git a/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/java/17/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/java/17/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/java/17/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/java/17/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/java/17/debian-12/rootfs/opt/bitnami/scripts/locales/add-extra-locales.sh b/bitnami/java/17/debian-12/rootfs/opt/bitnami/scripts/locales/add-extra-locales.sh deleted file mode 100755 index 5f563bbfaa26e..0000000000000 --- a/bitnami/java/17/debian-12/rootfs/opt/bitnami/scripts/locales/add-extra-locales.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose - -# Defaults -WITH_ALL_LOCALES="${WITH_ALL_LOCALES:-no}" -EXTRA_LOCALES="${EXTRA_LOCALES:-}" - -# Constants -LOCALES_FILE="/etc/locale.gen" -SUPPORTED_LOCALES_FILE="/usr/share/i18n/SUPPORTED" - -# Helper function for enabling locale only when it was not added before -enable_locale() { - local -r locale="${1:?missing locale}" - if ! grep -q -E "^${locale}$" "$SUPPORTED_LOCALES_FILE"; then - echo "Locale ${locale} is not supported in this system" - return 1 - fi - if ! grep -q -E "^${locale}" "$LOCALES_FILE"; then - echo "$locale" >> "$LOCALES_FILE" - else - echo "Locale ${locale} is already enabled" - fi -} - -if [[ "$WITH_ALL_LOCALES" =~ ^(yes|true|1)$ ]]; then - echo "Enabling all locales" - cp "$SUPPORTED_LOCALES_FILE" "$LOCALES_FILE" -else - # shellcheck disable=SC2001 - LOCALES_TO_ADD="$(sed 's/[,;]\s*/\n/g' <<< "$EXTRA_LOCALES")" - while [[ -n "$LOCALES_TO_ADD" ]] && read -r locale; do - echo "Enabling locale ${locale}" - enable_locale "$locale" - done <<< "$LOCALES_TO_ADD" -fi - -locale-gen diff --git a/bitnami/java/17/debian-12/tags-info.yaml b/bitnami/java/17/debian-12/tags-info.yaml deleted file mode 100644 index 68fc805b575b4..0000000000000 --- a/bitnami/java/17/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "17" -- 17-debian-12 -- 17.0.11-12 diff --git a/bitnami/java/21/debian-12/Dockerfile b/bitnami/java/21/debian-12/Dockerfile index fa2062e9aa91c..20e1eb1d0f62d 100644 --- a/bitnami/java/21/debian-12/Dockerfile +++ b/bitnami/java/21/debian-12/Dockerfile @@ -3,20 +3,21 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-16T20:16:30Z" \ + org.opencontainers.image.created="2024-12-23T13:45:46Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/java/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="21.0.3-12-debian-12-r0" \ + org.opencontainers.image.ref.name="21.0.5-11-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/java" \ org.opencontainers.image.title="java" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="21.0.3-12" + org.opencontainers.image.version="21.0.5-11" ENV OS_ARCH="${TARGETARCH:-amd64}" \ OS_FLAVOUR="debian-12" \ @@ -25,15 +26,15 @@ ENV OS_ARCH="${TARGETARCH:-amd64}" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl libfontconfig libsqlite3-dev libssl-dev locales procps wget zlib1g +RUN install_packages ca-certificates curl libfontconfig locales procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "java-21.0.3-12-0-linux-${OS_ARCH}-debian-12" \ + "java-21.0.5-11-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -53,12 +54,13 @@ RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ COPY rootfs / RUN /opt/bitnami/scripts/locales/add-extra-locales.sh RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="21.0.3-12" \ +ENV APP_VERSION="21.0.5-11" \ BITNAMI_APP_NAME="java" \ JAVA_HOME="/opt/bitnami/java" \ LANG="en_US.UTF-8" \ LANGUAGE="en_US:en" \ PATH="/opt/bitnami/java/bin:$PATH" +WORKDIR /app ENTRYPOINT [ "/opt/bitnami/scripts/java/entrypoint.sh" ] CMD [ "bash" ] diff --git a/bitnami/java/21/debian-12/docker-compose.yml b/bitnami/java/21/debian-12/docker-compose.yml index 25e0b230d963b..42f7641ec4954 100644 --- a/bitnami/java/21/debian-12/docker-compose.yml +++ b/bitnami/java/21/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: java: tty: true # Enables debugging capabilities when attached to this container. diff --git a/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 2c3d7491adced..de6151699fda0 100644 --- a/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "21.0.3-12-0" + "version": "21.0.5-11-1" } } \ No newline at end of file diff --git a/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/java/21/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/java/21/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/java/21/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh index 8557631d25490..38802fc0bfe91 100755 --- a/bitnami/java/21/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ b/bitnami/java/21/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -13,6 +13,11 @@ set -o pipefail . /opt/bitnami/scripts/libbitnami.sh . /opt/bitnami/scripts/liblog.sh +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + print_welcome_page echo "" diff --git a/bitnami/java/21/debian-12/tags-info.yaml b/bitnami/java/21/debian-12/tags-info.yaml index 07e00a8929c12..04cc13511a0b4 100644 --- a/bitnami/java/21/debian-12/tags-info.yaml +++ b/bitnami/java/21/debian-12/tags-info.yaml @@ -1,4 +1,4 @@ rolling-tags: - "21" - 21-debian-12 -- 21.0.3-12 +- 21.0.5-11 diff --git a/bitnami/java/22/README.md b/bitnami/java/22/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/java/22/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/java/22/debian-12/Dockerfile b/bitnami/java/22/debian-12/Dockerfile deleted file mode 100644 index 007d29f885450..0000000000000 --- a/bitnami/java/22/debian-12/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-16T20:36:41Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/java/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="22.0.1-12-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/java" \ - org.opencontainers.image.title="java" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="22.0.1-12" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libfontconfig libsqlite3-dev libssl-dev locales procps wget zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-22.0.1-12-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN localedef -c -f UTF-8 -i en_US en_US.UTF-8 -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales -RUN echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen -RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs && \ - sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 0/' /etc/login.defs && \ - sed -i 's/sha512/sha512 minlen=8/' /etc/pam.d/common-password - -COPY rootfs / -RUN /opt/bitnami/scripts/locales/add-extra-locales.sh -RUN /opt/bitnami/scripts/java/postunpack.sh -ENV APP_VERSION="22.0.1-12" \ - BITNAMI_APP_NAME="java" \ - JAVA_HOME="/opt/bitnami/java" \ - LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - PATH="/opt/bitnami/java/bin:$PATH" - -ENTRYPOINT [ "/opt/bitnami/scripts/java/entrypoint.sh" ] -CMD [ "bash" ] diff --git a/bitnami/java/22/debian-12/docker-compose.yml b/bitnami/java/22/debian-12/docker-compose.yml deleted file mode 100644 index 4e640f58275af..0000000000000 --- a/bitnami/java/22/debian-12/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - java: - tty: true # Enables debugging capabilities when attached to this container. - image: docker.io/bitnami/java:22 - command: ["tail", "-f", "/dev/null"] # To keep the container running - ports: - - 8080:8080 - volumes: - - .:/app diff --git a/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index dc85dbd71bcae..0000000000000 --- a/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "22.0.1-12-0" - } -} \ No newline at end of file diff --git a/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/java/22/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/java/22/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/java/22/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/java/22/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/java/22/debian-12/rootfs/opt/bitnami/scripts/locales/add-extra-locales.sh b/bitnami/java/22/debian-12/rootfs/opt/bitnami/scripts/locales/add-extra-locales.sh deleted file mode 100755 index 5f563bbfaa26e..0000000000000 --- a/bitnami/java/22/debian-12/rootfs/opt/bitnami/scripts/locales/add-extra-locales.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose - -# Defaults -WITH_ALL_LOCALES="${WITH_ALL_LOCALES:-no}" -EXTRA_LOCALES="${EXTRA_LOCALES:-}" - -# Constants -LOCALES_FILE="/etc/locale.gen" -SUPPORTED_LOCALES_FILE="/usr/share/i18n/SUPPORTED" - -# Helper function for enabling locale only when it was not added before -enable_locale() { - local -r locale="${1:?missing locale}" - if ! grep -q -E "^${locale}$" "$SUPPORTED_LOCALES_FILE"; then - echo "Locale ${locale} is not supported in this system" - return 1 - fi - if ! grep -q -E "^${locale}" "$LOCALES_FILE"; then - echo "$locale" >> "$LOCALES_FILE" - else - echo "Locale ${locale} is already enabled" - fi -} - -if [[ "$WITH_ALL_LOCALES" =~ ^(yes|true|1)$ ]]; then - echo "Enabling all locales" - cp "$SUPPORTED_LOCALES_FILE" "$LOCALES_FILE" -else - # shellcheck disable=SC2001 - LOCALES_TO_ADD="$(sed 's/[,;]\s*/\n/g' <<< "$EXTRA_LOCALES")" - while [[ -n "$LOCALES_TO_ADD" ]] && read -r locale; do - echo "Enabling locale ${locale}" - enable_locale "$locale" - done <<< "$LOCALES_TO_ADD" -fi - -locale-gen diff --git a/bitnami/java/22/debian-12/tags-info.yaml b/bitnami/java/22/debian-12/tags-info.yaml deleted file mode 100644 index 16fa241a1ea9c..0000000000000 --- a/bitnami/java/22/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "22" -- 22-debian-12 -- 22.0.1-12 -- latest diff --git a/bitnami/java/23/README.md b/bitnami/java/23/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/java/23/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/java/README.md b/bitnami/java/README.md index 0c8000e9ae1e8..eb663614ff848 100644 --- a/bitnami/java/README.md +++ b/bitnami/java/README.md @@ -28,11 +28,17 @@ docker run --name java bitnami/java:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Java in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Java in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/java/docker-compose.yml b/bitnami/java/docker-compose.yml index 4e640f58275af..633eb9a5b3572 100644 --- a/bitnami/java/docker-compose.yml +++ b/bitnami/java/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: java: tty: true # Enables debugging capabilities when attached to this container. diff --git a/bitnami/jax/0/debian-12/Dockerfile b/bitnami/jax/0/debian-12/Dockerfile index dacbe73c561f9..50f7aa0c793e8 100644 --- a/bitnami/jax/0/debian-12/Dockerfile +++ b/bitnami/jax/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:01:52Z" \ + org.opencontainers.image.created="2025-01-10T18:41:13Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jax/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.4.28-debian-12-r1" \ + org.opencontainers.image.ref.name="0.4.37-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jax" \ org.opencontainers.image.title="jax" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.4.28" + org.opencontainers.image.version="0.4.37" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblzma5 libncursesw6 libnsl2 libreadline8 libsqlite3-0 libssl3 libstdc++6 libtinfo6 libtirpc3 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-8-linux-${OS_ARCH}-debian-12" \ - "jax-0.4.28-1-linux-${OS_ARCH}-debian-12" \ + "python-3.12.8-1-linux-${OS_ARCH}-debian-12" \ + "jax-0.4.37-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir /.local && chmod g+rwX /.local RUN mkdir /app && chmod g+rwX /app -ENV APP_VERSION="0.4.28" \ +ENV APP_VERSION="0.4.37" \ BITNAMI_APP_NAME="jax" \ PATH="/opt/bitnami/python/bin:$PATH" diff --git a/bitnami/jax/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jax/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 452e6c6e111ac..dad6433514e55 100644 --- a/bitnami/jax/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/jax/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.4.28-1" + "version": "0.4.37-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-8" + "version": "3.12.8-1" } } \ No newline at end of file diff --git a/bitnami/jax/0/debian-12/tags-info.yaml b/bitnami/jax/0/debian-12/tags-info.yaml index 7788c4c4729de..81d5ed3b52136 100644 --- a/bitnami/jax/0/debian-12/tags-info.yaml +++ b/bitnami/jax/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.4.28 +- 0.4.37 - latest diff --git a/bitnami/jax/README.md b/bitnami/jax/README.md index 13eb7648fc2fc..cf518552b1e82 100644 --- a/bitnami/jax/README.md +++ b/bitnami/jax/README.md @@ -22,15 +22,21 @@ docker run -it --name jax bitnami/jax * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use JAX in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use JAX in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -132,7 +138,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/jenkins-agent/0/debian-12/Dockerfile b/bitnami/jenkins-agent/0/debian-12/Dockerfile index b0dc9e6599b27..377002ff8a90e 100644 --- a/bitnami/jenkins-agent/0/debian-12/Dockerfile +++ b/bitnami/jenkins-agent/0/debian-12/Dockerfile @@ -3,20 +3,21 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-16T13:56:16Z" \ + org.opencontainers.image.created="2025-01-08T21:45:11Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jenkins-agent/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.3248.0-debian-12-r0" \ + org.opencontainers.image.ref.name="0.3283.0-debian-12-r3" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jenkins-agent" \ org.opencontainers.image.title="jenkins-agent" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.3248.0" + org.opencontainers.image.version="0.3283.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -29,13 +30,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "jenkins-agent-0.3248.0-0-linux-${OS_ARCH}-debian-12" \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "jenkins-agent-0.3283.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/java/postunpack.sh RUN /opt/bitnami/scripts/jenkins-agent/postunpack.sh -ENV APP_VERSION="0.3248.0" \ +ENV APP_VERSION="0.3283.0" \ BITNAMI_APP_NAME="jenkins-agent" \ JAVA_HOME="/opt/bitnami/java" \ PATH="/opt/bitnami/java/bin:$PATH" diff --git a/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 81033854e07b9..9cda8101479de 100644 --- a/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "17.0.11-10-1" + "version": "17.0.13-12-1" }, "jenkins-agent": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.3248.0-0" + "version": "0.3283.0-0" } } \ No newline at end of file diff --git a/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/jenkins-agent/0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/jenkins-agent/0/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/jenkins-agent/0/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh index 8557631d25490..38802fc0bfe91 100755 --- a/bitnami/jenkins-agent/0/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ b/bitnami/jenkins-agent/0/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -13,6 +13,11 @@ set -o pipefail . /opt/bitnami/scripts/libbitnami.sh . /opt/bitnami/scripts/liblog.sh +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + print_welcome_page echo "" diff --git a/bitnami/jenkins-agent/0/debian-12/tags-info.yaml b/bitnami/jenkins-agent/0/debian-12/tags-info.yaml index c523573bc4edb..8cd795016418d 100644 --- a/bitnami/jenkins-agent/0/debian-12/tags-info.yaml +++ b/bitnami/jenkins-agent/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.3248.0 +- 0.3283.0 - latest diff --git a/bitnami/jenkins-agent/README.md b/bitnami/jenkins-agent/README.md index b3b7b3af4a93c..ebfa99d80fda8 100644 --- a/bitnami/jenkins-agent/README.md +++ b/bitnami/jenkins-agent/README.md @@ -24,15 +24,21 @@ You can find all the available configuration options in the [Environment Variabl * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Jenkins Agent in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Jenkins Agent in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -145,7 +151,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/jenkins/2/debian-12/Dockerfile b/bitnami/jenkins/2/debian-12/Dockerfile index 1b93b21ec658c..9878bbbef05b2 100644 --- a/bitnami/jenkins/2/debian-12/Dockerfile +++ b/bitnami/jenkins/2/debian-12/Dockerfile @@ -3,20 +3,21 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-15T11:59:44Z" \ + org.opencontainers.image.created="2025-01-08T15:47:24Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jenkins/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.452.1-debian-12-r1" \ + org.opencontainers.image.ref.name="2.479.3-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jenkins" \ org.opencontainers.image.title="jenkins" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.452.1" + org.opencontainers.image.version="2.479.3" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -29,14 +30,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl fontconfig git jq libfontconfig1 openssh-client procps unzip zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "jenkins-2.452.1-0-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "jenkins-2.479.3-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -50,7 +51,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/java/postunpack.sh RUN /opt/bitnami/scripts/jenkins/postunpack.sh -ENV APP_VERSION="2.452.1" \ +ENV APP_VERSION="2.479.3" \ BITNAMI_APP_NAME="jenkins" \ JAVA_HOME="/opt/bitnami/java" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:$PATH" diff --git a/bitnami/jenkins/2/debian-12/docker-compose.yml b/bitnami/jenkins/2/debian-12/docker-compose.yml index 57473fff31420..9592aa82f1b9a 100644 --- a/bitnami/jenkins/2/debian-12/docker-compose.yml +++ b/bitnami/jenkins/2/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: jenkins: image: docker.io/bitnami/jenkins:2 diff --git a/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index c32a826ff1996..135c089cf5d64 100644 --- a/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "17.0.11-10-1" + "version": "17.0.13-12-1" }, "jenkins": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.452.1-0" + "version": "2.479.3-0" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" } } \ No newline at end of file diff --git a/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/jenkins/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/jenkins/2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/jenkins/2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh index 8557631d25490..38802fc0bfe91 100755 --- a/bitnami/jenkins/2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ b/bitnami/jenkins/2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -13,6 +13,11 @@ set -o pipefail . /opt/bitnami/scripts/libbitnami.sh . /opt/bitnami/scripts/liblog.sh +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + print_welcome_page echo "" diff --git a/bitnami/jenkins/2/debian-12/tags-info.yaml b/bitnami/jenkins/2/debian-12/tags-info.yaml index a85f037b13343..a1461395c1783 100644 --- a/bitnami/jenkins/2/debian-12/tags-info.yaml +++ b/bitnami/jenkins/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.452.1 +- 2.479.3 - latest diff --git a/bitnami/jenkins/README.md b/bitnami/jenkins/README.md index db67665ce4a2c..e91769721fdee 100644 --- a/bitnami/jenkins/README.md +++ b/bitnami/jenkins/README.md @@ -24,7 +24,7 @@ You can find the default credentials and available configuration options in the * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Jenkins in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Jenkins in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Jenkins in Kubernetes? @@ -34,11 +34,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -463,7 +469,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/jenkins/docker-compose.yml b/bitnami/jenkins/docker-compose.yml index 57473fff31420..9592aa82f1b9a 100644 --- a/bitnami/jenkins/docker-compose.yml +++ b/bitnami/jenkins/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: jenkins: image: docker.io/bitnami/jenkins:2 diff --git a/bitnami/jmx-exporter/0/debian-12/Dockerfile b/bitnami/jmx-exporter/0/debian-12/Dockerfile deleted file mode 100644 index f17f976924693..0000000000000 --- a/bitnami/jmx-exporter/0/debian-12/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T00:50:06Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jmx-exporter/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.20.0-debian-12-r17" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jmx-exporter" \ - org.opencontainers.image.title="jmx-exporter" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.20.0" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "jmx-exporter-0.20.0-3-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y ca-certificates curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN chown -R 1001:1001 /opt/bitnami/jmx-exporter - -ENV APP_VERSION="0.20.0" \ - BITNAMI_APP_NAME="jmx-exporter" \ - PATH="/opt/bitnami/java/bin:$PATH" - -EXPOSE 5556 - -WORKDIR /opt/bitnami/jmx-exporter -USER 1001 -ENTRYPOINT [ "java", "-jar", "jmx_prometheus_httpserver.jar" ] -CMD [ "5556", "example_configs/httpserver_sample_config.yml" ] diff --git a/bitnami/jmx-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jmx-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 423a958b24542..0000000000000 --- a/bitnami/jmx-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "jmx-exporter": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "0.20.0-3" - } -} \ No newline at end of file diff --git a/bitnami/jmx-exporter/0/debian-12/tags-info.yaml b/bitnami/jmx-exporter/0/debian-12/tags-info.yaml deleted file mode 100644 index 11d07ee6f91bb..0000000000000 --- a/bitnami/jmx-exporter/0/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "0" -- 0-debian-12 -- 0.20.0 -- latest diff --git a/bitnami/jmx-exporter/1/debian-12/Dockerfile b/bitnami/jmx-exporter/1/debian-12/Dockerfile new file mode 100644 index 0000000000000..ece1eb5dad06f --- /dev/null +++ b/bitnami/jmx-exporter/1/debian-12/Dockerfile @@ -0,0 +1,60 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-11T11:21:46Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jmx-exporter/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="1.1.0-debian-12-r2" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jmx-exporter" \ + org.opencontainers.image.title="jmx-exporter" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="1.1.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "jmx-exporter-1.1.0-1-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y ca-certificates curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN chown -R 1001:1001 /opt/bitnami/jmx-exporter + +ENV APP_VERSION="1.1.0" \ + BITNAMI_APP_NAME="jmx-exporter" \ + PATH="/opt/bitnami/java/bin:$PATH" + +EXPOSE 5556 + +WORKDIR /opt/bitnami/jmx-exporter +USER 1001 +ENTRYPOINT [ "java", "-jar", "jmx_prometheus_standalone.jar" ] +CMD [ "5556", "examples/standalone_sample_config.yml" ] diff --git a/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..d001a29635495 --- /dev/null +++ b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "java": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "17.0.13-12-1" + }, + "jmx-exporter": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.1.0-1" + } +} \ No newline at end of file diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/nginx/1.26/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/nginx/1.26/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/jmx-exporter/1/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/jmx-exporter/1/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/jmx-exporter/1/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/jmx-exporter/1/debian-12/tags-info.yaml b/bitnami/jmx-exporter/1/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..a300d2da2ff2f --- /dev/null +++ b/bitnami/jmx-exporter/1/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "1" +- 1-debian-12 +- 1.1.0 +- latest diff --git a/bitnami/jmx-exporter/README.md b/bitnami/jmx-exporter/README.md index e87a3cb7bf0b2..7bbd5de7236e1 100644 --- a/bitnami/jmx-exporter/README.md +++ b/bitnami/jmx-exporter/README.md @@ -22,15 +22,21 @@ docker run --name jmx-exporter bitnami/jmx-exporter:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use JMX Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use JMX Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -148,7 +154,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/joomla/5/debian-12/Dockerfile b/bitnami/joomla/5/debian-12/Dockerfile deleted file mode 100644 index 45e8ed2a74c97..0000000000000 --- a/bitnami/joomla/5/debian-12/Dockerfile +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-28T17:01:12Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/joomla/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="5.1.1-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/joomla" \ - org.opencontainers.image.title="joomla" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="5.1.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages acl ca-certificates curl libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "php-8.1.28-7-linux-${OS_ARCH}-debian-12" \ - "apache-2.4.59-2-linux-${OS_ARCH}-debian-12" \ - "mysql-client-11.3.2-3-linux-${OS_ARCH}-debian-12" \ - "libphp-8.1.28-1-linux-${OS_ARCH}-debian-12" \ - "joomla-5.1.1-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/apache/postunpack.sh -RUN /opt/bitnami/scripts/php/postunpack.sh -RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh -RUN /opt/bitnami/scripts/joomla/postunpack.sh -RUN /opt/bitnami/scripts/mysql-client/postunpack.sh -ENV APACHE_HTTPS_PORT_NUMBER="" \ - APACHE_HTTP_PORT_NUMBER="" \ - APP_VERSION="5.1.1" \ - BITNAMI_APP_NAME="joomla" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:$PATH" - -EXPOSE 8080 8443 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/joomla/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/apache/run.sh" ] diff --git a/bitnami/joomla/5/debian-12/docker-compose.yml b/bitnami/joomla/5/debian-12/docker-compose.yml deleted file mode 100644 index a2b767be1d7a2..0000000000000 --- a/bitnami/joomla/5/debian-12/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - mariadb: - image: docker.io/bitnami/mariadb:11.3 - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_joomla - - MARIADB_DATABASE=bitnami_joomla - volumes: - - 'mariadb_data:/bitnami/mariadb' - joomla: - image: docker.io/bitnami/joomla:5 - ports: - - '80:8080' - - '443:8443' - environment: - - JOOMLA_DATABASE_HOST=mariadb - - JOOMLA_DATABASE_PORT_NUMBER=3306 - - JOOMLA_DATABASE_USER=bn_joomla - - JOOMLA_DATABASE_NAME=bitnami_joomla - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - 'joomla_data:/bitnami/joomla' - depends_on: - - mariadb -volumes: - mariadb_data: - driver: local - joomla_data: - driver: local diff --git a/bitnami/joomla/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/joomla/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 97dbbf4859075..0000000000000 --- a/bitnami/joomla/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "apache": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.4.59-2" - }, - "joomla": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "5.1.1-0" - }, - "libphp": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.1.28-1" - }, - "mysql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.3.2-3" - }, - "php": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.1.28-7" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - } -} \ No newline at end of file diff --git a/bitnami/joomla/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/joomla/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/joomla/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf deleted file mode 100644 index 6016f8fbe5829..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf +++ /dev/null @@ -1,5 +0,0 @@ - - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript - AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript - AddOutputFilterByType DEFLATE application/rss+xml - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf deleted file mode 100644 index c0838da2a4e53..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf +++ /dev/null @@ -1,7 +0,0 @@ - - ServerName status.localhost - - Require local - SetHandler server-status - - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh deleted file mode 100644 index b8762c6583591..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for apache - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-apache}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -apache_env_vars=( - APACHE_HTTP_PORT_NUMBER - APACHE_HTTPS_PORT_NUMBER - APACHE_SERVER_TOKENS - APACHE_HTTP_PORT - APACHE_HTTPS_PORT -) -for env_var in "${apache_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset apache_env_vars -export WEB_SERVER_TYPE="apache" - -# Paths -export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache" -export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin" -export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf" -export APACHE_DEFAULT_CONF_DIR="${APACHE_BASE_DIR}/conf.default" -export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs" -export APACHE_TMP_DIR="${APACHE_BASE_DIR}/var/run" -export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs" -export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts" -export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess" -export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf" -export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid" -export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" - -# System users (when running with a privileged user) -export APACHE_DAEMON_USER="daemon" -export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER" -export APACHE_DAEMON_GROUP="daemon" -export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP" -export WEB_SERVER_GROUP="$APACHE_DAEMON_GROUP" - -# Apache configuration -export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080" -export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER" # only used at build time -export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443" -export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER" # only used at build time -APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-"${APACHE_HTTP_PORT:-}"}" -export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}" -export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER" -APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-"${APACHE_HTTPS_PORT:-}"}" -export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}" -export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER" -export APACHE_SERVER_TOKENS="${APACHE_SERVER_TOKENS:-Prod}" - -# Custom environment variables may be defined below diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh deleted file mode 100755 index f2303ab692fbf..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libversion.sh -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh -. /opt/bitnami/scripts/php-env.sh - -# Enable required Apache modules -apache_enable_module "mpm_prefork_module" -php_version="$("${PHP_BIN_DIR}/php" -v | grep ^PHP | cut -d' ' -f2))" -php_major_version="$(get_sematic_version "$php_version" 1)" -if [[ "$php_major_version" -eq "8" ]]; then - apache_enable_module "php_module" "modules/libphp.so" -else - apache_enable_module "php${php_major_version}_module" "modules/libphp${php_major_version}.so" -fi - -# Disable incompatible Apache modules -apache_disable_module "mpm_event_module" - -# Write Apache configuration -apache_php_conf_file="${APACHE_CONF_DIR}/bitnami/php.conf" -cat > "$apache_php_conf_file" < - {{server_name_configuration}} - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl deleted file mode 100644 index 589538513c9c9..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl deleted file mode 100644 index c895e537502a2..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl +++ /dev/null @@ -1 +0,0 @@ -{{additional_configuration}} diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl deleted file mode 100644 index 96be8f8227715..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - - {{additional_http_configuration}} - {{additional_configuration}} - {{htaccess_include}} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl deleted file mode 100644 index 1ad938929726e..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - - {{additional_https_configuration}} - {{additional_configuration}} - {{htaccess_include}} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl deleted file mode 100644 index fc0f6c2181961..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - -{{additional_configuration}} -{{htaccess_include}} diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl deleted file mode 100644 index 9440b89d28bfa..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - {{proxy_configuration}} - {{proxy_http_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl deleted file mode 100644 index 577cd461eb9dc..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - {{proxy_configuration}} - {{proxy_https_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl deleted file mode 100644 index 7ac08b131680b..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{proxy_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{extra_directory_configuration}} - -{{additional_configuration}} diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl deleted file mode 100644 index f518c7d42aab8..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} -PassengerPreStart http://localhost:{{http_port}}/ - - {{server_name_configuration}} - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl deleted file mode 100644 index 5aae54c37d3ba..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} -PassengerPreStart https://localhost:{{https_port}}/ - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl deleted file mode 100644 index 2242d656b5a83..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - -{{additional_configuration}} diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl deleted file mode 100644 index f1d31ed3ecc35..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl +++ /dev/null @@ -1,29 +0,0 @@ -# Default SSL Virtual Host configuration. - - - LoadModule ssl_module modules/mod_ssl.so - - -Listen 443 -SSLProtocol all -SSLv2 -SSLv3 -SSLHonorCipherOrder on -SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4" -SSLPassPhraseDialog builtin -SSLSessionCache "shmcb:{{APACHE_LOGS_DIR}}/ssl_scache(512000)" -SSLSessionCacheTimeout 300 - - - DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - - # Error Documents - ErrorDocument 503 /503.html - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl deleted file mode 100644 index 75a255c3efee8..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl +++ /dev/null @@ -1,17 +0,0 @@ -# Default Virtual Host configuration. - -# Let Apache know we're behind a SSL reverse proxy -SetEnvIf X-Forwarded-Proto https HTTPS=on - - - DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - - # Error Documents - ErrorDocument 503 /503.html - - diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh deleted file mode 100755 index f43c6c4fe59c6..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -#set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/apache/conf) -debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" -cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" - -if [[ "$*" == *"/opt/bitnami/scripts/apache/run.sh"* ]]; then - info "** Starting Apache setup **" - /opt/bitnami/scripts/apache/setup.sh - info "** Apache setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh deleted file mode 100755 index eb8f766a37bf1..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh - -######################## -# Sets up the default Bitnami configuration -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_setup_bitnami_config() { - local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" - - # Enable Apache modules - local -a modules_to_enable=( - "deflate_module" - "negotiation_module" - "proxy[^\s]*_module" - "rewrite_module" - "slotmem_shm_module" - "socache_shmcb_module" - "ssl_module" - "status_module" - "version_module" - ) - for module in "${modules_to_enable[@]}"; do - apache_enable_module "$module" - done - - # Disable Apache modules - local -a modules_to_disable=( - "http2_module" - "proxy_hcheck_module" - "proxy_html_module" - "proxy_http2_module" - ) - for module in "${modules_to_disable[@]}"; do - apache_disable_module "$module" - done - - # Bitnami customizations - ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" - render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" - render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - - # Add new configuration only once, to avoid a second postunpack run breaking Apache - local apache_conf_add - apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < - RequestHeader unset Proxy - -EOF - fi -} - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -apache_setup_bitnami_config - -# Ensure non-root user has write permissions on a set of directories -for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides -ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" - -ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" -ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" - -# This file is necessary for avoiding the error -# "unable to write random state" -# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean - -touch /.rnd && chmod g+rw /.rnd - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh deleted file mode 100755 index b5c43c48391c1..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -info "** Reloading Apache configuration **" -exec "${APACHE_BIN_DIR}/apachectl" -k graceful diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh deleted file mode 100755 index 7735dea1e9626..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -/opt/bitnami/scripts/apache/stop.sh -/opt/bitnami/scripts/apache/start.sh diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh deleted file mode 100755 index 23f1e3179c505..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -info "** Starting Apache **" -exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh deleted file mode 100755 index c1f6b373c1cd6..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -# Ensure Apache environment variables are valid -apache_validate - -# Ensure Apache daemon user exists when running as 'root' -am_i_root && ensure_user_exists "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" - -if ! is_dir_empty "$APACHE_DEFAULT_CONF_DIR"; then - # We add the copy from default config in the initialize function for web applications - # that make use of the Apache setup.sh script - debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" - cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" -fi -# Generate SSL certs (without a passphrase) -ensure_dir_exists "${APACHE_CONF_DIR}/bitnami/certs" -if [[ ! -f "${APACHE_CONF_DIR}/bitnami/certs/server.crt" ]]; then - info "Generating sample certificates" - SSL_KEY_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.key" - SSL_CERT_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.crt" - SSL_CSR_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.csr" - SSL_SUBJ="/CN=example.com" - SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" - rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" - openssl genrsa -out "$SSL_KEY_FILE" 4096 - # OpenSSL version 1.0.x does not use the same parameters as OpenSSL >= 1.1.x - if [[ "$(openssl version | grep -oE "[0-9]+\.[0-9]+")" == "1.0" ]]; then - openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" - else - openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" - fi - openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") - rm -f "$SSL_CSR_FILE" -fi -# Load SSL configuration -if [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]] && [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then - ensure_apache_configuration_exists "Include \"${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf\"" "bitnami-ssl\.conf" "${APACHE_CONF_DIR}/bitnami/bitnami.conf" -fi - -# Copy vhosts files -if ! is_dir_empty "/vhosts"; then - info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'" - cp -Lr "/vhosts/." "${APACHE_VHOSTS_DIR}" -fi - -# Mount certificate files -if ! is_dir_empty "${APACHE_BASE_DIR}/certs"; then - warn "The directory '${APACHE_BASE_DIR}/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#using-custom-ssl-certificates" - warn "Restoring certificates at '${APACHE_BASE_DIR}/certs' to '${APACHE_CONF_DIR}/bitnami/certs'" - rm -rf "${APACHE_CONF_DIR}/bitnami/certs" - ln -sf "${APACHE_BASE_DIR}/certs" "${APACHE_CONF_DIR}/bitnami/certs" -elif ! is_dir_empty "/certs"; then - info "Mounting certificates files from '/certs'" - rm -rf "${APACHE_CONF_DIR}/bitnami/certs" - ln -sf "/certs" "${APACHE_CONF_DIR}/bitnami/certs" -fi - -# Mount application files -if ! is_dir_empty "/app"; then - info "Mounting application files from '/app'" - rm -rf "$APACHE_HTDOCS_DIR" - ln -sf "/app" "$APACHE_HTDOCS_DIR" -fi - -# Restore persisted configuration files (deprecated) -if ! is_dir_empty "/bitnami/apache/conf"; then - warn "The directory '/bitnami/apache/conf' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '${APACHE_CONF_DIR}' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#full-configuration" - warn "Restoring configuration at '/bitnami/apache/conf' to '${APACHE_CONF_DIR}'" - rm -rf "$APACHE_CONF_DIR" - ln -sf "/bitnami/apache/conf" "$APACHE_CONF_DIR" -fi - -# Update ports in configuration -[[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && info "Configuring the HTTP port" && apache_configure_http_port "$APACHE_HTTP_PORT_NUMBER" -[[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && info "Configuring the HTTPS port" && apache_configure_https_port "$APACHE_HTTPS_PORT_NUMBER" - -# Configure ServerTokens with user values -[[ -n "$APACHE_SERVER_TOKENS" ]] && info "Configuring Apache ServerTokens directive" && apache_configure_server_tokens "$APACHE_SERVER_TOKENS" - -# Fix logging issue when running as root -! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh deleted file mode 100755 index b47c8aacba892..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -error_code=0 - -if is_apache_not_running; then - "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" - if ! retry_while "is_apache_running"; then - error "apache did not start" - error_code=1 - else - info "apache started" - fi -else - info "apache is already running" -fi - -exit "$error_code" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh deleted file mode 100755 index db8c132c0e826..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -if is_apache_running; then - info "apache is already running" -else - info "apache is not running" -fi diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh deleted file mode 100755 index adc6613b0a9e1..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -error_code=0 - -if is_apache_running; then - BITNAMI_QUIET=1 apache_stop - if ! retry_while "is_apache_not_running"; then - error "apache could not be stopped" - error_code=1 - else - info "apache stopped" - fi -else - info "apache is not running" -fi - -exit "$error_code" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla-env.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla-env.sh deleted file mode 100644 index 205715bd80400..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla-env.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for joomla - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-joomla}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -joomla_env_vars=( - JOOMLA_DATA_TO_PERSIST - JOOMLA_LOAD_SAMPLE_DATA - JOOMLA_SKIP_BOOTSTRAP - JOOMLA_USERNAME - JOOMLA_PASSWORD - JOOMLA_EMAIL - JOOMLA_SITE_NAME - JOOMLA_SECRET - JOOMLA_SMTP_HOST - JOOMLA_SMTP_PORT_NUMBER - JOOMLA_SMTP_USER - JOOMLA_SMTP_PASSWORD - JOOMLA_SMTP_PROTOCOL - JOOMLA_SMTP_SENDER_EMAIL - JOOMLA_SMTP_SENDER_NAME - JOOMLA_DEFAULT_DATABASE_PORT_NUMBER - JOOMLA_DATABASE_HOST - JOOMLA_DATABASE_PORT_NUMBER - JOOMLA_DATABASE_NAME - JOOMLA_DATABASE_USER - JOOMLA_DATABASE_PASSWORD - SMTP_HOST - SMTP_PORT - JOOMLA_SMTP_PORT - SMTP_USER - SMTP_PASSWORD - SMTP_PROTOCOL - SMTP_SENDER_EMAIL - SMTP_SENDER_NAME -) -for env_var in "${joomla_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset joomla_env_vars - -# Paths -export JOOMLA_BASE_DIR="${BITNAMI_ROOT_DIR}/joomla" -export JOOMLA_TMP_DIR="${JOOMLA_BASE_DIR}/tmp" -export JOOMLA_LOGS_DIR="${JOOMLA_BASE_DIR}/logs" -export JOOMLA_CONF_FILE="${JOOMLA_BASE_DIR}/configuration.php" - -# Joomla! persistence configuration -export JOOMLA_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/joomla" -export JOOMLA_DATA_TO_PERSIST="${JOOMLA_DATA_TO_PERSIST:-$JOOMLA_BASE_DIR}" - -# Joomla! configuration -export JOOMLA_LOAD_SAMPLE_DATA="${JOOMLA_LOAD_SAMPLE_DATA:-yes}" # only used during the first initialization -export JOOMLA_SKIP_BOOTSTRAP="${JOOMLA_SKIP_BOOTSTRAP:-}" # only used during the first initialization - -# Joomla! credentials -export JOOMLA_USERNAME="${JOOMLA_USERNAME:-user}" # only used during the first initialization -export JOOMLA_PASSWORD="${JOOMLA_PASSWORD:-bitnami}" # only used during the first initialization -export JOOMLA_EMAIL="${JOOMLA_EMAIL:-user@example.com}" # only used during the first initialization -export JOOMLA_DEFAULT_SITE_NAME="My site" # only used during the first initialization -export JOOMLA_SITE_NAME="${JOOMLA_SITE_NAME:-$JOOMLA_DEFAULT_SITE_NAME}" # only used during the first initialization -export JOOMLA_SECRET="${JOOMLA_SECRET:-}" # only used during the first initialization - -# Joomla! SMTP credentials -JOOMLA_SMTP_HOST="${JOOMLA_SMTP_HOST:-"${SMTP_HOST:-}"}" -export JOOMLA_SMTP_HOST="${JOOMLA_SMTP_HOST:-}" # only used during the first initialization -JOOMLA_SMTP_PORT_NUMBER="${JOOMLA_SMTP_PORT_NUMBER:-"${SMTP_PORT:-}"}" -JOOMLA_SMTP_PORT_NUMBER="${JOOMLA_SMTP_PORT_NUMBER:-"${JOOMLA_SMTP_PORT:-}"}" -export JOOMLA_SMTP_PORT_NUMBER="${JOOMLA_SMTP_PORT_NUMBER:-}" # only used during the first initialization -JOOMLA_SMTP_USER="${JOOMLA_SMTP_USER:-"${SMTP_USER:-}"}" -export JOOMLA_SMTP_USER="${JOOMLA_SMTP_USER:-}" # only used during the first initialization -JOOMLA_SMTP_PASSWORD="${JOOMLA_SMTP_PASSWORD:-"${SMTP_PASSWORD:-}"}" -export JOOMLA_SMTP_PASSWORD="${JOOMLA_SMTP_PASSWORD:-}" # only used during the first initialization -JOOMLA_SMTP_PROTOCOL="${JOOMLA_SMTP_PROTOCOL:-"${SMTP_PROTOCOL:-}"}" -export JOOMLA_SMTP_PROTOCOL="${JOOMLA_SMTP_PROTOCOL:-}" # only used during the first initialization -JOOMLA_SMTP_SENDER_EMAIL="${JOOMLA_SMTP_SENDER_EMAIL:-"${SMTP_SENDER_EMAIL:-}"}" -export JOOMLA_SMTP_SENDER_EMAIL="${JOOMLA_SMTP_SENDER_EMAIL:-}" # only used during the first initialization -JOOMLA_SMTP_SENDER_NAME="${JOOMLA_SMTP_SENDER_NAME:-"${SMTP_SENDER_NAME:-}"}" -export JOOMLA_SMTP_SENDER_NAME="${JOOMLA_SMTP_SENDER_NAME:-}" # only used during the first initialization - -# Database configuration -export JOOMLA_DEFAULT_DATABASE_HOST="mariadb" # only used at build time -export JOOMLA_DEFAULT_DATABASE_PORT_NUMBER="${JOOMLA_DEFAULT_DATABASE_PORT_NUMBER:-3306}" # only used during the first initialization -export JOOMLA_DATABASE_HOST="${JOOMLA_DATABASE_HOST:-$JOOMLA_DEFAULT_DATABASE_HOST}" # only used during the first initialization -export JOOMLA_DATABASE_PORT_NUMBER="${JOOMLA_DATABASE_PORT_NUMBER:-$JOOMLA_DEFAULT_DATABASE_PORT_NUMBER}" # only used during the first initialization -export JOOMLA_DATABASE_NAME="${JOOMLA_DATABASE_NAME:-bitnami_joomla}" # only used during the first initialization -export JOOMLA_DATABASE_USER="${JOOMLA_DATABASE_USER:-bn_joomla}" # only used during the first initialization -export JOOMLA_DATABASE_PASSWORD="${JOOMLA_DATABASE_PASSWORD:-}" # only used during the first initialization - -# PHP configuration -export PHP_DEFAULT_MEMORY_LIMIT="256M" # only used at build time - -# Custom environment variables may be defined below diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/entrypoint.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/entrypoint.sh deleted file mode 100755 index 47a37e9c64a02..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/entrypoint.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Joomla! environment -. /opt/bitnami/scripts/joomla-env.sh - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libwebserver.sh - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/$(web_server_type)/run.sh" || "$1" = "/opt/bitnami/scripts/nginx-php-fpm/run.sh" ]]; then - info "** Starting Joomla! setup **" - /opt/bitnami/scripts/"$(web_server_type)"/setup.sh - /opt/bitnami/scripts/php/setup.sh - /opt/bitnami/scripts/mysql-client/setup.sh - /opt/bitnami/scripts/joomla/setup.sh - /post-init.sh - info "** Joomla! setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/postunpack.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/postunpack.sh deleted file mode 100755 index 2167b7fa3adba..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/postunpack.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Joomla! environment -. /opt/bitnami/scripts/joomla-env.sh - -# Load PHP environment for 'php_conf_set' (after 'joomla-env.sh' so that MODULE is not set to a wrong value) -. /opt/bitnami/scripts/php-env.sh - -# Load libraries -. /opt/bitnami/scripts/libjoomla.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load web server environment and functions (after Joomla! environment file so MODULE is not set to a wrong value) -. "/opt/bitnami/scripts/$(web_server_type)-env.sh" - -# Enable Joomla! configuration file -[[ ! -f "$JOOMLA_CONF_FILE" ]] && cp "${JOOMLA_BASE_DIR}/installation/configuration.php-dist" "$JOOMLA_CONF_FILE" - -# Ensure the Joomla! base directory exists and has proper permissions -info "Configuring file permissions for Joomla!" -ensure_user_exists "$WEB_SERVER_DAEMON_USER" --group "$WEB_SERVER_DAEMON_GROUP" -for dir in "$JOOMLA_BASE_DIR" "$JOOMLA_VOLUME_DIR" "$JOOMLA_TMP_DIR" "$JOOMLA_LOGS_DIR"; do - ensure_dir_exists "$dir" - # Use daemon:root ownership for compatibility when running as a non-root user - configure_permissions_ownership "$dir" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" -done - -# Configure Joomla! based on build-time defaults -joomla_conf_set "\$sitename" "$JOOMLA_DEFAULT_SITE_NAME" -joomla_conf_set "\$fromname" "$JOOMLA_DEFAULT_SITE_NAME" -joomla_conf_set "\$log_path" "$JOOMLA_LOGS_DIR" -joomla_conf_set "\$tmp_path" "$JOOMLA_TMP_DIR" -joomla_conf_set "\$db" "$JOOMLA_DATABASE_NAME" -joomla_conf_set "\$host" "${JOOMLA_DEFAULT_DATABASE_HOST}:${JOOMLA_DEFAULT_DATABASE_PORT_NUMBER}" -joomla_conf_set "\$user" "$JOOMLA_DATABASE_USER" -joomla_conf_set "\$db" "$JOOMLA_DATABASE_NAME" - -info "Configuring default PHP options for Joomla!" -php_conf_set memory_limit "$PHP_DEFAULT_MEMORY_LIMIT" - -# The sql scripts contain a template "#__" which will be substituted by the -# prefix set in the configuration ("jos_" in our case), we need to adapt it. -debug "Adapting installation sql files" -for sql_file in "${JOOMLA_BASE_DIR}/installation/sql/mysql"/*.sql; do - replace_in_file "$sql_file" "#__" "jos_" -done - -# Enable default web server configuration for Joomla! -info "Creating default web server configuration for Joomla!" -web_server_validate - -ensure_web_server_app_configuration_exists "joomla" --type php --apache-additional-configuration ' -# Bypass mod_dir in order to allow 80->8080 redirections when not using a reverse proxy (example: docker-compose or Kubernetes) - - DirectorySlash off - -' -replace_in_file "${APACHE_HTACCESS_DIR}/joomla-htaccess.conf" '(## End [-] Custom redirects)' '# Custom rewrite by Bitnami - bypass mod_dir in order to allow 80->8080 redirections when not using a reverse proxy (example: docker-compose or Kubernetes)\n RewriteRule "^administrator$" "administrator/"\n \1' - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "/opt/bitnami/$(web_server_type)/conf"/* "/opt/bitnami/$(web_server_type)/conf.default" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/setup.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/setup.sh deleted file mode 100755 index 92797851bff20..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/joomla/setup.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Joomla! environment -. /opt/bitnami/scripts/joomla-env.sh - -# Load MySQL Client environment for 'mysql_remote_execute', used during initialization -if [[ -f /opt/bitnami/scripts/mysql-client-env.sh ]]; then - . /opt/bitnami/scripts/mysql-client-env.sh -elif [[ -f /opt/bitnami/scripts/mysql-env.sh ]]; then - . /opt/bitnami/scripts/mysql-env.sh -elif [[ -f /opt/bitnami/scripts/mariadb-env.sh ]]; then - . /opt/bitnami/scripts/mariadb-env.sh -fi - -# Load libraries -. /opt/bitnami/scripts/libjoomla.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load web server environment and functions (after Joomla! environment file so MODULE is not set to a wrong value) -. "/opt/bitnami/scripts/$(web_server_type)-env.sh" - -# Ensure Joomla! environment variables are valid -joomla_validate - -# Update web server configuration with runtime environment (needs to happen before the initialization) -web_server_update_app_configuration "joomla" - -joomla_initialize diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libapache.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libapache.sh deleted file mode 100644 index d6eb686df3f6f..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libapache.sh +++ /dev/null @@ -1,808 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Apache library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -######################## -# Validate settings in APACHE_* env vars -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_validate() { - debug "Validating settings in APACHE_* environment variables" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - check_allowed_port() { - local port_var="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("${!port_var}") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - [[ -w "$APACHE_CONF_FILE" ]] || warn "The Apache configuration file '${APACHE_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied." - - if [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]]; then - if [[ "$APACHE_HTTP_PORT_NUMBER" -eq "$APACHE_HTTPS_PORT_NUMBER" ]]; then - print_validation_error "APACHE_HTTP_PORT_NUMBER and APACHE_HTTPS_PORT_NUMBER are bound to the same port!" - fi - fi - - [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTP_PORT_NUMBER - [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTPS_PORT_NUMBER - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Configure Apache's HTTP port -# Globals: -# APACHE_CONF_FILE, APACHE_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -apache_configure_http_port() { - local -r port=${1:?missing port} - local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" - local -r server_name_exp="s|^\s*#?\s*ServerName\s+([^:\s]+)(:[0-9]+)?$|ServerName \1:${port}|" - local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_FILE}" - apache_configuration="$(sed -E -e "$listen_exp" -e "$server_name_exp" "$APACHE_CONF_FILE")" - echo "$apache_configuration" > "$APACHE_CONF_FILE" - fi - - if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami.conf" - apache_configuration="$(sed -E "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami.conf")" - echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" - fi - - if [[ -w "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_VHOSTS_DIR}/00_status-vhost.conf" - apache_configuration="$(sed -E "$vhost_exp" "${APACHE_VHOSTS_DIR}/00_status-vhost.conf")" - echo "$apache_configuration" > "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" - fi -} - -######################## -# Configure Apache's HTTPS port -# Globals: -# APACHE_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -apache_configure_https_port() { - local -r port=${1:?missing port} - local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" - local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" - local apache_configuration - - if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - apache_configuration="$(sed -E -e "$listen_exp" -e "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf")" - echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - fi -} - -######################## -# Configure Apache's ServerTokens directive -# Globals: -# APACHE_CONF_DIR -# Arguments: -# $1 - Value for ServerTokens directive -# Returns: -# None -######################### -apache_configure_server_tokens() { - local -r value=${1:?missing value} - local -r server_tokens_exp="s|^\s*ServerTokens\s+\w+\s*$|ServerTokens ${value}|" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Configuring ServerTokens ${value} on file ${APACHE_CONF_FILE}" - apache_configuration="$(sed -E -e "$server_tokens_exp" "$APACHE_CONF_FILE")" - echo "$apache_configuration" > "$APACHE_CONF_FILE" - fi -} - -######################## -# Enable a module in the Apache configuration file -# Globals: -# APACHE_CONF_FILE -# Arguments: -# $1 - Module to enable -# $2 - Path to module .so file (optional if already defined in httpd.conf) -# Returns: -# None -######################### -apache_enable_module() { - local -r name="${1:?missing name}" - local -r file="${2:-}" - local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Enabling module '${name}'" - if grep -q -E "$regex" "$APACHE_CONF_FILE"; then - # Uncomment line if the module was already defined - replace_in_file "$APACHE_CONF_FILE" "$regex" "\1" - elif [[ -n "$file" ]]; then - # Add right after the last LoadModule, so all Apache modules are organized in the same section of the file - append_file_after_last_match "$APACHE_CONF_FILE" "^[#\s]*LoadModule" "LoadModule ${name} ${file}" - else - error "Module ${name} was not defined in ${APACHE_CONF_FILE}. Please specify the 'file' parameter for 'apache_enable_module'." - fi - fi -} - -######################## -# Disable a module in the Apache configuration file -# Globals: -# APACHE_CONF_FILE -# Arguments: -# $1 - Module to disable -# Returns: -# None -######################### -apache_disable_module() { - local -r name="${1:?missing name}" - local -r file="${2:-}" - local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Disabling module '${name}'" - replace_in_file "$APACHE_CONF_FILE" "$regex" "#\1" - fi -} - -######################## -# Stop Apache -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_stop() { - is_apache_not_running && return - stop_service_using_pid "$APACHE_PID_FILE" -} - -######################## -# Check if Apache is running -# Globals: -# APACHE_PID_FILE -# Arguments: -# None -# Returns: -# Whether Apache is running -######################## -is_apache_running() { - local pid - pid="$(get_pid_from_file "$APACHE_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Apache is running -# Globals: -# APACHE_PID_FILE -# Arguments: -# None -# Returns: -# Whether Apache is not running -######################## -is_apache_not_running() { - ! is_apache_running -} - -######################## -# Ensure configuration gets added to the main Apache configuration file -# Globals: -# APACHE_* -# Arguments: -# $1 - configuration string -# $2 - pattern to use for checking if the configuration already exists (default: $1) -# $3 - Apache configuration file (default: $APACHE_CONF_FILE) -# Returns: -# None -######################## -ensure_apache_configuration_exists() { - local -r conf="${1:?conf missing}" - local -r pattern="${2:-"$conf"}" - local -r conf_file="${3:-"$APACHE_CONF_FILE"}" - # Enable configuration by appending to httpd.conf - if ! grep -E -q "$pattern" "$conf_file"; then - if is_file_writable "$conf_file"; then - cat >> "$conf_file" <<< "$conf" - else - error "Could not add the following configuration to '${conf_file}:" - error "" - error "$(indent "$conf" 4)" - error "" - error "Include the configuration manually and try again." - return 1 - fi - fi -} - -######################## -# Collect all the .htaccess files from /opt/bitnami/$name and write the result in the 'htaccess' directory -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# $2 - Overwrite the original .htaccess with the explanation text (defaults to 'yes') -# Flags: -# --document-root - Path to document root directory -# Returns: -# None -######################## -apache_replace_htaccess_files() { - local -r app="${1:?missing app}" - local -r result_file="${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" - # Default options - local document_root="${BITNAMI_ROOT_DIR}/${app}" - local overwrite="yes" - local -a htaccess_files - local htaccess_dir - local htaccess_contents - # Validate arguments - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --document-root) - shift - document_root="$1" - ;; - --overwrite) - shift - overwrite="$1" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - if is_file_writable "$result_file"; then - # Locate all .htaccess files inside the document root - read -r -a htaccess_files <<< "$(find "$document_root" -name .htaccess -print0 | xargs -0)" - [[ "${#htaccess_files[@]}" = 0 ]] && return - # Create file with root group write privileges, so it can be modified in non-root containers - [[ ! -f "$result_file" ]] && touch "$result_file" && chmod g+rw "$result_file" - for htaccess_file in "${htaccess_files[@]}"; do - htaccess_dir="$(dirname "$htaccess_file")" - htaccess_contents="$(indent "$(< "$htaccess_file")" 2)" - # Skip if it was already included to the resulting htaccess file - if grep -q "^" <<< "$htaccess_contents"; then - continue - fi - # Add to the htaccess file - cat >> "$result_file" < -${htaccess_contents} - -EOF - # Overwrite the original .htaccess with the explanation text - if is_boolean_yes "$overwrite"; then - echo "# This configuration has been moved to the ${result_file} config file for performance and security reasons" > "$htaccess_file" - fi - done - elif [[ ! -f "$result_file" ]]; then - error "Could not create htaccess for ${app} at '${result_file}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} htaccess file '${result_file}' is not writable. Configurations based on environment variables will not be applied for this file." - return - fi -} - -######################## -# Ensure an Apache application configuration exists (in virtual host format) -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases (defaults to '*') -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render the app's virtual hosts with a .disabled prefix -# --disable-http - Whether to render the app's HTTP virtual host with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS virtual host with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# --additional-configuration - Additional vhost configuration (no default) -# --additional-http-configuration - Additional HTTP vhost configuration (no default) -# --additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --before-vhost-configuration - Configuration to add before the directive (no default) -# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --document-root - Path to document root directory -# --extra-directory-configuration - Extra configuration for the document root directory -# --proxy-address - Address where to proxy requests -# --proxy-configuration - Extra configuration for the proxy -# --proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_apache_app_configuration_exists() { - local -r app="${1:?missing app}" - # Default options - local type="" - local -a hosts=("127.0.0.1" "_default_") - local server_name="www.example.com" # Default ServerName in httpd.conf - local -a server_aliases=("*") - local allow_remote_connections="yes" - local disable="no" - local disable_http="no" - local disable_https="no" - local move_htaccess="yes" - # Template variables defaults - export additional_configuration="" - export additional_http_configuration="" - export additional_https_configuration="" - export before_vhost_configuration="" - export allow_override="All" - export document_root="${BITNAMI_ROOT_DIR}/${app}" - export extra_directory_configuration="" - export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" - export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" - export http_port="$default_http_port" - export https_port="$default_https_port" - export proxy_address="" - export proxy_configuration="" - export proxy_http_configuration="" - export proxy_https_configuration="" - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --hosts \ - | --server-aliases) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - read -r -a "${var_name?}" <<< "$1" - ;; - --disable \ - | --disable-http \ - | --disable-https \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - export "${var_name}=yes" - ;; - --type \ - | --server-name \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --move-htaccess \ - | --additional-configuration \ - | --additional-http-configuration \ - | --additional-https-configuration \ - | --before-vhost-configuration \ - | --allow-override \ - | --document-root \ - | --extra-directory-configuration \ - | --proxy-address \ - | --proxy-configuration \ - | --proxy-http-configuration \ - | --proxy-https-configuration \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - export "${var_name}=${1}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Construct listen ports configuration (only to add when using non-standard ports) - export http_listen_configuration="" - export https_listen_configuration="" - [[ "$http_port" != "$default_http_port" ]] && http_listen_configuration="Listen ${http_port}" - [[ "$https_port" != "$default_https_port" ]] && https_listen_configuration="Listen ${https_port}" - # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" - export http_listen_addresses="" - export https_listen_addresses="" - for host in "${hosts[@]}"; do - http_listen="${host}:${http_port}" - https_listen="${host}:${https_port}" - [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" - [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" - done - # Construct ServerName/ServerAlias block - export server_name_configuration="" - if ! is_empty_value "${server_name:-}"; then - server_name_configuration="ServerName ${server_name}" - fi - if [[ "${#server_aliases[@]}" -gt 0 ]]; then - server_name_configuration+=$'\n'"ServerAlias ${server_aliases[*]}" - fi - # App .htaccess support (only when type is not defined) - export htaccess_include - [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" - if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then - allow_override="None" - htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" - else - # allow_override is already set to the expected value - htaccess_include="" - fi - # ACL configuration - export acl_configuration - if is_boolean_yes "$allow_remote_connections"; then - acl_configuration="Require all granted" - else - acl_configuration="$(cat < "$http_vhost" - elif [[ ! -f "$http_vhost" ]]; then - error "Could not create virtual host for ${app} at '${http_vhost}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - if is_file_writable "$https_vhost"; then - # Create file with root group write privileges, so it can be modified in non-root containers - [[ ! -f "$https_vhost" ]] && touch "$https_vhost" && chmod g+rw "$https_vhost" - render-template "${template_dir}/${template_name}-https-vhost.conf.tpl" | sed '/^\s*$/d' > "$https_vhost" - elif [[ ! -f "$https_vhost" ]]; then - error "Could not create virtual host for ${app} at '${https_vhost}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi -} - -######################## -# Ensure an Apache application configuration does not exist anymore (in virtual hosts format) -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_apache_app_configuration_not_exists() { - local -r app="${1:?missing app}" - local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" - local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" - local -r disable_suffix=".disabled" - # Note that 'rm -f' will not fail if the files don't exist - # However if we lack permissions to remove the file, it will result in a non-zero exit code, as expected by this function - rm -f "$http_vhost" "$https_vhost" "${http_vhost}${disable_suffix}" "${https_vhost}${disable_suffix}" -} - -######################## -# Ensure Apache loads the configuration for an application in a URL prefix -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --additional-configuration - Additional vhost configuration (no default) -# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --document-root - Path to document root directory -# --extra-directory-configuration - Extra configuration for the document root directory -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_apache_prefix_configuration_exists() { - local -r app="${1:?missing app}" - # Default options - local type="" - local allow_remote_connections="yes" - local move_htaccess="yes" - local prefix="/${app}" - # Template variables defaults - export additional_configuration="" - export allow_override="All" - export document_root="${BITNAMI_ROOT_DIR}/${app}" - export extra_directory_configuration="" - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --type \ - | --allow-remote-connections \ - | --move-htaccess \ - | --prefix \ - | --additional-configuration \ - | --allow-override \ - | --document-root \ - | --extra-directory-configuration \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "${var_name}=${1}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # App .htaccess support (only when type is not defined) - export htaccess_include - [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" - if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then - allow_override="None" - htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" - else - # allow_override is already set to the expected value - htaccess_include="" - fi - # ACL configuration - export acl_configuration - if is_boolean_yes "$allow_remote_connections"; then - acl_configuration="Require all granted" - else - acl_configuration="$(cat < "$prefix_file" - ensure_apache_configuration_exists "Include \"$prefix_file\"" - elif [[ ! -f "$prefix_file" ]]; then - error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} web server configuration file '${prefix_file}' is not writable. Configurations based on environment variables will not be applied for this file." - fi -} - -######################## -# Ensure Apache application configuration is updated with the runtime configuration (i.e. ports) -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -apache_update_app_configuration() { - local -r app="${1:?missing app}" - # Default options - local -a hosts=("127.0.0.1" "_default_") - local server_name="www.example.com" # Default ServerName in httpd.conf - local -a server_aliases=() - local enable_http="no" - local enable_https="no" - local disable_http="no" - local disable_https="no" - export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" - export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" - export http_port="$default_http_port" - export https_port="$default_https_port" - local var_name - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --hosts \ - | --server-aliases) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - read -r -a "${var_name?}" <<< "$1" - ;; - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - declare "${var_name}=yes" - ;; - --server-name \ - | --http-port \ - | --https-port \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "${var_name}=${1}" - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" - export http_listen_addresses="" - export https_listen_addresses="" - for host in "${hosts[@]}"; do - http_listen="${host}:${http_port}" - https_listen="${host}:${https_port}" - [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" - [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" - done - # Update configuration - local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" - local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" - local -r disable_suffix=".disabled" - # Helper function to avoid duplicating code - update_common_vhost_config() { - local -r vhost_file="${1:?missing virtual host}" - # Update ServerName - if ! is_empty_value "${server_name:-}"; then - replace_in_file "$vhost_file" "^(\s*ServerName\s+).*" "\1${server_name}" - fi - # Update ServerAlias - if [[ "${#server_aliases[@]}" -gt 0 ]]; then - replace_in_file "$vhost_file" "^(\s*ServerAlias\s+).*" "\1${server_aliases[*]}" - fi - } - # Disable and enable configuration files - rename_conf_file() { - local -r origin="$1" - local -r destination="$2" - if is_file_writable "$origin" && is_file_writable "$destination"; then - warn "Could not rename virtual host file '${origin}' to '${destination}' due to lack of permissions." - else - mv "$origin" "$destination" - fi - } - is_boolean_yes "$disable_http" && [[ -e "$http_vhost" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" - is_boolean_yes "$disable_https" && [[ -e "$https_vhost" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" - is_boolean_yes "$enable_http" && [[ -e "${http_vhost}${disable_suffix}" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" - is_boolean_yes "$enable_https" && [[ -e "${https_vhost}${disable_suffix}" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" - # Update only configuration files without the '.disabled' suffix - if [[ -e "$http_vhost" ]]; then - if is_file_writable "$http_vhost"; then - update_common_vhost_config "$http_vhost" - # Update vhost-specific config (listen port and addresses) - replace_in_file "$http_vhost" "^Listen .*" "Listen ${http_port}" - replace_in_file "$http_vhost" "^$" "" - else - warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - fi - if [[ -e "$https_vhost" ]]; then - if is_file_writable "$https_vhost"; then - update_common_vhost_config "$https_vhost" - # Update vhost-specific config (listen port and addresses) - replace_in_file "$https_vhost" "^Listen .*" "Listen ${https_port}" - replace_in_file "$https_vhost" "^$" "" - else - warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - fi -} - -######################## -# Create a password file for basic authentication and restrict its permissions -# Globals: -# * -# Arguments: -# $1 - file -# $2 - username -# $3 - password -# Returns: -# true if the configuration was updated, false otherwise -######################## -apache_create_password_file() { - local -r file="${1:?missing file}" - local -r username="${2:?missing username}" - local -r password="${3:?missing password}" - - "${APACHE_BIN_DIR}/htpasswd" -bc "$file" "$username" "$password" - am_i_root && configure_permissions_ownership "$file" --file-mode "600" --user "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" -} diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libjoomla.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libjoomla.sh deleted file mode 100644 index 934d66da00ab6..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libjoomla.sh +++ /dev/null @@ -1,306 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Joomla! library - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libpersistence.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load database library -if [[ -f /opt/bitnami/scripts/libmysqlclient.sh ]]; then - . /opt/bitnami/scripts/libmysqlclient.sh -elif [[ -f /opt/bitnami/scripts/libmysql.sh ]]; then - . /opt/bitnami/scripts/libmysql.sh -elif [[ -f /opt/bitnami/scripts/libmariadb.sh ]]; then - . /opt/bitnami/scripts/libmariadb.sh -fi - -######################## -# Validate settings in JOOMLA_* env vars -# Globals: -# JOOMLA_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -joomla_validate() { - debug "Validating settings in JOOMLA_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - check_valid_port() { - local port_var="${1:?missing port variable}" - local err - if ! err="$(validate_port "${!port_var}")"; then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - # Validate credentials - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - else - for empty_env_var in "JOOMLA_DATABASE_PASSWORD" "JOOMLA_PASSWORD"; do - is_empty_value "${!empty_env_var}" && print_validation_error "The ${empty_env_var} environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow a blank password. This is only recommended for development environments." - done - fi - - # Validate SMTP credentials - if ! is_empty_value "$JOOMLA_SMTP_HOST"; then - for empty_env_var in "JOOMLA_SMTP_USER" "JOOMLA_SMTP_PASSWORD"; do - is_empty_value "${!empty_env_var}" && warn "The ${empty_env_var} environment variable is empty or not set." - done - is_empty_value "$JOOMLA_SMTP_PORT_NUMBER" && print_validation_error "The JOOMLA_SMTP_PORT_NUMBER environment variable is empty or not set." - ! is_empty_value "$JOOMLA_SMTP_PORT_NUMBER" && check_valid_port "JOOMLA_SMTP_PORT_NUMBER" - ! is_empty_value "$JOOMLA_SMTP_PROTOCOL" && check_multi_value "JOOMLA_SMTP_PROTOCOL" "ssl tls" - fi - - # Check that the web server is properly set up - web_server_validate || print_validation_error "Web server validation failed" - - return "$error_code" -} - -######################## -# Get Joomla! version -# Globals: -# JOOMLA_* -# Arguments: -# None -# Returns: -# String with Joomla version -######################### -joomla_get_version() { - grep -Eo "[0-9]+[.][0-9]+[.][0-9]+" "${JOOMLA_BASE_DIR}/administrator/manifests/files/joomla.xml" -} - -######################## -# Get Joomla! major version -# Globals: -# JOOMLA_* -# Arguments: -# None -# Returns: -# String with Joomla major version -######################### -joomla_get_major_version() { - joomla_get_version | cut -d '.' -f 1 -} - -######################## -# Get Joomla! schema version -# Globals: -# JOOMLA_* -# Arguments: -# None -# Returns: -# String with Joomla schema version -######################### -joomla_get_version_schema() { - local -r migrations_dir=/opt/bitnami/joomla/administrator/components/com_admin/sql/updates/mysql - # Sort by date (specified in the filename), since files are named following the 'version-date.sql' pattern - # Regular sort does not work because the versions have different digits, example: 3.9.3 > 3.9.19 using sort - local -r regex=".*-([0-9]{4}-[0-9]{2}-[0-9]{2})\.sql" - local -r latest_date="$(find "$migrations_dir" -regextype posix-extended -regex "$regex" | sed -E "s/${regex}/\1/" | sort | tail -n 1)" - # Obtain the file associated with the date - find "$migrations_dir" -name "*-${latest_date}.sql" -exec basename {} \+ | sed 's/\.sql//g' -} - -######################## -# Ensure Joomla! is initialized -# Globals: -# JOOMLA_* -# Arguments: -# None -# Returns: -# None -######################### -joomla_initialize() { - # Check if Joomla! has already been initialized and persisted in a previous run - local db_host db_port db_name db_user db_pass - local -r app_name="joomla" - if ! is_app_initialized "$app_name"; then - # Ensure the base directory exists and has proper permissions - info "Configuring file permissions for Joomla!" - ensure_dir_exists "$JOOMLA_VOLUME_DIR" - # Use daemon:root ownership for compatibility when running as a non-root user - am_i_root && configure_permissions_ownership "$JOOMLA_VOLUME_DIR" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" - # Configure Joomla! based on environment variables - info "Configuring Joomla! with settings provided via environment variables" - ## Site name - ! is_empty_value "$JOOMLA_SITE_NAME" && info "Setting site name" && joomla_conf_set "\$sitename" "$JOOMLA_SITE_NAME" && joomla_conf_set "\$fromname" "$JOOMLA_SITE_NAME" - ## SMTP - # Use JOOMLA_SMTP_HOST as a flag to know if SMTP should be enabled (the rest of parameters are check in the validation) - if ! is_empty_value "$JOOMLA_SMTP_HOST"; then - local smtp_auth_req=0 - ! is_empty_value "$JOOMLA_SMTP_USER" && smtp_auth_req=1 - - info "Enabling SMTP" && joomla_conf_set "\$mailer" "smtp" - debug "Enabling SMTP authorization" && joomla_conf_set "\$smtpauth" "$smtp_auth_req" - debug "Setting SMTP host" && joomla_conf_set "\$smtphost" "$JOOMLA_SMTP_HOST" - ! is_empty_value "$JOOMLA_SMTP_USER" && debug "Setting SMTP user" && joomla_conf_set "\$smtpuser" "$JOOMLA_SMTP_USER" - ! is_empty_value "$JOOMLA_SMTP_PASSWORD" && debug "Setting SMTP password" && joomla_conf_set "\$smtppass" "$JOOMLA_SMTP_PASSWORD" - debug "Setting SMTP port" && joomla_conf_set "\$smtpport" "$JOOMLA_SMTP_PORT_NUMBER" - debug "Setting SMTP protocol" && joomla_conf_set "\$smtpsecure" "$JOOMLA_SMTP_PROTOCOL" - ! is_empty_value "$JOOMLA_SMTP_SENDER_EMAIL" && debug "Setting SMTP sender email" && joomla_conf_set "\$mailfrom" "$JOOMLA_SMTP_SENDER_EMAIL" - ! is_empty_value "$JOOMLA_SMTP_SENDER_NAME" && debug "Setting SMTP sender name" && joomla_conf_set "\$fromname" "$JOOMLA_SMTP_SENDER_NAME" - fi - - info "Setting database host" && joomla_conf_set "\$host" "${JOOMLA_DATABASE_HOST}:${JOOMLA_DATABASE_PORT_NUMBER}" - info "Setting database name" && joomla_conf_set "\$db" "$JOOMLA_DATABASE_NAME" - info "Setting database user" && joomla_conf_set "\$user" "$JOOMLA_DATABASE_USER" - if ! is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - info "Setting database password" && joomla_conf_set "\$password" "$JOOMLA_DATABASE_PASSWORD" - fi - local -r salt="${JOOMLA_SECRET:-$(generate_random_string -t alphanumeric -c 32)}" - info "Setting salt" && joomla_conf_set "\$secret" "$salt" - - info "Trying to connect to the database server" - db_host="$JOOMLA_DATABASE_HOST" - db_port="$JOOMLA_DATABASE_PORT_NUMBER" - db_name="$JOOMLA_DATABASE_NAME" - db_user="$JOOMLA_DATABASE_USER" - db_pass="$JOOMLA_DATABASE_PASSWORD" - joomla_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - - if ! is_boolean_yes "$JOOMLA_SKIP_BOOTSTRAP"; then - local -r version_id="$(joomla_get_version_schema)" - local -r encrypted_password="$(generate_md5_hash "${JOOMLA_PASSWORD}${salt}")" - info "Executing initialization SQL commands" - echo "SOURCE ${JOOMLA_BASE_DIR}/installation/sql/mysql/base.sql" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - echo "SOURCE ${JOOMLA_BASE_DIR}/installation/sql/mysql/extensions.sql" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - echo "SOURCE ${JOOMLA_BASE_DIR}/installation/sql/mysql/supports.sql" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - echo "INSERT INTO jos_users(id, name, username, email, password, block, sendEmail, registerDate, params) VALUES(42, 'Super User', '$JOOMLA_USERNAME', '$JOOMLA_EMAIL', '${encrypted_password}:${salt}', 0, 1, '0000-00-00 00:00:00', '')" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - echo "INSERT INTO jos_user_usergroup_map(user_id, group_id) VALUES(42, 8)" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - echo "INSERT INTO jos_schemas(extension_id, version_id) VALUES(700, '${version_id}')" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - echo "UPDATE jos_extensions SET manifest_cache='{\"version\": \"$(joomla_get_version)\"}' WHERE name='files_joomla'" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - if ! is_boolean_yes "$JOOMLA_LOAD_SAMPLE_DATA"; then - info "Disabling sample data" - echo "UPDATE jos_extensions SET enabled='0' WHERE name LIKE '%sampledata%';" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - fi - else - info "An already initialized Joomla! database was provided, configuration will be skipped" - fi - # Delete installation files for getting the version schema - info "Deleting installation files" - rm -rf "${JOOMLA_BASE_DIR}/installation" - - info "Persisting Joomla! installation" - persist_app "$app_name" "$JOOMLA_DATA_TO_PERSIST" - else - info "Restoring persisted Joomla! installation" - restore_persisted_app "$app_name" "$JOOMLA_DATA_TO_PERSIST" - info "Trying to connect to the database server" - db_host="$(joomla_conf_get "\$host" | awk -F: '{print $1}')" - db_port="$(joomla_conf_get "\$host" | awk -F: '{print $2}')" - db_name="$(joomla_conf_get "\$db")" - db_user="$(joomla_conf_get "\$user")" - db_pass="$(joomla_conf_get "\$password")" - joomla_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Add or modify an entry in the Joomla! configuration file (config.inc.php) -# Globals: -# JOOMLA_* -# Arguments: -# $1 - PHP variable name -# $2 - Value to assign to the PHP variable -# $3 - Whether the value is a literal, or if instead it should be quoted (default: no) -# Returns: -# None -######################### -joomla_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:-}" - local -r is_literal="${3:-no}" - debug "Setting ${key} to '${value}' in Joomla! configuration (literal: ${is_literal})" - # Sanitize key (sed does not support fixed string substitutions) - local sanitized_pattern - sanitized_pattern="public $(sed 's/[]\[^$.*/]/\\&/g' <<< "$key")\s*=.*" - local entry - is_boolean_yes "$is_literal" && entry="${key} = $value;" || entry="public ${key} = '$value';" - # Check if the configuration exists in the file - if grep -q -E "$sanitized_pattern" "$JOOMLA_CONF_FILE"; then - # It exists, so replace the line - replace_in_file "$JOOMLA_CONF_FILE" "$sanitized_pattern" "$entry" - else - # The Joomla! configuration file includes all supported keys, but because of its format, - # we cannot append contents to the end. We can assume thi - warn "Could not set the Joomla! '${key}' configuration. Check that the file has not been modified externally." - fi -} - -######################## -# Get an entry from the Joomla! configuration file (config.inc.php) -# Globals: -# JOOMLA_* -# Arguments: -# $1 - PHP variable name -# Returns: -# None -######################### -joomla_conf_get() { - local -r key="${1:?key missing}" - debug "Getting ${key} from Joomla! configuration" - # Sanitize key (sed does not support fixed string substitutions) - local sanitized_pattern - sanitized_pattern="public $(sed 's/[]\[^$.*/]/\\&/g' <<< "$key")\s*=([^;/]+);.*$" - debug "$sanitized_pattern" - grep -E "$sanitized_pattern" "$JOOMLA_CONF_FILE" | sed -E "s|${sanitized_pattern}|\1|" | tr -d "\"\t' " -} - -######################## -# Wait until the database is accessible with the currently-known credentials -# Globals: -# * -# Arguments: -# $1 - database host -# $2 - database port -# $3 - database name -# $4 - database username -# $5 - database user password (optional) -# Returns: -# true if the database connection succeeded, false otherwise -######################### -joomla_wait_for_db_connection() { - local -r db_host="${1:?missing database host}" - local -r db_port="${2:?missing database port}" - local -r db_name="${3:?missing database name}" - local -r db_user="${4:?missing database user}" - local -r db_pass="${5:-}" - check_mysql_connection() { - echo "SELECT 1" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - } - if ! retry_while "check_mysql_connection"; then - error "Could not connect to the database" - return 1 - fi -} diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh deleted file mode 100644 index 39569da01dc3d..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh +++ /dev/null @@ -1,1094 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL Client library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Validate settings in MYSQL_CLIENT_* environment variables -# Globals: -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_validate() { - info "Validating settings in MYSQL_CLIENT_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - - # Only validate environment variables if any action needs to be performed - check_yes_no_value "MYSQL_CLIENT_ENABLE_SSL_WRAPPER" - check_multi_value "MYSQL_CLIENT_FLAVOR" "mariadb mysql" - - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" ]]; then - empty_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" - fi - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && [[ -z "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then - empty_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - if [[ "${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" - fi - if [[ "${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - return "$error_code" -} - -######################## -# Perform actions to a database -# Globals: -# DB_* -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_initialize() { - # Wrap binary to force the usage of SSL - if is_boolean_yes "$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"; then - mysql_client_wrap_binary_for_ssl - fi - # Wait for the database to be accessible if any action needs to be performed - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - info "Trying to connect to the database server" - check_mysql_connection() { - echo "SELECT 1" | mysql_execute "mysql" "$MYSQL_CLIENT_DATABASE_ROOT_USER" "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" "-h" "$MYSQL_CLIENT_DATABASE_HOST" "-P" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER" - } - if ! retry_while "check_mysql_connection"; then - error "Could not connect to the database server" - return 1 - fi - fi - # Ensure a database user exists in the server - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]]; then - info "Creating database user ${MYSQL_CLIENT_CREATE_DATABASE_USER}" - local -a args=("$MYSQL_CLIENT_CREATE_DATABASE_USER" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD") - [[ -n "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN") - mysql_ensure_optional_user_exists "${args[@]}" - fi - # Ensure a database exists in the server (and that the user has write privileges, if specified) - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - info "Creating database ${MYSQL_CLIENT_CREATE_DATABASE_NAME}" - local -a createdb_args=("$MYSQL_CLIENT_CREATE_DATABASE_NAME" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" ]] && createdb_args+=("--privileges" "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES") - mysql_ensure_optional_database_exists "${createdb_args[@]}" - fi -} - -######################## -# Wrap binary to force the usage of SSL -# Globals: -# DB_* -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_wrap_binary_for_ssl() { - local wrapper_file="${DB_BIN_DIR}/mysql" - # In MySQL Client 10.6, mysql is a link to the mariadb binary - if [[ -f "${DB_BIN_DIR}/mariadb" ]]; then - wrapper_file="${DB_BIN_DIR}/mariadb" - fi - local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql" - local -a ssl_opts=() - read -r -a ssl_opts <<<"$(mysql_client_extra_opts)" - - mv "$wrapper_file" "$wrapped_binary_file" - cat >"$wrapper_file" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libphp.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libphp.sh deleted file mode 100644 index 838cd2b4289fa..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/libphp.sh +++ /dev/null @@ -1,265 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami PHP library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libwebserver.sh - -######################## -# Add or modify an entry in the main PHP configuration file (php.ini) -# Globals: -# PHP_CONF_FILE -# Arguments: -# $1 - Key -# $2 - Value -# $3 - File to modify (default: $PHP_CONF_FILE) -# Returns: -# None -######################### -php_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - local -r file="${3:-"$PHP_CONF_FILE"}" - local pattern="^[; ]*${key}\s*=.*$" - if [[ "$key" = "extension" || "$key" = "zend_extension" ]]; then - # The "extension" property works a bit different for PHP, as there is one per module to be included, meaning it is additive unlike other configurations - # Because of that, we first check if the extension was defined in the file to replace the proper entry - pattern="^[; ]*${key}\s*=\s*[\"]?${value}(\.so)?[\"]?\s*$" - fi - local -r entry="${key} = ${value}" - if is_file_writable "$file"; then - # Not using the ini-file tool since it does not play well with php.ini - if grep -q -E "$pattern" "$file"; then - replace_in_file "$file" "$pattern" "$entry" - else - cat >> "$file" <<< "$entry" - fi - else - warn "The PHP configuration file '${file}' is not writable. The '${key}' option will not be configured." - fi -} - -######################## -# Ensure PHP is initialized -# Globals: -# PHP_* -# Arguments: -# None -# Returns: -# None -######################### -php_initialize() { - # Configure PHP options based on the runtime environment - info "Configuring PHP options" - if ! is_dir_empty "$PHP_DEFAULT_CONF_DIR"; then - # Copy default configuration to php configuration directory - cp -nr "$PHP_DEFAULT_CONF_DIR"/. "$PHP_CONF_DIR" - fi - php_set_runtime_config "$PHP_CONF_FILE" - - - # PHP-FPM configuration - ! is_empty_value "$PHP_FPM_LISTEN_ADDRESS" && info "Setting PHP-FPM listen option" && php_conf_set "listen" "$PHP_FPM_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Set PHP runtime options, based on user-provided environment variables -# Globals: -# PHP_* -# Arguments: -# None -# Returns: -# None -######################### -php_set_runtime_config() { - local -r conf_file="${1:?missing conf file}" - - ! is_empty_value "$PHP_DATE_TIMEZONE" && info "Setting PHP date.timezone option" && php_conf_set date.timezone "$PHP_DATE_TIMEZONE" "$conf_file" - ! is_empty_value "$PHP_ENABLE_OPCACHE" && info "Setting PHP opcache.enable option" && php_conf_set opcache.enable "$PHP_ENABLE_OPCACHE" "$conf_file" - ! is_empty_value "$PHP_EXPOSE_PHP" && info "Setting PHP expose_php option" && php_conf_set expose_php "$PHP_EXPOSE_PHP" "$conf_file" - ! is_empty_value "$PHP_MAX_EXECUTION_TIME" && info "Setting PHP max_execution_time option" && php_conf_set max_execution_time "$PHP_MAX_EXECUTION_TIME" "$conf_file" - ! is_empty_value "$PHP_MAX_INPUT_TIME" && info "Setting PHP max_input_time option" && php_conf_set max_input_time "$PHP_MAX_INPUT_TIME" "$conf_file" - ! is_empty_value "$PHP_MAX_INPUT_VARS" && info "Setting PHP max_input_vars option" && php_conf_set max_input_vars "$PHP_MAX_INPUT_VARS" "$conf_file" - ! is_empty_value "$PHP_MEMORY_LIMIT" && info "Setting PHP memory_limit option" && php_conf_set memory_limit "$PHP_MEMORY_LIMIT" "$conf_file" - ! is_empty_value "$PHP_POST_MAX_SIZE" && info "Setting PHP post_max_size option" && php_conf_set post_max_size "$PHP_POST_MAX_SIZE" "$conf_file" - ! is_empty_value "$PHP_UPLOAD_MAX_FILESIZE" && info "Setting PHP upload_max_filesize option" && php_conf_set upload_max_filesize "$PHP_UPLOAD_MAX_FILESIZE" "$conf_file" - ! is_empty_value "$PHP_OUTPUT_BUFFERING" && info "Setting PHP output_buffering option" && php_conf_set output_buffering "$PHP_OUTPUT_BUFFERING" "$conf_file" - - true -} - -######################## -# Convert a yes/no value to a PHP boolean -# Globals: -# None -# Arguments: -# $1 - yes/no value -# Returns: -# None -######################### -php_convert_to_boolean() { - local -r value="${1:?missing value}" - is_boolean_yes "$value" && echo "true" || echo "false" -} - -######################## -# Execute/run PHP code and print to stdout -# Globals: -# None -# Stdin: -# Code to execute -# Arguments: -# $1..$n - Input arguments to script -# Returns: -# None -######################### -php_execute_print_output() { - local php_cmd - # Obtain the command specified via stdin - php_cmd="$(/dev/null 2>&1 & - if ! retry_while "is_php_fpm_running"; then - error "php-fpm did not start" - error_code=1 - else - info "php-fpm started" - fi -else - info "php-fpm is already running" -fi - -exit "$error_code" diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/php/status.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/php/status.sh deleted file mode 100755 index 2ca4fb384d050..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/php/status.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -if is_php_fpm_running; then - info "php-fpm is already running" -else - info "php-fpm is not running" -fi diff --git a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh b/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh deleted file mode 100755 index 74274a4b4ee30..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -error_code=0 - -if is_php_fpm_running; then - BITNAMI_QUIET=1 php_fpm_stop - if ! retry_while "is_php_fpm_not_running"; then - error "php-fpm could not be stopped" - error_code=1 - else - info "php-fpm stopped" - fi -else - info "php-fpm is not running" -fi - -exit "$error_code" diff --git a/bitnami/joomla/5/debian-12/rootfs/post-init.d/php.sh b/bitnami/joomla/5/debian-12/rootfs/post-init.d/php.sh deleted file mode 100755 index 6be2585cbc533..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/post-init.d/php.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Executes custom PHP init scripts - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries with logging functions -if [[ -f /opt/bitnami/base/functions ]]; then - . /opt/bitnami/base/functions -else - . /opt/bitnami/scripts/liblog.sh -fi - -# Loop through all input files passed via stdin -read -r -a custom_init_scripts <<< "$@" -failure=0 -if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then - for custom_init_script in "${custom_init_scripts[@]}"; do - [[ "$custom_init_script" != *".php" ]] && continue - info "Executing ${custom_init_script} with PHP interpreter" - php "$custom_init_script" || failure=1 - [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" - done -fi - -exit "$failure" diff --git a/bitnami/joomla/5/debian-12/rootfs/post-init.sh b/bitnami/joomla/5/debian-12/rootfs/post-init.sh deleted file mode 100755 index bd3d10b9e0acc..0000000000000 --- a/bitnami/joomla/5/debian-12/rootfs/post-init.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Only execute init scripts once -if [[ ! -f "/bitnami/joomla/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then - read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)" - if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/joomla/.user_scripts_initialized" ]]; then - mkdir -p "/bitnami/joomla" - for init_script in "${init_scripts[@]}"; do - for init_script_type_handler in /post-init.d/*.sh; do - "$init_script_type_handler" "$init_script" - done - done - fi - - touch "/bitnami/joomla/.user_scripts_initialized" -fi diff --git a/bitnami/joomla/5/debian-12/tags-info.yaml b/bitnami/joomla/5/debian-12/tags-info.yaml deleted file mode 100644 index 525a61a4d01e0..0000000000000 --- a/bitnami/joomla/5/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "5" -- 5-debian-12 -- 5.1.1 -- latest diff --git a/bitnami/joomla/README.md b/bitnami/joomla/README.md deleted file mode 100644 index 6d2e011b77022..0000000000000 --- a/bitnami/joomla/README.md +++ /dev/null @@ -1,522 +0,0 @@ -# Bitnami package for Joomla! - -## What is Joomla!? - -> Joomla! is an award winning open source CMS platform for building websites and applications. It includes page caching, page compression and Let's Encrypt auto-configuration support. - -[Overview of Joomla!](http://www.joomla.org/) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -### Docker Compose - -```console -curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/joomla/docker-compose.yml > docker-compose.yml -docker-compose up -d -``` - -**Warning**: This quick setup is only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Environment Variables](#environment-variables) section for a more secure deployment. - -### Why use Bitnami Images? - -* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. -* With Bitnami images the latest bug fixes and features are available as soon as possible. -* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. -* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. -* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. -* Bitnami container images are released on a regular basis with the latest distribution packages available. - -Looking to use Joomla! in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## How to deploy Joomla! in Kubernetes? - -Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami Joomla! Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/joomla). - -Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -### Why use a non-root container? - -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). - -### Supported tags and respective `Dockerfile` links - -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). - -You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. - -Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). - -### Get this image - -The recommended way to get the Bitnami Joomla! Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/joomla). - -```console -docker pull bitnami/joomla:latest -``` - -To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/joomla/tags/) in the Docker Hub Registry. - -```console -docker pull bitnami/joomla:[TAG] -``` - -If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. - -```console -git clone https://github.com/bitnami/containers.git -cd bitnami/APP/VERSION/OPERATING-SYSTEM -docker build -t bitnami/APP:latest . -``` - -### How to use this image - -Joomla! requires access to a MySQL or MariaDB database to store information. We'll use the [Bitnami Docker Image for MariaDB](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) for the database requirements. - -#### Using the Docker Command Line - -##### Step 1: Create a network - -```console -docker network create joomla-network -``` - -##### Step 2: Create a volume for MariaDB persistence and create a MariaDB container - -```console -$ docker volume create --name mariadb_data -docker run -d --name mariadb \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MARIADB_USER=bn_joomla \ - --env MARIADB_PASSWORD=bitnami \ - --env MARIADB_DATABASE=bitnami_joomla \ - --network joomla-network \ - --volume mariadb_data:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -##### Step 3: Create volumes for Joomla! persistence and launch the container - -```console -$ docker volume create --name joomla_data -docker run -d --name joomla \ - -p 8080:8080 -p 8443:8443 \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env JOOMLA_DATABASE_USER=bn_joomla \ - --env JOOMLA_DATABASE_PASSWORD=bitnami \ - --env JOOMLA_DATABASE_NAME=bitnami_joomla \ - --network joomla-network \ - --volume joomla_data:/bitnami/joomla \ - bitnami/joomla:latest -``` - -Access your application at `http://your-ip/` - -#### Run the application using Docker Compose - -```console -curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/joomla/docker-compose.yml > docker-compose.yml -docker-compose up -d -``` - -Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/joomla). - -If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). - -### Persisting your application - -If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed. - -For persistence you should mount a directory at the `/bitnami/joomla` path. If the mounted directory is empty, it will be initialized on the first run. Additionally you should [mount a volume for persistence of the MariaDB data](https://github.com/bitnami/containers/blob/main/bitnami/mariadb#persisting-your-database). - -The above examples define the Docker volumes named mariadb_data and joomla_data. The Joomla! application state will persist as long as volumes are not removed. - -To avoid inadvertent removal of volumes, you can mount host directories as data volumes. Alternatively you can make use of volume plugins to host the volume data. - -#### Mount host directories as data volumes with Docker Compose - -This requires a minor change to the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/joomla/docker-compose.yml) file present in this repository: - -```diff - mariadb: - ... - volumes: -- - 'mariadb_data:/bitnami/mariadb' -+ - /path/to/mariadb-persistence:/bitnami/mariadb - ... - joomla: - ... - volumes: -- - 'joomla_data:/bitnami/joomla' -+ - /path/to/joomla-persistence:/bitnami/joomla - ... --volumes: -- mariadb_data: -- driver: local -- joomla_data: -- driver: local -``` - -> NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID `1001`. - -#### Mount host directories as data volumes using the Docker command line - -##### Step 1: Create a network (if it does not exist) - -```console -docker network create joomla-network -``` - -##### Step 2. Create a MariaDB container with host volume - -```console -docker run -d --name mariadb \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MARIADB_USER=bn_joomla \ - --env MARIADB_PASSWORD=bitnami \ - --env MARIADB_DATABASE=bitnami_joomla \ - --network joomla-network \ - --volume /path/to/mariadb-persistence:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -##### Step 3. Create the Joomla! container with host volumes - -```console -docker run -d --name joomla \ - -p 8080:8080 -p 8443:8443 \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env JOOMLA_DATABASE_USER=bn_joomla \ - --env JOOMLA_DATABASE_PASSWORD=bitnami \ - --env JOOMLA_DATABASE_NAME=bitnami_joomla \ - --network joomla-network \ - --volume /path/to/joomla-persistence:/bitnami/joomla \ - bitnami/joomla:latest -``` - -## Configuration - -### Environment variables - -#### Customizable environment variables - -| Name | Description | Default Value | -|---------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|----------------------------------------| -| `JOOMLA_DATA_TO_PERSIST` | Files to persist relative to the Joomla! installation directory. To provide multiple values, separate them with a whitespace. | `$JOOMLA_BASE_DIR` | -| `JOOMLA_LOAD_SAMPLE_DATA` | Load Joomla sample data. | `yes` | -| `JOOMLA_SKIP_BOOTSTRAP` | Whether to perform initial bootstrapping for the application. | `nil` | -| `JOOMLA_USERNAME` | Joomla! user name. | `user` | -| `JOOMLA_PASSWORD` | Joomla! user password. | `bitnami` | -| `JOOMLA_EMAIL` | Joomla! user e-mail address. | `user@example.com` | -| `JOOMLA_SITE_NAME` | Joomla! site name | `$JOOMLA_DEFAULT_SITE_NAME` | -| `JOOMLA_SECRET` | Secret value for data encryption (auto-generated if not provided) | `nil` | -| `JOOMLA_SMTP_HOST` | Joomla! SMTP server host. | `nil` | -| `JOOMLA_SMTP_PORT_NUMBER` | Joomla! SMTP server port number. | `nil` | -| `JOOMLA_SMTP_USER` | Joomla! SMTP server user. | `nil` | -| `JOOMLA_SMTP_PASSWORD` | Joomla! SMTP server user password. | `nil` | -| `JOOMLA_SMTP_PROTOCOL` | Joomla! SMTP server protocol. | `nil` | -| `JOOMLA_SMTP_SENDER_EMAIL` | Joomla! SMTP Sender email. | `nil` | -| `JOOMLA_SMTP_SENDER_NAME` | Joomla! SMTP Sender name. | `nil` | -| `JOOMLA_DEFAULT_DATABASE_PORT_NUMBER` | Database server port. | `3306` | -| `JOOMLA_DATABASE_HOST` | Database server host. | `$JOOMLA_DEFAULT_DATABASE_HOST` | -| `JOOMLA_DATABASE_PORT_NUMBER` | Database server port. | `$JOOMLA_DEFAULT_DATABASE_PORT_NUMBER` | -| `JOOMLA_DATABASE_NAME` | Database name. | `bitnami_joomla` | -| `JOOMLA_DATABASE_USER` | Database user name. | `bn_joomla` | -| `JOOMLA_DATABASE_PASSWORD` | Database user password. | `nil` | - -#### Read-only environment variables - -| Name | Description | Value | -|--------------------------------|---------------------------------------------|----------------------------------------| -| `JOOMLA_BASE_DIR` | Joomla! installation directory. | `${BITNAMI_ROOT_DIR}/joomla` | -| `JOOMLA_TMP_DIR` | Joomla! installation directory. | `${JOOMLA_BASE_DIR}/tmp` | -| `JOOMLA_LOGS_DIR` | Joomla! installation directory. | `${JOOMLA_BASE_DIR}/logs` | -| `JOOMLA_CONF_FILE` | Configuration file for Joomla!. | `${JOOMLA_BASE_DIR}/configuration.php` | -| `JOOMLA_VOLUME_DIR` | Joomla! directory for persisted data files. | `${BITNAMI_VOLUME_DIR}/joomla` | -| `JOOMLA_DEFAULT_SITE_NAME` | Joomla! default site name | `My site` | -| `JOOMLA_DEFAULT_DATABASE_HOST` | Default database server host. | `mariadb` | -| `PHP_DEFAULT_MEMORY_LIMIT` | Default PHP memory limit. | `256M` | - -When you start the Joomla! image, you can adjust the configuration of the instance by passing one or more environment variables either on the docker-compose file or on the `docker run` command line. If you want to add a new environment variable: - -* For docker-compose add the variable name and value under the application section in the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/joomla/docker-compose.yml) file present in this repository: - -```yaml -joomla: - ... - environment: - - JOOMLA_PASSWORD=my_password - ... -``` - -* For manual execution add a `--env` option with each variable and value: - - ```console - docker run -d --name joomla -p 80:8080 -p 443:8443 \ - --env JOOMLA_PASSWORD=my_password \ - --network joomla-tier \ - --volume /path/to/joomla-persistence:/bitnami \ - bitnami/joomla:latest - ``` - -#### Example - -This would be an example of SMTP configuration using a Gmail account: - -* Modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/joomla/docker-compose.yml) file present in this repository: - -```yaml - joomla: - ... - environment: - - JOOMLA_DATABASE_USER=bn_joomla - - JOOMLA_DATABASE_NAME=bitnami_joomla - - ALLOW_EMPTY_PASSWORD=yes - - JOOMLA_SMTP_HOST=smtp.gmail.com - - JOOMLA_SMTP_PORT=587 - - JOOMLA_SMTP_USER=your_email@gmail.com - - JOOMLA_SMTP_PASSWORD=your_password - - JOOMLA_SMTP_PROTOCOL=tls - ... -``` - -* For manual execution: - - ```console - docker run -d --name joomla -p 80:8080 -p 443:8443 \ - --env JOOMLA_DATABASE_USER=bn_joomla \ - --env JOOMLA_DATABASE_NAME=bitnami_joomla \ - --env JOOMLA_SMTP_HOST=smtp.gmail.com \ - --env JOOMLA_SMTP_PORT=587 \ - --env JOOMLA_SMTP_USER=your_email@gmail.com \ - --env JOOMLA_SMTP_PASSWORD=your_password \ - --env JOOMLA_SMTP_PROTOCOL=tls \ - --network joomla-tier \ - --volume /path/to/joomla-persistence:/bitnami \ - bitnami/joomla:latest - ``` - -#### Installing additional language packs - -By default, this container packs a generic English version of Joomla!. Nevertheless, more Language Packs can be added to the default configuration using the in-platform Administration [interface](https://docs.joomla.org/J3.x:Setup_a_Multilingual_Site/Installing_New_Language). In order to fully support a new Language Pack it is also a requirement to update the system's locales files. We highly recommend [extending](https://github.com/bitnami/containers/blob/main/bitnami/joomla#extend-this-image) the default image and adding as many locales as needed: -+Stop the currently running container using the command - -```Dockerfile -FROM bitnami/joomla -RUN echo "es_ES.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen -``` - -Bear in mind that in the example above `es_ES.UTF-8 UTF-8` is the locale needed for the desired Language Pack to install. You may change this value to the locale corresponding to your pack. - -### Logging - -The Bitnami Joomla! Docker image sends the container logs to `stdout`. To view the logs: - -```console -docker logs joomla -``` - -Or using Docker Compose: - -```console -docker-compose logs joomla -``` - -You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver. - -### Maintenance - -#### Backing up your container - -To backup your data, configuration and logs, follow these simple steps: - -##### Step 1: Stop the currently running container - -```console -docker stop joomla -``` - -Or using Docker Compose: - -```console -docker-compose stop joomla -``` - -##### Step 2: Run the backup command - -We need to mount two volumes in a container we will use to create the backup: a directory on your host to store the backup in, and the volumes from the container we just stopped so we can access the data. - -```console -docker run --rm -v /path/to/joomla-backups:/backups --volumes-from joomla busybox \ - cp -a /bitnami/joomla /backups/latest -``` - -#### Restoring a backup - -Restoring a backup is as simple as mounting the backup as volumes in the containers. - -For the MariaDB database container: - -```diff - $ docker run -d --name mariadb \ - ... -- --volume /path/to/mariadb-persistence:/bitnami/mariadb \ -+ --volume /path/to/mariadb-backups/latest:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -For the Joomla! container: - -```diff - $ docker run -d --name joomla \ - ... -- --volume /path/to/joomla-persistence:/bitnami/joomla \ -+ --volume /path/to/joomla-backups/latest:/bitnami/joomla \ - bitnami/joomla:latest -``` - -#### Upgrade this image - -> **NOTE:** Application upgrades should be done manually inside the docker container following the [official documentation](https://docs.joomla.org/J3.x:Updating_from_an_existing_version). -> As an alternative, you can try upgrading using an updated Docker image. However, any data from the Joomla! container will be lost and you will have to reinstall all the plugins and themes you manually added. - -Bitnami provides up-to-date versions of MariaDB and Joomla!, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container. We will cover here the upgrade of the Joomla! container. For the MariaDB upgrade see: - -##### Step 1: Get the updated image - -```console -docker pull bitnami/joomla:latest -``` - -##### Step 2: Stop the running container - -Stop the currently running container using the command - -```console -docker-compose stop joomla -``` - -##### Step 3: Take a snapshot of the application state - -Follow the steps in [Backing up your container](#backing-up-your-container) to take a snapshot of the current application state. - -##### Step 4: Remove the currently running container - -Remove the currently running container by executing the following command: - -```console -docker-compose rm -v joomla -``` - -##### Step 5: Run the new image - -Update the image tag in `docker-compose.yml` and re-create your container with the new image: - -```console -docker-compose up -d -``` - -### Customize this image - -The Bitnami Joomla! Docker image is designed to be extended so it can be used as the base image for your custom web applications. - -#### Extend this image - -Before extending this image, please note there are certain configuration settings you can modify using the original image: - -* Settings that can be adapted using environment variables. For instance, you can change the ports used by Apache for HTTP and HTTPS, by setting the environment variables `APACHE_HTTP_PORT_NUMBER` and `APACHE_HTTPS_PORT_NUMBER` respectively. -* [Adding custom virtual hosts](https://github.com/bitnami/containers/blob/main/bitnami/apache#adding-custom-virtual-hosts). -* [Replacing the 'httpd.conf' file](https://github.com/bitnami/containers/blob/main/bitnami/apache#full-configuration). -* [Using custom SSL certificates](https://github.com/bitnami/containers/blob/main/bitnami/apache#using-custom-ssl-certificates). - -If your desired customizations cannot be covered using the methods mentioned above, extend the image. To do so, create your own image using a Dockerfile with the format below: - -```Dockerfile -FROM bitnami/joomla -### Put your customizations below -... -``` - -Here is an example of extending the image with the following modifications: - -* Install the `vim` editor -* Modify the Apache configuration file -* Modify the ports used by Apache - -```Dockerfile -FROM bitnami/joomla - -### Change user to perform privileged actions -USER 0 -### Install 'vim' -RUN install_packages vim -### Revert to the original non-root user -USER 1001 - -### Enable mod_ratelimit module -RUN sed -i -r 's/#LoadModule ratelimit_module/LoadModule ratelimit_module/' /opt/bitnami/apache/conf/httpd.conf - -### Modify the ports used by Apache by default -## It is also possible to change these environment variables at runtime -ENV APACHE_HTTP_PORT_NUMBER=8181 -ENV APACHE_HTTPS_PORT_NUMBER=8143 -EXPOSE 8181 8143 -``` - -Based on the extended image, you can update the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/joomla/docker-compose.yml) file present in this repository to add other features: - -```diff - joomla: -- image: bitnami/joomla:latest -+ build: . - ports: -- - '80:8080' -- - '443:8443' -+ - '80:8181' -+ - '443:8143' - environment: - ... -+ - PHP_MEMORY_LIMIT=512m - ... -``` - -## Notable Changes - -### 3.9.20-debian-10-r0 - -* The size of the container image has been decreased. -* The configuration logic is now based on Bash scripts in the *rootfs/* folder. -* The Joomla! container image has been migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by changing `USER 1001` to `USER root` in the Dockerfile, or `user: root` in `docker-compose.yml`. Consequences: - * The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. - * Backwards compatibility is not guaranteed when data is persisted using docker or docker-compose. We highly recommend migrating the Joomla! site by exporting its content, and importing it on a new Joomla! container. Follow the steps in [Backing up your container](#backing-up-your-container) and [Restoring a backup](#restoring-a-backup) to migrate the data between the old and new container. - -### 3.9.6-debian-9-r12 and 3.9.6-ol-7-r14 - -* This image has been adapted so it's easier to customize. See the [Customize this image](#customize-this-image) section for more information. -* The Apache configuration volume (`/bitnami/apache`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the Apache configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom Apache configuration files are advised to mount a volume for the configuration at `/opt/bitnami/apache/conf`, or mount specific configuration files individually. -* The PHP configuration volume (`/bitnami/php`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the PHP configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom PHP configuration files are advised to mount a volume for the configuration at `/opt/bitnami/php/conf`, or mount specific configuration files individually. -* Enabling custom Apache certificates by placing them at `/opt/bitnami/apache/certs` has been deprecated, and support for this functionality will be dropped in the near future. Users wanting to enable custom certificates are advised to mount their certificate files on top of the preconfigured ones at `/certs`. - -## Contributing - -We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. - -## Issues - -If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/bitnami/joomla/docker-compose.yml b/bitnami/joomla/docker-compose.yml deleted file mode 100644 index a2b767be1d7a2..0000000000000 --- a/bitnami/joomla/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - mariadb: - image: docker.io/bitnami/mariadb:11.3 - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_joomla - - MARIADB_DATABASE=bitnami_joomla - volumes: - - 'mariadb_data:/bitnami/mariadb' - joomla: - image: docker.io/bitnami/joomla:5 - ports: - - '80:8080' - - '443:8443' - environment: - - JOOMLA_DATABASE_HOST=mariadb - - JOOMLA_DATABASE_PORT_NUMBER=3306 - - JOOMLA_DATABASE_USER=bn_joomla - - JOOMLA_DATABASE_NAME=bitnami_joomla - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - 'joomla_data:/bitnami/joomla' - depends_on: - - mariadb -volumes: - mariadb_data: - driver: local - joomla_data: - driver: local diff --git a/bitnami/jsonnet/0/debian-12/Dockerfile b/bitnami/jsonnet/0/debian-12/Dockerfile index a8a19b474edea..3294fb43585fe 100644 --- a/bitnami/jsonnet/0/debian-12/Dockerfile +++ b/bitnami/jsonnet/0/debian-12/Dockerfile @@ -3,15 +3,16 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:01:46Z" \ + org.opencontainers.image.created="2024-12-23T16:06:16Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jsonnet/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.20.0-debian-12-r18" \ + org.opencontainers.image.ref.name="0.20.0-debian-12-r29" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jsonnet" \ org.opencontainers.image.title="jsonnet" \ org.opencontainers.image.vendor="Broadcom, Inc." \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libgcc-s1 libstdc++6 procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "jsonnet-0.20.0-3-linux-${OS_ARCH}-debian-12" \ + "jsonnet-0.20.0-4-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ diff --git a/bitnami/jsonnet/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jsonnet/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index fb380e7e99910..9f251e5c5ab1e 100644 --- a/bitnami/jsonnet/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/jsonnet/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.20.0-3" + "version": "0.20.0-4" } } \ No newline at end of file diff --git a/bitnami/jsonnet/README.md b/bitnami/jsonnet/README.md index 511c1d620b27f..59393eb1b8707 100644 --- a/bitnami/jsonnet/README.md +++ b/bitnami/jsonnet/README.md @@ -22,11 +22,17 @@ docker run --name jsonnet bitnami/jsonnet:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Jsonnet in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Jsonnet in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/jupyter-base-notebook/4/README.md b/bitnami/jupyter-base-notebook/4/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/jupyter-base-notebook/4/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/jupyter-base-notebook/4/debian-12/Dockerfile b/bitnami/jupyter-base-notebook/4/debian-12/Dockerfile index 5a64137a5f61f..7280dda406db9 100644 --- a/bitnami/jupyter-base-notebook/4/debian-12/Dockerfile +++ b/bitnami/jupyter-base-notebook/4/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T07:07:15Z" \ + org.opencontainers.image.created="2025-01-07T12:54:45Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jupyter-base-notebook/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="4.1.5-debian-12-r6" \ + org.opencontainers.image.ref.name="4.1.6-debian-12-r21" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jupyter-base-notebook" \ org.opencontainers.image.title="jupyter-base-notebook" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="4.1.5" + org.opencontainers.image.version="4.1.6" ENV HOME="/opt/bitnami/jupyterhub-singleuser/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,16 +26,16 @@ ENV HOME="/opt/bitnami/jupyterhub-singleuser/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl libcrypt1 libgcc-s1 libstdc++6 procps zlib1g +RUN install_packages ca-certificates curl libgcc-s1 libstdc++6 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "miniconda-24.4.0-0-linux-${OS_ARCH}-debian-12" \ - "jupyter-base-notebook-4.1.5-4-linux-${OS_ARCH}-debian-12" \ + "miniforge-24.11.2-0-linux-${OS_ARCH}-debian-12" \ + "jupyter-base-notebook-4.1.6-20-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,9 +48,9 @@ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir /opt/bitnami/jupyterhub-singleuser/ && chmod g+rwX /opt/bitnami/jupyterhub-singleuser/ -ENV APP_VERSION="4.1.5" \ +ENV APP_VERSION="4.1.6" \ BITNAMI_APP_NAME="jupyter-base-notebook" \ - PATH="/opt/bitnami/miniconda/bin:/opt/bitnami/common/bin:$PATH" + PATH="/opt/bitnami/miniforge/bin:/opt/bitnami/common/bin:$PATH" USER 1001 ENTRYPOINT [ "tini", "-g", "--" ] diff --git a/bitnami/jupyter-base-notebook/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jupyter-base-notebook/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index ca83e809d5d18..1228815580f3b 100644 --- a/bitnami/jupyter-base-notebook/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/jupyter-base-notebook/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.1.5-4" + "version": "4.1.6-20" }, - "miniconda": { + "miniforge": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "24.4.0-0" + "version": "24.11.2-0" } } \ No newline at end of file diff --git a/bitnami/jupyter-base-notebook/4/debian-12/tags-info.yaml b/bitnami/jupyter-base-notebook/4/debian-12/tags-info.yaml index 65f53af605284..e3a6a20b79ee2 100644 --- a/bitnami/jupyter-base-notebook/4/debian-12/tags-info.yaml +++ b/bitnami/jupyter-base-notebook/4/debian-12/tags-info.yaml @@ -1,5 +1,4 @@ rolling-tags: - "4" - 4-debian-12 -- 4.1.5 -- latest +- 4.1.6 diff --git a/bitnami/jupyter-base-notebook/5/README.md b/bitnami/jupyter-base-notebook/5/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/jupyter-base-notebook/5/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/jupyter-base-notebook/5/debian-12/Dockerfile b/bitnami/jupyter-base-notebook/5/debian-12/Dockerfile deleted file mode 100644 index 7329890b2ab18..0000000000000 --- a/bitnami/jupyter-base-notebook/5/debian-12/Dockerfile +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-06-03T12:45:04Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jupyter-base-notebook/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="5.0.0-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jupyter-base-notebook" \ - org.opencontainers.image.title="jupyter-base-notebook" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="5.0.0" - -ENV HOME="/opt/bitnami/jupyterhub-singleuser/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libcrypt1 libgcc-s1 libstdc++6 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "miniconda-24.4.0-0-linux-${OS_ARCH}-debian-12" \ - "jupyter-base-notebook-5.0.0-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /opt/bitnami/jupyterhub-singleuser/ && chmod g+rwX /opt/bitnami/jupyterhub-singleuser/ - -ENV APP_VERSION="5.0.0" \ - BITNAMI_APP_NAME="jupyter-base-notebook" \ - PATH="/opt/bitnami/miniconda/bin:/opt/bitnami/common/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "tini", "-g", "--" ] -CMD [ "jupyterhub-singleuser" ] diff --git a/bitnami/jupyter-base-notebook/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jupyter-base-notebook/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index e0e0c3821bfe2..0000000000000 --- a/bitnami/jupyter-base-notebook/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "jupyter-base-notebook": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "5.0.0-0" - }, - "miniconda": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "24.4.0-0" - } -} \ No newline at end of file diff --git a/bitnami/jupyter-base-notebook/5/debian-12/tags-info.yaml b/bitnami/jupyter-base-notebook/5/debian-12/tags-info.yaml deleted file mode 100644 index 85f30bedf9c9a..0000000000000 --- a/bitnami/jupyter-base-notebook/5/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "5" -- 5-debian-12 -- 5.0.0 -- latest diff --git a/bitnami/jupyter-base-notebook/README.md b/bitnami/jupyter-base-notebook/README.md index cb27ed45cefe0..569f020c053b5 100644 --- a/bitnami/jupyter-base-notebook/README.md +++ b/bitnami/jupyter-base-notebook/README.md @@ -22,11 +22,17 @@ docker run --name jupyter-base-notebook bitnami/jupyter-base-notebook:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Jupyter Base Notebook in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Jupyter Base Notebook in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -56,7 +62,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -101,7 +107,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/jupyterhub/4/README.md b/bitnami/jupyterhub/4/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/jupyterhub/4/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/jupyterhub/4/debian-12/Dockerfile b/bitnami/jupyterhub/4/debian-12/Dockerfile index 2648696f8f2f2..54a1531ce21fd 100644 --- a/bitnami/jupyterhub/4/debian-12/Dockerfile +++ b/bitnami/jupyterhub/4/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-29T07:07:22Z" \ + org.opencontainers.image.created="2025-01-07T12:16:52Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jupyterhub/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="4.1.5-debian-12-r6" \ + org.opencontainers.image.ref.name="4.1.6-debian-12-r9" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jupyterhub" \ org.opencontainers.image.title="jupyterhub" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="4.1.5" + org.opencontainers.image.version="4.1.6" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,16 +26,16 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl libcrypt1 libgcc-s1 libstdc++6 procps zlib1g +RUN install_packages ca-certificates curl libgcc-s1 libstdc++6 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "miniconda-24.4.0-0-linux-${OS_ARCH}-debian-12" \ - "jupyterhub-4.1.5-2-linux-${OS_ARCH}-debian-12" \ + "miniforge-24.11.2-0-linux-${OS_ARCH}-debian-12" \ + "jupyterhub-4.1.6-5-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,9 +47,9 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="4.1.5" \ +ENV APP_VERSION="4.1.6" \ BITNAMI_APP_NAME="jupyterhub" \ - PATH="/opt/bitnami/miniconda/bin:/opt/bitnami/miniconda/bin/:$PATH" + PATH="/opt/bitnami/miniforge/bin:/opt/bitnami/miniforge/bin/:$PATH" USER 1001 ENTRYPOINT [ "jupyterhub" ] diff --git a/bitnami/jupyterhub/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jupyterhub/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 959d0827090b3..0e7c140099447 100644 --- a/bitnami/jupyterhub/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/jupyterhub/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.1.5-2" + "version": "4.1.6-5" }, - "miniconda": { + "miniforge": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "24.4.0-0" + "version": "24.11.2-0" } } \ No newline at end of file diff --git a/bitnami/jupyterhub/4/debian-12/tags-info.yaml b/bitnami/jupyterhub/4/debian-12/tags-info.yaml index 65f53af605284..b16c66cb2f00b 100644 --- a/bitnami/jupyterhub/4/debian-12/tags-info.yaml +++ b/bitnami/jupyterhub/4/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "4" - 4-debian-12 -- 4.1.5 +- 4.1.6 - latest diff --git a/bitnami/jupyterhub/5/README.md b/bitnami/jupyterhub/5/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/jupyterhub/5/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/jupyterhub/README.md b/bitnami/jupyterhub/README.md index 4bc82e2e36170..92d5bccde41ee 100644 --- a/bitnami/jupyterhub/README.md +++ b/bitnami/jupyterhub/README.md @@ -20,11 +20,17 @@ This image is meant to run in a Kubernetes cluster. * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use JupyterHub in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use JupyterHub in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -54,7 +60,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -79,7 +85,7 @@ Non-root container images add an extra layer of security and are generally recom | Name | Description | Value | |-----------------------------|----------------------------------------------|---------------------------------------------------| | `JUPYTERHUB_BASE_DIR` | JupyterHub installation directory. | `${BITNAMI_ROOT_DIR}/jupyterhub` | -| `JUPYTERHUB_BIN_DIR` | JupyterHub directory for binary executables. | `${BITNAMI_ROOT_DIR}/miniconda/bin` | +| `JUPYTERHUB_BIN_DIR` | JupyterHub directory for binary executables. | `${BITNAMI_ROOT_DIR}/miniforge/bin` | | `JUPYTERHUB_PROXY_BIN_DIR` | JupyterHub directory for binary executables. | `${BITNAMI_ROOT_DIR}/configurable-http-proxy/bin` | | `JUPYTERHUB_CONF_DIR` | JupyterHub configuration directory. | `${JUPYTERHUB_BASE_DIR}/etc` | | `JUPYTERHUB_CONF_FILE` | JupyterHub configuration file. | `${JUPYTERHUB_CONF_DIR}/jupyterhub_config.py` | @@ -121,7 +127,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/jwt-cli/6/debian-12/Dockerfile b/bitnami/jwt-cli/6/debian-12/Dockerfile index 2798e464ffb79..d552e938bf1b7 100644 --- a/bitnami/jwt-cli/6/debian-12/Dockerfile +++ b/bitnami/jwt-cli/6/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-27T08:50:14Z" \ + org.opencontainers.image.created="2024-12-28T13:49:41Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/jwt-cli/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="6.1.0-debian-12-r0" \ + org.opencontainers.image.ref.name="6.2.0-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/jwt-cli" \ org.opencontainers.image.title="jwt-cli" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="6.1.0" + org.opencontainers.image.version="6.2.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libgcc-s1 procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "jwt-cli-6.1.0-0-linux-${OS_ARCH}-debian-12" \ + "jwt-cli-6.2.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN useradd -r -u 1001 -g root jwt-cli RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="6.1.0" \ +ENV APP_VERSION="6.2.0" \ BITNAMI_APP_NAME="jwt-cli" \ PATH="/opt/bitnami/jwt-cli/bin:$PATH" diff --git a/bitnami/jwt-cli/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/jwt-cli/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index e56c3f90d6cd2..71f2f41487aa4 100644 --- a/bitnami/jwt-cli/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/jwt-cli/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "6.1.0-0" + "version": "6.2.0-0" } } \ No newline at end of file diff --git a/bitnami/jwt-cli/6/debian-12/tags-info.yaml b/bitnami/jwt-cli/6/debian-12/tags-info.yaml index 77838e7e56a19..bccbace35e8b9 100644 --- a/bitnami/jwt-cli/6/debian-12/tags-info.yaml +++ b/bitnami/jwt-cli/6/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "6" - 6-debian-12 -- 6.1.0 +- 6.2.0 - latest diff --git a/bitnami/jwt-cli/README.md b/bitnami/jwt-cli/README.md index fa91a7ec053cf..091d1610ef60c 100644 --- a/bitnami/jwt-cli/README.md +++ b/bitnami/jwt-cli/README.md @@ -22,11 +22,17 @@ docker run -it --name jwt-cli bitnami/jwt-cli * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use JWT CLI in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use JWT CLI in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/kafka/3.2/debian-12/Dockerfile b/bitnami/kafka/3.2/debian-12/Dockerfile deleted file mode 100644 index 3360358b37300..0000000000000 --- a/bitnami/kafka/3.2/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:01:51Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.2.3-debian-12-r24" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \ - org.opencontainers.image.title="kafka" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.2.3" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "kafka-3.2.3-5-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/kafka/postunpack.sh -ENV APP_VERSION="3.2.3" \ - BITNAMI_APP_NAME="kafka" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH" - -EXPOSE 9092 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/bitnami/kafka/3.2/debian-12/docker-compose.yml b/bitnami/kafka/3.2/debian-12/docker-compose.yml deleted file mode 100644 index ecd504fd8382f..0000000000000 --- a/bitnami/kafka/3.2/debian-12/docker-compose.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: "2" - -services: - kafka: - image: docker.io/bitnami/kafka:3.2 - ports: - - "9092:9092" - volumes: - - "kafka_data:/bitnami" - environment: - # KRaft settings - - KAFKA_CFG_NODE_ID=0 - - KAFKA_CFG_PROCESS_ROLES=controller,broker - - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093 - # Listeners - - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093 - - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092 - - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT - - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER - - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT -volumes: - kafka_data: - driver: local diff --git a/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 77e46d474ed02..0000000000000 --- a/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "kafka": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.2.3-5" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/kafka/3.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh b/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh deleted file mode 100644 index f58958279ce88..0000000000000 --- a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for kafka - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-kafka}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -kafka_env_vars=( - KAFKA_MOUNTED_CONF_DIR - KAFKA_INTER_BROKER_USER - KAFKA_INTER_BROKER_PASSWORD - KAFKA_CONTROLLER_USER - KAFKA_CONTROLLER_PASSWORD - KAFKA_CERTIFICATE_PASSWORD - KAFKA_TLS_TRUSTSTORE_FILE - KAFKA_TLS_TYPE - KAFKA_TLS_CLIENT_AUTH - KAFKA_OPTS - KAFKA_CFG_SASL_ENABLED_MECHANISMS - KAFKA_KRAFT_CLUSTER_ID - KAFKA_SKIP_KRAFT_STORAGE_INIT - KAFKA_CLIENT_LISTENER_NAME - KAFKA_ZOOKEEPER_PROTOCOL - KAFKA_ZOOKEEPER_PASSWORD - KAFKA_ZOOKEEPER_USER - KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE - KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME - KAFKA_ZOOKEEPER_TLS_TYPE - KAFKA_CLIENT_USERS - KAFKA_CLIENT_PASSWORDS - KAFKA_HEAP_OPTS -) -for env_var in "${kafka_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset kafka_env_vars - -# Paths -export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka" -export KAFKA_VOLUME_DIR="/bitnami/kafka" -export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data" -export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config" -export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties" -export KAFKA_MOUNTED_CONF_DIR="${KAFKA_MOUNTED_CONF_DIR:-${KAFKA_VOLUME_DIR}/config}" -export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs" -export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs" -export KAFKA_HOME="$KAFKA_BASE_DIR" -export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}" - -# System users (when running with a privileged user) -export KAFKA_DAEMON_USER="kafka" -export KAFKA_DAEMON_GROUP="kafka" - -# Kafka runtime settings -export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}" -export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}" -export KAFKA_CONTROLLER_USER="${KAFKA_CONTROLLER_USER:-controller_user}" -export KAFKA_CONTROLLER_PASSWORD="${KAFKA_CONTROLLER_PASSWORD:-bitnami}" -export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}" -export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}" -export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}" -export KAFKA_OPTS="${KAFKA_OPTS:-}" - -# Kafka configuration overrides -export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}" -export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}" -export KAFKA_SKIP_KRAFT_STORAGE_INIT="${KAFKA_SKIP_KRAFT_STORAGE_INIT:-false}" -export KAFKA_CLIENT_LISTENER_NAME="${KAFKA_CLIENT_LISTENER_NAME:-}" - -# ZooKeeper connection settings -export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}" -export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}" -export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}" -export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}" -export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}" - -# Authentication -export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}" -export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}" - -# Java settings -export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}" - -# Custom environment variables may be defined below diff --git a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh b/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh deleted file mode 100644 index b36e8c48b05bc..0000000000000 --- a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh +++ /dev/null @@ -1,1180 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Kafka library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -# Functions - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -kafka_common_conf_set() { - local file="${1:?missing file}" - local key="${2:?missing key}" - shift - shift - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Returns true if at least one listener is configured using SSL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_ssl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SSL: || "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using SASL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_sasl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SASL_PLAINTEXT: ]] || [[ "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using plaintext -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_plaintext_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "PLAINTEXT" ]]; then - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - else - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ PLAINTEXT: ]]; then - return - fi - fi - return 1 -} - -######################## -# Backwards compatibility measure to configure the TLS truststore locations -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_default_truststore_locations() { - # Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt - # the UX that the previous version of the containers and the helm chart have. - # Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks. - # Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom - # locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need - # use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set - - # Kafka truststore - if kafka_has_ssl_listener && is_empty_value "${KAFKA_TLS_TRUSTSTORE_FILE:-}"; then - local kafka_truststore_filename="kafka.truststore.jks" - [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}" - fi - fi - # Zookeeper truststore - if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"; then - local zk_truststore_filename="zookeeper.truststore.jks" - [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}" - fi - fi -} - -######################## -# Set a configuration setting value to server.properties -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_server_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_FILE" "$@" -} - -######################## -# Set a configuration setting value to producer.properties and consumer.properties -# Globals: -# KAFKA_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_producer_consumer_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@" - kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@" -} - -######################## -# Create alias for environment variable, so both can be used -# Globals: -# None -# Arguments: -# $1 - Alias environment variable name -# $2 - Original environment variable name -# Returns: -# None -######################### -kafka_declare_alias_env() { - local -r alias="${1:?missing environment variable alias}" - local -r original="${2:?missing original environment variable}" - if printenv "${original}" >/dev/null; then - export "$alias"="${!original:-}" - fi -} - -######################## -# Map Kafka legacy environment variables to the new names -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_create_alias_environment_variables() { - suffixes=( - "ADVERTISED_LISTENERS" - "BROKER_ID" - "NODE_ID" - "CONTROLLER_QUORUM_VOTERS" - "PROCESS_ROLES" - "DEFAULT_REPLICATION_FACTOR" - "DELETE_TOPIC_ENABLE" - "INTER_BROKER_LISTENER_NAME" - "LISTENERS" - "LISTENER_SECURITY_PROTOCOL_MAP" - "LOG_DIRS" - "LOG_FLUSH_INTERVAL_MESSAGES" - "LOG_FLUSH_INTERVAL_MS" - "LOG_MESSAGE_FORMAT_VERSION" - "LOG_RETENTION_BYTES" - "LOG_RETENTION_CHECK_INTERVALS_MS" - "LOG_RETENTION_HOURS" - "LOG_SEGMENT_BYTES" - "MESSAGE_MAX_BYTES" - "NUM_IO_THREADS" - "NUM_NETWORK_THREADS" - "NUM_PARTITIONS" - "NUM_RECOVERY_THREADS_PER_DATA_DIR" - "OFFSETS_TOPIC_REPLICATION_FACTOR" - "SOCKET_RECEIVE_BUFFER_BYTES" - "SOCKET_REQUEST_MAX_BYTES" - "SOCKET_SEND_BUFFER_BYTES" - "SSL_ENDPOINT_IDENTIFICATION_ALGORITHM" - "TRANSACTION_STATE_LOG_MIN_ISR" - "TRANSACTION_STATE_LOG_REPLICATION_FACTOR" - "ZOOKEEPER_CONNECT" - "ZOOKEEPER_CONNECTION_TIMEOUT_MS" - ) - kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS" - kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES" - kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES" - kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS" - kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE" - kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER" - kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD" - kafka_declare_alias_env "KAFKA_CLIENT_LISTENER_NAME" "KAFKA_CLIENT_LISTENER" - for s in "${suffixes[@]}"; do - kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}" - done -} - -######################## -# Validate settings in KAFKA_* env vars -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_validate() { - debug "Validating settings in KAFKA_* env vars..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - # If process.roles configured, check its values are valid and perform additional checks for each - check_kraft_process_roles() { - read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$KAFKA_CFG_PROCESS_ROLES")" - for role in "${roles_list[@]}"; do - case "$role" in - broker) ;; - controller) - if is_empty_value "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-}"; then - print_validation_error "Role 'controller' enabled but environment variable KAFKA_CFG_CONTROLLER_LISTENER_NAMES was not provided." - fi - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ ! "$KAFKA_CFG_LISTENERS" =~ ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} ]]; then - print_validation_error "Role 'controller' enabled but listener ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} not found in KAFKA_CFG_LISTENERS." - fi - ;; - *) - print_validation_error "Invalid KRaft process role '$role'. Supported roles are 'broker,controller'" - ;; - esac - done - } - # Check all listeners are using a unique and valid port - check_listener_ports(){ - check_allowed_port() { - local port="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("$port") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port ${port} was specified in the environment variable KAFKA_CFG_LISTENERS: ${err}." - fi - } - - read -r -a listeners <<<"$(tr ',' ' ' <<<"${KAFKA_CFG_LISTENERS:-}")" - local -a ports=() - for listener in "${listeners[@]}"; do - read -r -a arr <<<"$(tr ':' ' ' <<<"$listener")" - # Obtain the port from listener string, e.g. PLAINTEXT://:9092 - port="${arr[2]}" - check_allowed_port "$port" - ports+=("$port") - done - # Check each listener is using an unique port - local -a unique_ports=() - read -r -a unique_ports <<< "$(echo "${ports[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" - if [[ "${#ports[@]}" != "${#unique_ports[@]}" ]]; then - print_validation_error "There are listeners bound to the same port" - fi - } - check_listener_protocols(){ - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - # Check protocol in allowed list - if [[ ! "${allowed_protocols[*]}" =~ $protocol ]]; then - print_validation_error "Authentication protocol ${protocol} is not supported!" - fi - # If inter-broker listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL is set - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}"; then - print_validation_error "When using SASL for inter broker comunication the mechanism should be provided using KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - fi - if is_empty_value "${KAFKA_INTER_BROKER_USER:-}" || is_empty_value "${KAFKA_INTER_BROKER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka inter-broker communications, you must provide the SASL credentials. Set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD to configure the credentials for SASL authentication with between brokers." - fi - fi - # If controller listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL is set - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL:-}"; then - print_validation_error "When using SASL for controller comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - warn "KRaft controller listener may not support SCRAM-SHA-256/SCRAM-SHA-512 mechanisms. If facing any issues, we recommend switching to PLAIN mechanism. More information at: https://issues.apache.org/jira/browse/KAFKA-15513" - fi - if is_empty_value "${KAFKA_CONTROLLER_USER:-}" || is_empty_value "${KAFKA_CONTROLLER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka control plane communications, you must provide the SASL credentials. Set the environment variables KAFKA_CONTROLLER_USER and KAFKA_CONTROLLER_PASSWORD to configure the credentials for SASL authentication with between controllers." - fi - fi - else - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CLIENT_USERS:-}" || is_empty_value "${KAFKA_CLIENT_PASSWORDS:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS to configure the credentials for SASL authentication with clients." - fi - fi - - fi - done - } - - if is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}" && is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - print_validation_error "Kafka haven't been configured to work in either Raft or Zookeper mode. Please make sure at least one of the modes is configured." - fi - # Check KRaft mode - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - # Raft - if [[ "$(kafka_get_version)" =~ ^3\.2\. ]]; then - warn "KRaft mode is not production-ready in Kafka 3.2, for production environments, we recommend upgrading " - fi - # Only allow Zookeeper configuration if migration mode is enabled - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}" && - { is_empty_value "${KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE:-}" || ! is_boolean_yes "$KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE"; }; then - print_validation_error "Both KRaft mode and Zookeeper modes are configured, but KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE is not enabled" - fi - if is_empty_value "${KAFKA_CFG_NODE_ID:-}"; then - print_validation_error "KRaft mode requires an unique node.id, please set the environment variable KAFKA_CFG_NODE_ID" - fi - if is_empty_value "${KAFKA_CFG_CONTROLLER_QUORUM_VOTERS:-}"; then - print_validation_error "KRaft mode requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set" - fi - check_kraft_process_roles - fi - # Check Zookeeper mode - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - # If SSL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]]; then - # Fail if truststore is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if keystore is not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then - warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]]; then - # Fail if CA / validation cert is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if node key or cert are not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if { [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then - warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - fi - # If SASL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - if is_empty_value "${KAFKA_ZOOKEEPER_USER:-}" || is_empty_value "${KAFKA_ZOOKEEPER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper." - fi - fi - # If using plaintext protocol, check it is explicitly allowed - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" = "PLAINTEXT" ]]; then - warn "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure SASL and/or SSL, this setting is not recommended for production environments." - fi - fi - # Check listener ports are unique and allowed - check_listener_ports - # Check listeners are mapped to a valid security protocol - check_listener_protocols - # Warn users if plaintext listeners are configured - if kafka_has_plaintext_listener; then - warn "Kafka has been configured with a PLAINTEXT listener, this setting is not recommended for production environments." - fi - # If SSL/SASL_SSL listeners configured, check certificates are provided - if kafka_has_ssl_listener; then - if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - # If SASL/SASL_SSL listeners configured, check passwords are provided - if kafka_has_sasl_listener; then - if is_empty_value "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}"; then - print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - fi - # Check users and passwords lists are the same size - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" - if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then - print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!" - fi - check_multi_value "KAFKA_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_PROTOCOL" "PLAINTEXT SASL SSL SASL_SSL" - check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required" - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Get kafka version -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# version -######################### -kafka_get_version() { - local -a cmd=("kafka-topics.sh" "--version") - am_i_root && cmd=("run_as_user" "$KAFKA_DAEMON_USER" "${cmd[@]}") - - read -r -a ver_split <<< "$("${cmd[@]}")" - echo "${ver_split[0]}" -} - -######################### -# Configure JAAS for a given listener and SASL mechanisms -# Globals: -# KAFKA_* -# Arguments: -# $1 - Name of the listener JAAS will be configured for -# $2 - Comma-separated list of SASL mechanisms to configure -# $3 - Comma-separated list of usernames -# $4 - Comma-separated list of passwords -# Returns: -# None -######################### -kafka_configure_server_jaas() { - local listener="${1:?missing listener name}" - local role="${2:-}" - - if [[ "$role" = "controller" ]]; then - local jaas_content=() - if [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" = "PLAIN" ]]; then - jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\"" - "user_${KAFKA_CONTROLLER_USER}=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - else - read -r -a sasl_mechanisms_arr <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_SASL_ENABLED_MECHANISMS")" - read -r -a users <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_USERS")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_PASSWORDS")" - # Configure JAAS for each SASL mechanism - # ref: https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html - for sasl_mechanism in "${sasl_mechanisms_arr[@]}"; do - local jaas_content=() - # For PLAIN mechanism, only the first username will be used - if [[ "$sasl_mechanism" = "PLAIN" ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - if [[ "$role" = "inter-broker" ]]; then - jaas_content+=( - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\"" - ) - users+=("$KAFKA_INTER_BROKER_USER") - passwords+=("$KAFKA_INTER_BROKER_PASSWORD") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - jaas_content+=("user_${users[i]}=\"${passwords[i]}\"") - done - # Add semi-colon to the last element of the array - jaas_content[${#jaas_content[@]} - 1]="${jaas_content[${#jaas_content[@]} - 1]};" - elif [[ "$sasl_mechanism" =~ SCRAM ]]; then - if [[ "$role" = "inter-broker" ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\";" - ) - else - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required;") - fi - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$sasl_mechanism" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - done - fi -} - -######################## -# Configure Zookeeper JAAS authentication -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_configure_jaas(){ - local jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_ZOOKEEPER_USER}\"" - "password=\"${KAFKA_ZOOKEEPER_PASSWORD}\";" - ) - - kafka_server_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Generate JAAS authentication file for local producer/consumer to use -# Globals: -# KAFKA_* -# Arguments: -# $1 - Authentication protocol to use for the internal listener -# $2 - Authentication protocol to use for the client listener -# Returns: -# None -######################### -kafka_configure_consumer_producer_jaas(){ - local jaas_content=() - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - - if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ SCRAM ]]; then - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required") - elif [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ PLAIN ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - else - error "Couldn't configure a supported SASL mechanism for Kafka consumer/producer properties" - exit 1 - fi - - jaas_content+=( - "username=\"${users[0]}\"" - "password=\"${passwords[0]}\";" - ) - - kafka_producer_consumer_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Create users in zookeper when using SASL/SCRAM mechanism -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_create_sasl_scram_users() { - info "Creating users in Zookeeper" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - local zookeeper_connect - zookeeper_connect=$(grep "^zookeeper.connect=" "$KAFKA_CONF_FILE" | sed -E 's/^zookeeper\.connect=(\S+)$/\1/') - read -r -a zookeeper_hosts <<<"$(tr ',;' ' ' <<<"${zookeeper_connect}")" - - if [[ "${#zookeeper_hosts[@]}" -eq 0 ]]; then - error "Couldn't obtain zookeeper.connect from $KAFKA_CONF_FILE" - exit 1 - fi - # Wait for Zookeeper to be reachable - read -r -a aux <<<"$(tr ':' ' ' <<<"${zookeeper_hosts[0]}")" - local host="${aux[0]:?missing host}" - local port="${aux[1]:-2181}" - wait-for-port --host "$host" "$port" - - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM" "$KAFKA_CONF_FILE"; then - users+=("${KAFKA_INTER_BROKER_USER}") - passwords+=("${KAFKA_INTER_BROKER_PASSWORD}") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - debug "Creating user ${users[i]} in zookeeper" - # Ref: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#sasl-scram-overview - debug_execute kafka-configs.sh --zookeeper "$zookeeper_connect" --alter --add-config "SCRAM-SHA-256=[iterations=8192,password=${passwords[i]}],SCRAM-SHA-512=[password=${passwords[i]}]" --entity-type users --entity-name "${users[i]}" - done -} - -######################## -# Configure Kafka SSL settings -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_ssl() { - # Configures both Kafka server and producers/consumers - configure_both() { - kafka_server_conf_set "${1:?missing key}" "${2:?missing value}" - kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}" - } - kafka_server_conf_set "ssl.client.auth" "${KAFKA_TLS_CLIENT_AUTH}" - configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}" - configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}" - local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.key.password "$KAFKA_CERTIFICATE_PASSWORD" - if [[ "$KAFKA_TLS_TYPE" = "PEM" ]]; then - file_to_multiline_property() { - awk 'NR > 1{print line"\\n\\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" - } - remove_previous_cert_value() { - local key="${1:?missing key}" - files=( - "${KAFKA_CONF_FILE}" - "${KAFKA_CONF_DIR}/producer.properties" - "${KAFKA_CONF_DIR}/consumer.properties" - ) - for file in "${files[@]}"; do - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Delete all lines from the certificate beginning to its end - sed -i "/^[#\\s]*$key\s*=.*-----BEGIN/,/-----END/d" "$file" - fi - done - } - # We need to remove the previous cert value - # kafka_common_conf_set uses replace_in_file, which can't match multiple lines - remove_previous_cert_value ssl.keystore.key - remove_previous_cert_value ssl.keystore.certificate.chain - remove_previous_cert_value ssl.truststore.certificates - configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")" - configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")" - configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")" - elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then - configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks - configure_both ssl.truststore.location "$kafka_truststore_location" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD" - fi - true # Avoid the function to fail due to the check above -} - -######################## -# Get Zookeeper TLS settings -# Globals: -# KAFKA_ZOOKEEPER_TLS_* -# Arguments: -# None -# Returns: -# String -######################### -kafka_zookeeper_configure_tls() { - # Note that ZooKeeper does not support a key password different from the keystore password, - # so be sure to set the key password in the keystore to be identical to the keystore password; - # otherwise the connection attempt to Zookeeper will fail. - local keystore_location="" - local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")" - - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]]; then - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; then - # Concatenating private key into public certificate file - # This is needed to load keystore from location using PEM - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keypair.pem" - cat "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" > "$keystore_location" - fi - - kafka_server_conf_set "zookeeper.clientCnxnSocket" "org.apache.zookeeper.ClientCnxnSocketNetty" - kafka_server_conf_set "zookeeper.ssl.client.enable" "true" - is_boolean_yes "${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-}" && kafka_server_conf_set "zookeeper.ssl.endpoint.identification.algorithm" "HTTPS" - ! is_empty_value "${keystore_location:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.location" "${keystore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.password" "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD}" - ! is_empty_value "${kafka_zk_truststore_location:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.location" "${kafka_zk_truststore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.password" "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD}" - true # Avoid the function to fail due to the check above -} - -######################## -# Configure Kafka configuration files from environment variables -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_from_environment_variables() { - # List of special cases to apply to the variables - local -r exception_regexps=( - "s/sasl\.ssl/sasl_ssl/g" - "s/sasl\.plaintext/sasl_plaintext/g" - ) - # Map environment variables to config properties - for var in "${!KAFKA_CFG_@}"; do - key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" - - # Exception for the camel case in this environment variable - [[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket" - - # Apply exception regexps - for regex in "${exception_regexps[@]}"; do - key="$(echo "$key" | sed "$regex")" - done - - value="${!var}" - kafka_server_conf_set "$key" "$value" - done -} - -######################## -# Initialize KRaft storage -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_storage_initialize() { - local args=("--config" "$KAFKA_CONF_FILE" "--ignore-formatted") - info "Initializing KRaft storage metadata" - - # If cluster.id found in meta.properties, use it - if [[ -f "${KAFKA_DATA_DIR}/meta.properties" ]]; then - KAFKA_KRAFT_CLUSTER_ID=$(grep "^cluster.id=" "${KAFKA_DATA_DIR}/meta.properties" | sed -E 's/^cluster\.id=(\S+)$/\1/') - fi - - if is_empty_value "${KAFKA_KRAFT_CLUSTER_ID:-}"; then - warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one" - KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)" - info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'" - fi - args+=("--cluster-id" "$KAFKA_KRAFT_CLUSTER_ID") - - # SCRAM users are configured during the cluster bootstrapping process and can later be manually updated using kafka-config.sh - if is_boolean_yes "${KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS:-}"; then - info "Adding KRaft SCRAM users at storage bootstrap" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - # Configure SCRAM-SHA-256 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-256=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Configure SCRAM-SHA-512 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-512=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - fi - # Add controller credentials - if grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - fi - fi - info "Formatting storage directories to add metadata..." - "${KAFKA_HOME}/bin/kafka-storage.sh" format "${args[@]}" -} - -######################## -# Detects inconsitences between the configuration at KAFKA_CONF_FILE and cluster-state file -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_quorum_voters_changed(){ - read -r -a quorum_voters_conf_ids <<<"$(grep "^controller.quorum.voters=" "$KAFKA_CONF_FILE" | sed "s/^controller.quorum.voters=//" | tr "," " " | sed -E "s/\@\S+//g")" - read -r -a quorum_voters_state_ids <<< "$(grep -Eo "\{\"voterId\":[0-9]+\}" "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" | grep -Eo "[0-9]+" | tr "\n" " ")" - - if [[ "${#quorum_voters_conf_ids[@]}" != "${#quorum_voters_state_ids[@]}" ]]; then - true - else - read -r -a sorted_state <<< "$(echo "${quorum_voters_conf_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - read -r -a sorted_conf <<< "$(echo "${quorum_voters_state_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - if [[ "${sorted_state[*]}" = "${sorted_conf[*]}" ]]; then - false - else - true - fi - fi -} - -######################## -# Initialize Kafka -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_initialize() { - info "Initializing Kafka..." - # Check for mounted configuration files - if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then - cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR" - fi - # Copy truststore to cert directory - for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do - # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location) - if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then - info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}" - cp -L "${!cert_var}" "$KAFKA_CERTS_DIR" - fi - done - - if [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" ]]; then - info "No injected configuration files found, creating default config files" - # Restore original server.properties but remove Zookeeper/KRaft specific settings for compatibility with both architectures - cp "${KAFKA_CONF_DIR}/server.properties.original" "$KAFKA_CONF_FILE" - kafka_server_unify_conf - # Configure Kafka settings - kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR" - kafka_configure_from_environment_variables - # Configure Kafka producer/consumer to set up message sizes - ! is_empty_value "${KAFKA_CFG_MAX_REQUEST_SIZE:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE" - ! is_empty_value "${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" - # Zookeeper mode additional settings - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - kafka_zookeeper_configure_tls - fi - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - kafka_zookeeper_configure_jaas - fi - fi - # If at least one listener uses SSL or SASL_SSL, ensure SSL is configured - if kafka_has_ssl_listener; then - kafka_configure_ssl - fi - # If at least one listener uses SASL_PLAINTEXT or SASL_SSL, ensure SASL is configured - if kafka_has_sasl_listener; then - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM ]]; then - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - if [[ "$(kafka_get_version)" =~ ^3\.2\.|^3\.3\.|^3\.4\. ]]; then - # NOTE: This will depend on Kafka version when support for SCRAM is added - warn "KRaft mode requires Kafka version 3.5 or higher for SCRAM to be supported. SCRAM SASL mechanisms will now be disabled." - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN - else - export KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - export KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - # Settings for each Kafka Listener are configured individually - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')" - env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH" - [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}" - fi - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - local role="" - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - role="inter-broker" - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - role="controller" - fi - # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly - if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then - kafka_configure_consumer_producer_jaas - kafka_producer_consumer_conf_set security.protocol "$protocol" - kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}" - fi - # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected - if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - kafka_configure_server_jaas "$listener_lower" "${role:-}" - fi - fi - done - # Configure Kafka using environment variables - # This is executed at the end, to allow users to override properties set by the initialization logic - kafka_configure_from_environment_variables - else - info "Detected mounted server.properties file at ${KAFKA_MOUNTED_CONF_DIR}/server.properties. Skipping configuration based on env variables" - fi - true -} - -######################## -# Returns the most secure SASL mechanism available for Kafka clients -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_client_sasl_mechanism() { - local sasl_mechanism="" - - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-512 ]]; then - sasl_mechanism="SCRAM-SHA-512" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-256 ]]; then - sasl_mechanism="SCRAM-SHA-256" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ PLAIN ]]; then - sasl_mechanism="PLAIN" - fi - echo "$sasl_mechanism" -} - -######################## -# Removes default settings referencing Zookeeper mode or KRaft mode -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_server_unify_conf() { - local -r remove_regexps=( - #Zookeeper - "s/^zookeeper\./#zookeeper./g" - "s/^group\.initial/#group.initial/g" - "s/^broker\./#broker./g" - "s/^node\./#node./g" - "s/^process\./#process./g" - "s/^listeners=/#listeners=/g" - "s/^listener\./#listener./g" - "s/^controller\./#controller./g" - "s/^inter\.broker/#inter.broker/g" - "s/^advertised\.listeners/#advertised.listeners/g" - ) - - # Map environment variables to config properties - for regex in "${remove_regexps[@]}"; do - sed -i "${regex}" "$KAFKA_CONF_FILE" - done -} - -######################## -# Dinamically set node.id/broker.id/controller.quorum.voters if their alternative environment variable _COMMAND is set -# Globals: -# KAFKA_*_COMMAND -# Arguments: -# None -# Returns: -# None -######################### -kafka_dynamic_environment_variables() { - # KRaft mode - if ! is_empty_value "${KAFKA_NODE_ID_COMMAND:-}"; then - KAFKA_CFG_NODE_ID="$(eval "${KAFKA_NODE_ID_COMMAND}")" - export KAFKA_CFG_NODE_ID - fi - if ! is_empty_value "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND:-}"; then - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS="$(eval "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND}")" - export KAFKA_CFG_CONTROLLER_QUORUM_VOTERS - fi - # Zookeeper mode - # DEPRECATED - BROKER_ID_COMMAND has been deprecated, please use KAFKA_BROKER_ID_COMMAND instead - if ! is_empty_value "${KAFKA_BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${KAFKA_BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - elif ! is_empty_value "${BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - fi -} - -######################## -# Run custom initialization scripts -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_custom_init_scripts() { - if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR" - for f in /docker-entrypoint-initdb.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is running -######################## -is_kafka_running() { - local pid - pid="$(get_pid_from_file "$KAFKA_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is not running -######################## -is_kafka_not_running() { - ! is_kafka_running -} - -######################## -# Stop Kafka -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_stop() { - ! is_kafka_running && return - stop_service_using_pid "$KAFKA_PID_FILE" TERM -} diff --git a/bitnami/kafka/3.2/debian-12/tags-info.yaml b/bitnami/kafka/3.2/debian-12/tags-info.yaml deleted file mode 100644 index fbce7a27e0dad..0000000000000 --- a/bitnami/kafka/3.2/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "3.2" -- 3.2-debian-12 -- 3.2.3 diff --git a/bitnami/kafka/3.3/debian-12/Dockerfile b/bitnami/kafka/3.3/debian-12/Dockerfile deleted file mode 100644 index c1ab020f76d71..0000000000000 --- a/bitnami/kafka/3.3/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:01:52Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.3.2-debian-12-r25" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \ - org.opencontainers.image.title="kafka" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.3.2" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "kafka-3.3.2-5-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/kafka/postunpack.sh -ENV APP_VERSION="3.3.2" \ - BITNAMI_APP_NAME="kafka" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH" - -EXPOSE 9092 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/bitnami/kafka/3.3/debian-12/docker-compose.yml b/bitnami/kafka/3.3/debian-12/docker-compose.yml deleted file mode 100644 index 084b3960e8817..0000000000000 --- a/bitnami/kafka/3.3/debian-12/docker-compose.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: "2" - -services: - kafka: - image: docker.io/bitnami/kafka:3.3 - ports: - - "9092:9092" - volumes: - - "kafka_data:/bitnami" - environment: - # KRaft settings - - KAFKA_CFG_NODE_ID=0 - - KAFKA_CFG_PROCESS_ROLES=controller,broker - - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093 - # Listeners - - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093 - - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092 - - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT - - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER - - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT -volumes: - kafka_data: - driver: local diff --git a/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 31c85731c8828..0000000000000 --- a/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "kafka": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.3.2-5" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/kafka/3.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh b/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh deleted file mode 100644 index f58958279ce88..0000000000000 --- a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for kafka - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-kafka}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -kafka_env_vars=( - KAFKA_MOUNTED_CONF_DIR - KAFKA_INTER_BROKER_USER - KAFKA_INTER_BROKER_PASSWORD - KAFKA_CONTROLLER_USER - KAFKA_CONTROLLER_PASSWORD - KAFKA_CERTIFICATE_PASSWORD - KAFKA_TLS_TRUSTSTORE_FILE - KAFKA_TLS_TYPE - KAFKA_TLS_CLIENT_AUTH - KAFKA_OPTS - KAFKA_CFG_SASL_ENABLED_MECHANISMS - KAFKA_KRAFT_CLUSTER_ID - KAFKA_SKIP_KRAFT_STORAGE_INIT - KAFKA_CLIENT_LISTENER_NAME - KAFKA_ZOOKEEPER_PROTOCOL - KAFKA_ZOOKEEPER_PASSWORD - KAFKA_ZOOKEEPER_USER - KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE - KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME - KAFKA_ZOOKEEPER_TLS_TYPE - KAFKA_CLIENT_USERS - KAFKA_CLIENT_PASSWORDS - KAFKA_HEAP_OPTS -) -for env_var in "${kafka_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset kafka_env_vars - -# Paths -export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka" -export KAFKA_VOLUME_DIR="/bitnami/kafka" -export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data" -export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config" -export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties" -export KAFKA_MOUNTED_CONF_DIR="${KAFKA_MOUNTED_CONF_DIR:-${KAFKA_VOLUME_DIR}/config}" -export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs" -export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs" -export KAFKA_HOME="$KAFKA_BASE_DIR" -export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}" - -# System users (when running with a privileged user) -export KAFKA_DAEMON_USER="kafka" -export KAFKA_DAEMON_GROUP="kafka" - -# Kafka runtime settings -export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}" -export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}" -export KAFKA_CONTROLLER_USER="${KAFKA_CONTROLLER_USER:-controller_user}" -export KAFKA_CONTROLLER_PASSWORD="${KAFKA_CONTROLLER_PASSWORD:-bitnami}" -export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}" -export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}" -export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}" -export KAFKA_OPTS="${KAFKA_OPTS:-}" - -# Kafka configuration overrides -export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}" -export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}" -export KAFKA_SKIP_KRAFT_STORAGE_INIT="${KAFKA_SKIP_KRAFT_STORAGE_INIT:-false}" -export KAFKA_CLIENT_LISTENER_NAME="${KAFKA_CLIENT_LISTENER_NAME:-}" - -# ZooKeeper connection settings -export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}" -export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}" -export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}" -export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}" -export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}" - -# Authentication -export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}" -export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}" - -# Java settings -export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}" - -# Custom environment variables may be defined below diff --git a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh b/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh deleted file mode 100755 index d7413bcfc4f33..0000000000000 --- a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -print_welcome_page - -if [[ "$*" = *"/opt/bitnami/scripts/kafka/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Kafka setup **" - /opt/bitnami/scripts/kafka/setup.sh - info "** Kafka setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh b/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh deleted file mode 100755 index 7255563236c0b..0000000000000 --- a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libfs.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Move server.properties from configtmp to config -# Temporary solution until kafka tarball places server.properties into config -if [[ -d "${KAFKA_BASE_DIR}/configtmp" ]]; then - mv "${KAFKA_BASE_DIR}/configtmp"/* "$KAFKA_CONF_DIR" - rmdir "${KAFKA_BASE_DIR}/configtmp" -fi -[[ -d "${KAFKA_BASE_DIR}/conf" ]] && rmdir "${KAFKA_BASE_DIR}/conf" - -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR"; do - ensure_dir_exists "$dir" -done -chmod -R g+rwX "$KAFKA_BASE_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR" - -# Move the original server.properties, so users can skip initialization logic by mounting their own server.properties directly instead of using the MOUNTED_CONF_DIR -mv "${KAFKA_CONF_DIR}/server.properties" "${KAFKA_CONF_DIR}/server.properties.original" - -# Disable logging to stdout and garbage collection -# Source: https://logging.apache.org/log4j/log4j-2.4/manual/appenders.html -replace_in_file "${KAFKA_BASE_DIR}/bin/kafka-server-start.sh" " [-]loggc" " " -replace_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DailyRollingFileAppender" "ConsoleAppender" - -# Disable the default console logger in favour of KafkaAppender (which provides the exact output) -echo "log4j.appender.stdout.Threshold=OFF" >>"${KAFKA_CONF_DIR}/log4j.properties" - -# Remove invalid parameters for ConsoleAppender -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DatePattern" -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "Appender.File" diff --git a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh b/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh deleted file mode 100755 index 76d4380aff57e..0000000000000 --- a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libos.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -if [[ -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - export KAFKA_OPTS="${KAFKA_OPTS:-} -Djava.security.auth.login.config=${KAFKA_CONF_DIR}/kafka_jaas.conf" -fi - -cmd="$KAFKA_HOME/bin/kafka-server-start.sh" -args=("$KAFKA_CONF_FILE") -! is_empty_value "${KAFKA_EXTRA_FLAGS:-}" && args=("${args[@]}" "${KAFKA_EXTRA_FLAGS[@]}") - -info "** Starting Kafka **" -if am_i_root; then - exec_as_user "$KAFKA_DAEMON_USER" "$cmd" "${args[@]}" "$@" -else - exec "$cmd" "${args[@]}" "$@" -fi diff --git a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh b/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh deleted file mode 100755 index 5195f71910176..0000000000000 --- a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Map Kafka environment variables -kafka_create_alias_environment_variables - -# Dinamically set node.id/broker.id/controller.quorum.voters if the _COMMAND environment variable is set -kafka_dynamic_environment_variables - -# Set the default tuststore locations before validation -kafka_configure_default_truststore_locations -# Ensure Kafka user and group exist when running as 'root' -am_i_root && ensure_user_exists "$KAFKA_DAEMON_USER" --group "$KAFKA_DAEMON_GROUP" -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR"; do - if am_i_root; then - ensure_dir_exists "$dir" "$KAFKA_DAEMON_USER" "$KAFKA_DAEMON_GROUP" - else - ensure_dir_exists "$dir" - fi -done - -# Kafka validation, skipped if server.properties was mounted at either $KAFKA_MOUNTED_CONF_DIR or $KAFKA_CONF_DIR -[[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" && ! -f "$KAFKA_CONF_FILE" ]] && kafka_validate -# Kafka initialization, skipped if server.properties was mounted at $KAFKA_CONF_DIR -[[ ! -f "$KAFKA_CONF_FILE" ]] && kafka_initialize - -# Initialise KRaft metadata storage if process.roles configured -if grep -q "^process.roles=" "$KAFKA_CONF_FILE" && ! is_boolean_yes "$KAFKA_SKIP_KRAFT_STORAGE_INIT" ; then - kafka_kraft_storage_initialize -fi -# Configure Zookeeper SCRAM users -if is_boolean_yes "${KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS:-}"; then - kafka_zookeeper_create_sasl_scram_users -fi -# KRaft controllers may get stuck starting when the controller quorum voters are changed. -# Workaround: Remove quorum-state file when scaling up/down controllers (Waiting proposal KIP-853) -# https://cwiki.apache.org/confluence/display/KAFKA/KIP-853%3A+KRaft+Voter+Changes -if [[ -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" ]] && grep -q "^controller.quorum.voters=" "$KAFKA_CONF_FILE" && kafka_kraft_quorum_voters_changed; then - warn "Detected inconsitences between controller.quorum.voters and quorum-state, removing it..." - rm -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" -fi -# Ensure custom initialization scripts are executed -kafka_custom_init_scripts diff --git a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh b/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh deleted file mode 100644 index b36e8c48b05bc..0000000000000 --- a/bitnami/kafka/3.3/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh +++ /dev/null @@ -1,1180 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Kafka library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -# Functions - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -kafka_common_conf_set() { - local file="${1:?missing file}" - local key="${2:?missing key}" - shift - shift - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Returns true if at least one listener is configured using SSL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_ssl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SSL: || "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using SASL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_sasl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SASL_PLAINTEXT: ]] || [[ "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using plaintext -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_plaintext_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "PLAINTEXT" ]]; then - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - else - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ PLAINTEXT: ]]; then - return - fi - fi - return 1 -} - -######################## -# Backwards compatibility measure to configure the TLS truststore locations -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_default_truststore_locations() { - # Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt - # the UX that the previous version of the containers and the helm chart have. - # Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks. - # Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom - # locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need - # use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set - - # Kafka truststore - if kafka_has_ssl_listener && is_empty_value "${KAFKA_TLS_TRUSTSTORE_FILE:-}"; then - local kafka_truststore_filename="kafka.truststore.jks" - [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}" - fi - fi - # Zookeeper truststore - if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"; then - local zk_truststore_filename="zookeeper.truststore.jks" - [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}" - fi - fi -} - -######################## -# Set a configuration setting value to server.properties -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_server_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_FILE" "$@" -} - -######################## -# Set a configuration setting value to producer.properties and consumer.properties -# Globals: -# KAFKA_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_producer_consumer_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@" - kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@" -} - -######################## -# Create alias for environment variable, so both can be used -# Globals: -# None -# Arguments: -# $1 - Alias environment variable name -# $2 - Original environment variable name -# Returns: -# None -######################### -kafka_declare_alias_env() { - local -r alias="${1:?missing environment variable alias}" - local -r original="${2:?missing original environment variable}" - if printenv "${original}" >/dev/null; then - export "$alias"="${!original:-}" - fi -} - -######################## -# Map Kafka legacy environment variables to the new names -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_create_alias_environment_variables() { - suffixes=( - "ADVERTISED_LISTENERS" - "BROKER_ID" - "NODE_ID" - "CONTROLLER_QUORUM_VOTERS" - "PROCESS_ROLES" - "DEFAULT_REPLICATION_FACTOR" - "DELETE_TOPIC_ENABLE" - "INTER_BROKER_LISTENER_NAME" - "LISTENERS" - "LISTENER_SECURITY_PROTOCOL_MAP" - "LOG_DIRS" - "LOG_FLUSH_INTERVAL_MESSAGES" - "LOG_FLUSH_INTERVAL_MS" - "LOG_MESSAGE_FORMAT_VERSION" - "LOG_RETENTION_BYTES" - "LOG_RETENTION_CHECK_INTERVALS_MS" - "LOG_RETENTION_HOURS" - "LOG_SEGMENT_BYTES" - "MESSAGE_MAX_BYTES" - "NUM_IO_THREADS" - "NUM_NETWORK_THREADS" - "NUM_PARTITIONS" - "NUM_RECOVERY_THREADS_PER_DATA_DIR" - "OFFSETS_TOPIC_REPLICATION_FACTOR" - "SOCKET_RECEIVE_BUFFER_BYTES" - "SOCKET_REQUEST_MAX_BYTES" - "SOCKET_SEND_BUFFER_BYTES" - "SSL_ENDPOINT_IDENTIFICATION_ALGORITHM" - "TRANSACTION_STATE_LOG_MIN_ISR" - "TRANSACTION_STATE_LOG_REPLICATION_FACTOR" - "ZOOKEEPER_CONNECT" - "ZOOKEEPER_CONNECTION_TIMEOUT_MS" - ) - kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS" - kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES" - kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES" - kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS" - kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE" - kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER" - kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD" - kafka_declare_alias_env "KAFKA_CLIENT_LISTENER_NAME" "KAFKA_CLIENT_LISTENER" - for s in "${suffixes[@]}"; do - kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}" - done -} - -######################## -# Validate settings in KAFKA_* env vars -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_validate() { - debug "Validating settings in KAFKA_* env vars..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - # If process.roles configured, check its values are valid and perform additional checks for each - check_kraft_process_roles() { - read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$KAFKA_CFG_PROCESS_ROLES")" - for role in "${roles_list[@]}"; do - case "$role" in - broker) ;; - controller) - if is_empty_value "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-}"; then - print_validation_error "Role 'controller' enabled but environment variable KAFKA_CFG_CONTROLLER_LISTENER_NAMES was not provided." - fi - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ ! "$KAFKA_CFG_LISTENERS" =~ ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} ]]; then - print_validation_error "Role 'controller' enabled but listener ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} not found in KAFKA_CFG_LISTENERS." - fi - ;; - *) - print_validation_error "Invalid KRaft process role '$role'. Supported roles are 'broker,controller'" - ;; - esac - done - } - # Check all listeners are using a unique and valid port - check_listener_ports(){ - check_allowed_port() { - local port="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("$port") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port ${port} was specified in the environment variable KAFKA_CFG_LISTENERS: ${err}." - fi - } - - read -r -a listeners <<<"$(tr ',' ' ' <<<"${KAFKA_CFG_LISTENERS:-}")" - local -a ports=() - for listener in "${listeners[@]}"; do - read -r -a arr <<<"$(tr ':' ' ' <<<"$listener")" - # Obtain the port from listener string, e.g. PLAINTEXT://:9092 - port="${arr[2]}" - check_allowed_port "$port" - ports+=("$port") - done - # Check each listener is using an unique port - local -a unique_ports=() - read -r -a unique_ports <<< "$(echo "${ports[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" - if [[ "${#ports[@]}" != "${#unique_ports[@]}" ]]; then - print_validation_error "There are listeners bound to the same port" - fi - } - check_listener_protocols(){ - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - # Check protocol in allowed list - if [[ ! "${allowed_protocols[*]}" =~ $protocol ]]; then - print_validation_error "Authentication protocol ${protocol} is not supported!" - fi - # If inter-broker listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL is set - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}"; then - print_validation_error "When using SASL for inter broker comunication the mechanism should be provided using KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - fi - if is_empty_value "${KAFKA_INTER_BROKER_USER:-}" || is_empty_value "${KAFKA_INTER_BROKER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka inter-broker communications, you must provide the SASL credentials. Set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD to configure the credentials for SASL authentication with between brokers." - fi - fi - # If controller listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL is set - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL:-}"; then - print_validation_error "When using SASL for controller comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - warn "KRaft controller listener may not support SCRAM-SHA-256/SCRAM-SHA-512 mechanisms. If facing any issues, we recommend switching to PLAIN mechanism. More information at: https://issues.apache.org/jira/browse/KAFKA-15513" - fi - if is_empty_value "${KAFKA_CONTROLLER_USER:-}" || is_empty_value "${KAFKA_CONTROLLER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka control plane communications, you must provide the SASL credentials. Set the environment variables KAFKA_CONTROLLER_USER and KAFKA_CONTROLLER_PASSWORD to configure the credentials for SASL authentication with between controllers." - fi - fi - else - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CLIENT_USERS:-}" || is_empty_value "${KAFKA_CLIENT_PASSWORDS:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS to configure the credentials for SASL authentication with clients." - fi - fi - - fi - done - } - - if is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}" && is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - print_validation_error "Kafka haven't been configured to work in either Raft or Zookeper mode. Please make sure at least one of the modes is configured." - fi - # Check KRaft mode - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - # Raft - if [[ "$(kafka_get_version)" =~ ^3\.2\. ]]; then - warn "KRaft mode is not production-ready in Kafka 3.2, for production environments, we recommend upgrading " - fi - # Only allow Zookeeper configuration if migration mode is enabled - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}" && - { is_empty_value "${KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE:-}" || ! is_boolean_yes "$KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE"; }; then - print_validation_error "Both KRaft mode and Zookeeper modes are configured, but KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE is not enabled" - fi - if is_empty_value "${KAFKA_CFG_NODE_ID:-}"; then - print_validation_error "KRaft mode requires an unique node.id, please set the environment variable KAFKA_CFG_NODE_ID" - fi - if is_empty_value "${KAFKA_CFG_CONTROLLER_QUORUM_VOTERS:-}"; then - print_validation_error "KRaft mode requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set" - fi - check_kraft_process_roles - fi - # Check Zookeeper mode - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - # If SSL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]]; then - # Fail if truststore is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if keystore is not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then - warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]]; then - # Fail if CA / validation cert is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if node key or cert are not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if { [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then - warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - fi - # If SASL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - if is_empty_value "${KAFKA_ZOOKEEPER_USER:-}" || is_empty_value "${KAFKA_ZOOKEEPER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper." - fi - fi - # If using plaintext protocol, check it is explicitly allowed - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" = "PLAINTEXT" ]]; then - warn "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure SASL and/or SSL, this setting is not recommended for production environments." - fi - fi - # Check listener ports are unique and allowed - check_listener_ports - # Check listeners are mapped to a valid security protocol - check_listener_protocols - # Warn users if plaintext listeners are configured - if kafka_has_plaintext_listener; then - warn "Kafka has been configured with a PLAINTEXT listener, this setting is not recommended for production environments." - fi - # If SSL/SASL_SSL listeners configured, check certificates are provided - if kafka_has_ssl_listener; then - if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - # If SASL/SASL_SSL listeners configured, check passwords are provided - if kafka_has_sasl_listener; then - if is_empty_value "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}"; then - print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - fi - # Check users and passwords lists are the same size - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" - if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then - print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!" - fi - check_multi_value "KAFKA_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_PROTOCOL" "PLAINTEXT SASL SSL SASL_SSL" - check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required" - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Get kafka version -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# version -######################### -kafka_get_version() { - local -a cmd=("kafka-topics.sh" "--version") - am_i_root && cmd=("run_as_user" "$KAFKA_DAEMON_USER" "${cmd[@]}") - - read -r -a ver_split <<< "$("${cmd[@]}")" - echo "${ver_split[0]}" -} - -######################### -# Configure JAAS for a given listener and SASL mechanisms -# Globals: -# KAFKA_* -# Arguments: -# $1 - Name of the listener JAAS will be configured for -# $2 - Comma-separated list of SASL mechanisms to configure -# $3 - Comma-separated list of usernames -# $4 - Comma-separated list of passwords -# Returns: -# None -######################### -kafka_configure_server_jaas() { - local listener="${1:?missing listener name}" - local role="${2:-}" - - if [[ "$role" = "controller" ]]; then - local jaas_content=() - if [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" = "PLAIN" ]]; then - jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\"" - "user_${KAFKA_CONTROLLER_USER}=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - else - read -r -a sasl_mechanisms_arr <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_SASL_ENABLED_MECHANISMS")" - read -r -a users <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_USERS")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_PASSWORDS")" - # Configure JAAS for each SASL mechanism - # ref: https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html - for sasl_mechanism in "${sasl_mechanisms_arr[@]}"; do - local jaas_content=() - # For PLAIN mechanism, only the first username will be used - if [[ "$sasl_mechanism" = "PLAIN" ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - if [[ "$role" = "inter-broker" ]]; then - jaas_content+=( - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\"" - ) - users+=("$KAFKA_INTER_BROKER_USER") - passwords+=("$KAFKA_INTER_BROKER_PASSWORD") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - jaas_content+=("user_${users[i]}=\"${passwords[i]}\"") - done - # Add semi-colon to the last element of the array - jaas_content[${#jaas_content[@]} - 1]="${jaas_content[${#jaas_content[@]} - 1]};" - elif [[ "$sasl_mechanism" =~ SCRAM ]]; then - if [[ "$role" = "inter-broker" ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\";" - ) - else - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required;") - fi - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$sasl_mechanism" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - done - fi -} - -######################## -# Configure Zookeeper JAAS authentication -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_configure_jaas(){ - local jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_ZOOKEEPER_USER}\"" - "password=\"${KAFKA_ZOOKEEPER_PASSWORD}\";" - ) - - kafka_server_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Generate JAAS authentication file for local producer/consumer to use -# Globals: -# KAFKA_* -# Arguments: -# $1 - Authentication protocol to use for the internal listener -# $2 - Authentication protocol to use for the client listener -# Returns: -# None -######################### -kafka_configure_consumer_producer_jaas(){ - local jaas_content=() - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - - if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ SCRAM ]]; then - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required") - elif [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ PLAIN ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - else - error "Couldn't configure a supported SASL mechanism for Kafka consumer/producer properties" - exit 1 - fi - - jaas_content+=( - "username=\"${users[0]}\"" - "password=\"${passwords[0]}\";" - ) - - kafka_producer_consumer_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Create users in zookeper when using SASL/SCRAM mechanism -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_create_sasl_scram_users() { - info "Creating users in Zookeeper" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - local zookeeper_connect - zookeeper_connect=$(grep "^zookeeper.connect=" "$KAFKA_CONF_FILE" | sed -E 's/^zookeeper\.connect=(\S+)$/\1/') - read -r -a zookeeper_hosts <<<"$(tr ',;' ' ' <<<"${zookeeper_connect}")" - - if [[ "${#zookeeper_hosts[@]}" -eq 0 ]]; then - error "Couldn't obtain zookeeper.connect from $KAFKA_CONF_FILE" - exit 1 - fi - # Wait for Zookeeper to be reachable - read -r -a aux <<<"$(tr ':' ' ' <<<"${zookeeper_hosts[0]}")" - local host="${aux[0]:?missing host}" - local port="${aux[1]:-2181}" - wait-for-port --host "$host" "$port" - - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM" "$KAFKA_CONF_FILE"; then - users+=("${KAFKA_INTER_BROKER_USER}") - passwords+=("${KAFKA_INTER_BROKER_PASSWORD}") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - debug "Creating user ${users[i]} in zookeeper" - # Ref: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#sasl-scram-overview - debug_execute kafka-configs.sh --zookeeper "$zookeeper_connect" --alter --add-config "SCRAM-SHA-256=[iterations=8192,password=${passwords[i]}],SCRAM-SHA-512=[password=${passwords[i]}]" --entity-type users --entity-name "${users[i]}" - done -} - -######################## -# Configure Kafka SSL settings -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_ssl() { - # Configures both Kafka server and producers/consumers - configure_both() { - kafka_server_conf_set "${1:?missing key}" "${2:?missing value}" - kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}" - } - kafka_server_conf_set "ssl.client.auth" "${KAFKA_TLS_CLIENT_AUTH}" - configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}" - configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}" - local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.key.password "$KAFKA_CERTIFICATE_PASSWORD" - if [[ "$KAFKA_TLS_TYPE" = "PEM" ]]; then - file_to_multiline_property() { - awk 'NR > 1{print line"\\n\\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" - } - remove_previous_cert_value() { - local key="${1:?missing key}" - files=( - "${KAFKA_CONF_FILE}" - "${KAFKA_CONF_DIR}/producer.properties" - "${KAFKA_CONF_DIR}/consumer.properties" - ) - for file in "${files[@]}"; do - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Delete all lines from the certificate beginning to its end - sed -i "/^[#\\s]*$key\s*=.*-----BEGIN/,/-----END/d" "$file" - fi - done - } - # We need to remove the previous cert value - # kafka_common_conf_set uses replace_in_file, which can't match multiple lines - remove_previous_cert_value ssl.keystore.key - remove_previous_cert_value ssl.keystore.certificate.chain - remove_previous_cert_value ssl.truststore.certificates - configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")" - configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")" - configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")" - elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then - configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks - configure_both ssl.truststore.location "$kafka_truststore_location" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD" - fi - true # Avoid the function to fail due to the check above -} - -######################## -# Get Zookeeper TLS settings -# Globals: -# KAFKA_ZOOKEEPER_TLS_* -# Arguments: -# None -# Returns: -# String -######################### -kafka_zookeeper_configure_tls() { - # Note that ZooKeeper does not support a key password different from the keystore password, - # so be sure to set the key password in the keystore to be identical to the keystore password; - # otherwise the connection attempt to Zookeeper will fail. - local keystore_location="" - local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")" - - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]]; then - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; then - # Concatenating private key into public certificate file - # This is needed to load keystore from location using PEM - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keypair.pem" - cat "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" > "$keystore_location" - fi - - kafka_server_conf_set "zookeeper.clientCnxnSocket" "org.apache.zookeeper.ClientCnxnSocketNetty" - kafka_server_conf_set "zookeeper.ssl.client.enable" "true" - is_boolean_yes "${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-}" && kafka_server_conf_set "zookeeper.ssl.endpoint.identification.algorithm" "HTTPS" - ! is_empty_value "${keystore_location:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.location" "${keystore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.password" "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD}" - ! is_empty_value "${kafka_zk_truststore_location:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.location" "${kafka_zk_truststore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.password" "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD}" - true # Avoid the function to fail due to the check above -} - -######################## -# Configure Kafka configuration files from environment variables -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_from_environment_variables() { - # List of special cases to apply to the variables - local -r exception_regexps=( - "s/sasl\.ssl/sasl_ssl/g" - "s/sasl\.plaintext/sasl_plaintext/g" - ) - # Map environment variables to config properties - for var in "${!KAFKA_CFG_@}"; do - key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" - - # Exception for the camel case in this environment variable - [[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket" - - # Apply exception regexps - for regex in "${exception_regexps[@]}"; do - key="$(echo "$key" | sed "$regex")" - done - - value="${!var}" - kafka_server_conf_set "$key" "$value" - done -} - -######################## -# Initialize KRaft storage -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_storage_initialize() { - local args=("--config" "$KAFKA_CONF_FILE" "--ignore-formatted") - info "Initializing KRaft storage metadata" - - # If cluster.id found in meta.properties, use it - if [[ -f "${KAFKA_DATA_DIR}/meta.properties" ]]; then - KAFKA_KRAFT_CLUSTER_ID=$(grep "^cluster.id=" "${KAFKA_DATA_DIR}/meta.properties" | sed -E 's/^cluster\.id=(\S+)$/\1/') - fi - - if is_empty_value "${KAFKA_KRAFT_CLUSTER_ID:-}"; then - warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one" - KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)" - info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'" - fi - args+=("--cluster-id" "$KAFKA_KRAFT_CLUSTER_ID") - - # SCRAM users are configured during the cluster bootstrapping process and can later be manually updated using kafka-config.sh - if is_boolean_yes "${KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS:-}"; then - info "Adding KRaft SCRAM users at storage bootstrap" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - # Configure SCRAM-SHA-256 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-256=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Configure SCRAM-SHA-512 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-512=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - fi - # Add controller credentials - if grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - fi - fi - info "Formatting storage directories to add metadata..." - "${KAFKA_HOME}/bin/kafka-storage.sh" format "${args[@]}" -} - -######################## -# Detects inconsitences between the configuration at KAFKA_CONF_FILE and cluster-state file -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_quorum_voters_changed(){ - read -r -a quorum_voters_conf_ids <<<"$(grep "^controller.quorum.voters=" "$KAFKA_CONF_FILE" | sed "s/^controller.quorum.voters=//" | tr "," " " | sed -E "s/\@\S+//g")" - read -r -a quorum_voters_state_ids <<< "$(grep -Eo "\{\"voterId\":[0-9]+\}" "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" | grep -Eo "[0-9]+" | tr "\n" " ")" - - if [[ "${#quorum_voters_conf_ids[@]}" != "${#quorum_voters_state_ids[@]}" ]]; then - true - else - read -r -a sorted_state <<< "$(echo "${quorum_voters_conf_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - read -r -a sorted_conf <<< "$(echo "${quorum_voters_state_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - if [[ "${sorted_state[*]}" = "${sorted_conf[*]}" ]]; then - false - else - true - fi - fi -} - -######################## -# Initialize Kafka -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_initialize() { - info "Initializing Kafka..." - # Check for mounted configuration files - if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then - cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR" - fi - # Copy truststore to cert directory - for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do - # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location) - if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then - info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}" - cp -L "${!cert_var}" "$KAFKA_CERTS_DIR" - fi - done - - if [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" ]]; then - info "No injected configuration files found, creating default config files" - # Restore original server.properties but remove Zookeeper/KRaft specific settings for compatibility with both architectures - cp "${KAFKA_CONF_DIR}/server.properties.original" "$KAFKA_CONF_FILE" - kafka_server_unify_conf - # Configure Kafka settings - kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR" - kafka_configure_from_environment_variables - # Configure Kafka producer/consumer to set up message sizes - ! is_empty_value "${KAFKA_CFG_MAX_REQUEST_SIZE:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE" - ! is_empty_value "${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" - # Zookeeper mode additional settings - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - kafka_zookeeper_configure_tls - fi - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - kafka_zookeeper_configure_jaas - fi - fi - # If at least one listener uses SSL or SASL_SSL, ensure SSL is configured - if kafka_has_ssl_listener; then - kafka_configure_ssl - fi - # If at least one listener uses SASL_PLAINTEXT or SASL_SSL, ensure SASL is configured - if kafka_has_sasl_listener; then - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM ]]; then - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - if [[ "$(kafka_get_version)" =~ ^3\.2\.|^3\.3\.|^3\.4\. ]]; then - # NOTE: This will depend on Kafka version when support for SCRAM is added - warn "KRaft mode requires Kafka version 3.5 or higher for SCRAM to be supported. SCRAM SASL mechanisms will now be disabled." - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN - else - export KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - export KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - # Settings for each Kafka Listener are configured individually - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')" - env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH" - [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}" - fi - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - local role="" - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - role="inter-broker" - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - role="controller" - fi - # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly - if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then - kafka_configure_consumer_producer_jaas - kafka_producer_consumer_conf_set security.protocol "$protocol" - kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}" - fi - # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected - if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - kafka_configure_server_jaas "$listener_lower" "${role:-}" - fi - fi - done - # Configure Kafka using environment variables - # This is executed at the end, to allow users to override properties set by the initialization logic - kafka_configure_from_environment_variables - else - info "Detected mounted server.properties file at ${KAFKA_MOUNTED_CONF_DIR}/server.properties. Skipping configuration based on env variables" - fi - true -} - -######################## -# Returns the most secure SASL mechanism available for Kafka clients -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_client_sasl_mechanism() { - local sasl_mechanism="" - - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-512 ]]; then - sasl_mechanism="SCRAM-SHA-512" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-256 ]]; then - sasl_mechanism="SCRAM-SHA-256" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ PLAIN ]]; then - sasl_mechanism="PLAIN" - fi - echo "$sasl_mechanism" -} - -######################## -# Removes default settings referencing Zookeeper mode or KRaft mode -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_server_unify_conf() { - local -r remove_regexps=( - #Zookeeper - "s/^zookeeper\./#zookeeper./g" - "s/^group\.initial/#group.initial/g" - "s/^broker\./#broker./g" - "s/^node\./#node./g" - "s/^process\./#process./g" - "s/^listeners=/#listeners=/g" - "s/^listener\./#listener./g" - "s/^controller\./#controller./g" - "s/^inter\.broker/#inter.broker/g" - "s/^advertised\.listeners/#advertised.listeners/g" - ) - - # Map environment variables to config properties - for regex in "${remove_regexps[@]}"; do - sed -i "${regex}" "$KAFKA_CONF_FILE" - done -} - -######################## -# Dinamically set node.id/broker.id/controller.quorum.voters if their alternative environment variable _COMMAND is set -# Globals: -# KAFKA_*_COMMAND -# Arguments: -# None -# Returns: -# None -######################### -kafka_dynamic_environment_variables() { - # KRaft mode - if ! is_empty_value "${KAFKA_NODE_ID_COMMAND:-}"; then - KAFKA_CFG_NODE_ID="$(eval "${KAFKA_NODE_ID_COMMAND}")" - export KAFKA_CFG_NODE_ID - fi - if ! is_empty_value "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND:-}"; then - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS="$(eval "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND}")" - export KAFKA_CFG_CONTROLLER_QUORUM_VOTERS - fi - # Zookeeper mode - # DEPRECATED - BROKER_ID_COMMAND has been deprecated, please use KAFKA_BROKER_ID_COMMAND instead - if ! is_empty_value "${KAFKA_BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${KAFKA_BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - elif ! is_empty_value "${BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - fi -} - -######################## -# Run custom initialization scripts -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_custom_init_scripts() { - if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR" - for f in /docker-entrypoint-initdb.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is running -######################## -is_kafka_running() { - local pid - pid="$(get_pid_from_file "$KAFKA_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is not running -######################## -is_kafka_not_running() { - ! is_kafka_running -} - -######################## -# Stop Kafka -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_stop() { - ! is_kafka_running && return - stop_service_using_pid "$KAFKA_PID_FILE" TERM -} diff --git a/bitnami/kafka/3.3/debian-12/tags-info.yaml b/bitnami/kafka/3.3/debian-12/tags-info.yaml deleted file mode 100644 index d090a161e7523..0000000000000 --- a/bitnami/kafka/3.3/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "3.3" -- 3.3-debian-12 -- 3.3.2 diff --git a/bitnami/kafka/3.4/README.md b/bitnami/kafka/3.4/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/kafka/3.4/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/kafka/3.4/debian-12/Dockerfile b/bitnami/kafka/3.4/debian-12/Dockerfile deleted file mode 100644 index 46446e5f84555..0000000000000 --- a/bitnami/kafka/3.4/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:15:11Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.4.1-debian-12-r26" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \ - org.opencontainers.image.title="kafka" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.4.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "kafka-3.4.1-7-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/kafka/postunpack.sh -ENV APP_VERSION="3.4.1" \ - BITNAMI_APP_NAME="kafka" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH" - -EXPOSE 9092 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/bitnami/kafka/3.4/debian-12/docker-compose.yml b/bitnami/kafka/3.4/debian-12/docker-compose.yml deleted file mode 100644 index 5dba1ede781f9..0000000000000 --- a/bitnami/kafka/3.4/debian-12/docker-compose.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: "2" - -services: - kafka: - image: docker.io/bitnami/kafka:3.4 - ports: - - "9092:9092" - volumes: - - "kafka_data:/bitnami" - environment: - # KRaft settings - - KAFKA_CFG_NODE_ID=0 - - KAFKA_CFG_PROCESS_ROLES=controller,broker - - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093 - # Listeners - - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093 - - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092 - - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT - - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER - - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT -volumes: - kafka_data: - driver: local diff --git a/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index dafb7e798db90..0000000000000 --- a/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "kafka": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.4.1-7" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/kafka/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh b/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh deleted file mode 100644 index f58958279ce88..0000000000000 --- a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for kafka - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-kafka}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -kafka_env_vars=( - KAFKA_MOUNTED_CONF_DIR - KAFKA_INTER_BROKER_USER - KAFKA_INTER_BROKER_PASSWORD - KAFKA_CONTROLLER_USER - KAFKA_CONTROLLER_PASSWORD - KAFKA_CERTIFICATE_PASSWORD - KAFKA_TLS_TRUSTSTORE_FILE - KAFKA_TLS_TYPE - KAFKA_TLS_CLIENT_AUTH - KAFKA_OPTS - KAFKA_CFG_SASL_ENABLED_MECHANISMS - KAFKA_KRAFT_CLUSTER_ID - KAFKA_SKIP_KRAFT_STORAGE_INIT - KAFKA_CLIENT_LISTENER_NAME - KAFKA_ZOOKEEPER_PROTOCOL - KAFKA_ZOOKEEPER_PASSWORD - KAFKA_ZOOKEEPER_USER - KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE - KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME - KAFKA_ZOOKEEPER_TLS_TYPE - KAFKA_CLIENT_USERS - KAFKA_CLIENT_PASSWORDS - KAFKA_HEAP_OPTS -) -for env_var in "${kafka_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset kafka_env_vars - -# Paths -export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka" -export KAFKA_VOLUME_DIR="/bitnami/kafka" -export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data" -export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config" -export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties" -export KAFKA_MOUNTED_CONF_DIR="${KAFKA_MOUNTED_CONF_DIR:-${KAFKA_VOLUME_DIR}/config}" -export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs" -export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs" -export KAFKA_HOME="$KAFKA_BASE_DIR" -export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}" - -# System users (when running with a privileged user) -export KAFKA_DAEMON_USER="kafka" -export KAFKA_DAEMON_GROUP="kafka" - -# Kafka runtime settings -export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}" -export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}" -export KAFKA_CONTROLLER_USER="${KAFKA_CONTROLLER_USER:-controller_user}" -export KAFKA_CONTROLLER_PASSWORD="${KAFKA_CONTROLLER_PASSWORD:-bitnami}" -export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}" -export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}" -export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}" -export KAFKA_OPTS="${KAFKA_OPTS:-}" - -# Kafka configuration overrides -export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}" -export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}" -export KAFKA_SKIP_KRAFT_STORAGE_INIT="${KAFKA_SKIP_KRAFT_STORAGE_INIT:-false}" -export KAFKA_CLIENT_LISTENER_NAME="${KAFKA_CLIENT_LISTENER_NAME:-}" - -# ZooKeeper connection settings -export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}" -export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}" -export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}" -export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}" -export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}" - -# Authentication -export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}" -export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}" - -# Java settings -export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}" - -# Custom environment variables may be defined below diff --git a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh b/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh deleted file mode 100755 index d7413bcfc4f33..0000000000000 --- a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -print_welcome_page - -if [[ "$*" = *"/opt/bitnami/scripts/kafka/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Kafka setup **" - /opt/bitnami/scripts/kafka/setup.sh - info "** Kafka setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh b/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh deleted file mode 100755 index 7255563236c0b..0000000000000 --- a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libfs.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Move server.properties from configtmp to config -# Temporary solution until kafka tarball places server.properties into config -if [[ -d "${KAFKA_BASE_DIR}/configtmp" ]]; then - mv "${KAFKA_BASE_DIR}/configtmp"/* "$KAFKA_CONF_DIR" - rmdir "${KAFKA_BASE_DIR}/configtmp" -fi -[[ -d "${KAFKA_BASE_DIR}/conf" ]] && rmdir "${KAFKA_BASE_DIR}/conf" - -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR"; do - ensure_dir_exists "$dir" -done -chmod -R g+rwX "$KAFKA_BASE_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR" - -# Move the original server.properties, so users can skip initialization logic by mounting their own server.properties directly instead of using the MOUNTED_CONF_DIR -mv "${KAFKA_CONF_DIR}/server.properties" "${KAFKA_CONF_DIR}/server.properties.original" - -# Disable logging to stdout and garbage collection -# Source: https://logging.apache.org/log4j/log4j-2.4/manual/appenders.html -replace_in_file "${KAFKA_BASE_DIR}/bin/kafka-server-start.sh" " [-]loggc" " " -replace_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DailyRollingFileAppender" "ConsoleAppender" - -# Disable the default console logger in favour of KafkaAppender (which provides the exact output) -echo "log4j.appender.stdout.Threshold=OFF" >>"${KAFKA_CONF_DIR}/log4j.properties" - -# Remove invalid parameters for ConsoleAppender -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DatePattern" -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "Appender.File" diff --git a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh b/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh deleted file mode 100755 index 76d4380aff57e..0000000000000 --- a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libos.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -if [[ -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - export KAFKA_OPTS="${KAFKA_OPTS:-} -Djava.security.auth.login.config=${KAFKA_CONF_DIR}/kafka_jaas.conf" -fi - -cmd="$KAFKA_HOME/bin/kafka-server-start.sh" -args=("$KAFKA_CONF_FILE") -! is_empty_value "${KAFKA_EXTRA_FLAGS:-}" && args=("${args[@]}" "${KAFKA_EXTRA_FLAGS[@]}") - -info "** Starting Kafka **" -if am_i_root; then - exec_as_user "$KAFKA_DAEMON_USER" "$cmd" "${args[@]}" "$@" -else - exec "$cmd" "${args[@]}" "$@" -fi diff --git a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh b/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh deleted file mode 100755 index 5195f71910176..0000000000000 --- a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Map Kafka environment variables -kafka_create_alias_environment_variables - -# Dinamically set node.id/broker.id/controller.quorum.voters if the _COMMAND environment variable is set -kafka_dynamic_environment_variables - -# Set the default tuststore locations before validation -kafka_configure_default_truststore_locations -# Ensure Kafka user and group exist when running as 'root' -am_i_root && ensure_user_exists "$KAFKA_DAEMON_USER" --group "$KAFKA_DAEMON_GROUP" -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR"; do - if am_i_root; then - ensure_dir_exists "$dir" "$KAFKA_DAEMON_USER" "$KAFKA_DAEMON_GROUP" - else - ensure_dir_exists "$dir" - fi -done - -# Kafka validation, skipped if server.properties was mounted at either $KAFKA_MOUNTED_CONF_DIR or $KAFKA_CONF_DIR -[[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" && ! -f "$KAFKA_CONF_FILE" ]] && kafka_validate -# Kafka initialization, skipped if server.properties was mounted at $KAFKA_CONF_DIR -[[ ! -f "$KAFKA_CONF_FILE" ]] && kafka_initialize - -# Initialise KRaft metadata storage if process.roles configured -if grep -q "^process.roles=" "$KAFKA_CONF_FILE" && ! is_boolean_yes "$KAFKA_SKIP_KRAFT_STORAGE_INIT" ; then - kafka_kraft_storage_initialize -fi -# Configure Zookeeper SCRAM users -if is_boolean_yes "${KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS:-}"; then - kafka_zookeeper_create_sasl_scram_users -fi -# KRaft controllers may get stuck starting when the controller quorum voters are changed. -# Workaround: Remove quorum-state file when scaling up/down controllers (Waiting proposal KIP-853) -# https://cwiki.apache.org/confluence/display/KAFKA/KIP-853%3A+KRaft+Voter+Changes -if [[ -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" ]] && grep -q "^controller.quorum.voters=" "$KAFKA_CONF_FILE" && kafka_kraft_quorum_voters_changed; then - warn "Detected inconsitences between controller.quorum.voters and quorum-state, removing it..." - rm -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" -fi -# Ensure custom initialization scripts are executed -kafka_custom_init_scripts diff --git a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh b/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh deleted file mode 100644 index b36e8c48b05bc..0000000000000 --- a/bitnami/kafka/3.4/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh +++ /dev/null @@ -1,1180 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Kafka library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -# Functions - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -kafka_common_conf_set() { - local file="${1:?missing file}" - local key="${2:?missing key}" - shift - shift - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Returns true if at least one listener is configured using SSL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_ssl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SSL: || "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using SASL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_sasl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SASL_PLAINTEXT: ]] || [[ "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using plaintext -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_plaintext_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "PLAINTEXT" ]]; then - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - else - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ PLAINTEXT: ]]; then - return - fi - fi - return 1 -} - -######################## -# Backwards compatibility measure to configure the TLS truststore locations -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_default_truststore_locations() { - # Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt - # the UX that the previous version of the containers and the helm chart have. - # Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks. - # Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom - # locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need - # use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set - - # Kafka truststore - if kafka_has_ssl_listener && is_empty_value "${KAFKA_TLS_TRUSTSTORE_FILE:-}"; then - local kafka_truststore_filename="kafka.truststore.jks" - [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}" - fi - fi - # Zookeeper truststore - if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"; then - local zk_truststore_filename="zookeeper.truststore.jks" - [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}" - fi - fi -} - -######################## -# Set a configuration setting value to server.properties -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_server_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_FILE" "$@" -} - -######################## -# Set a configuration setting value to producer.properties and consumer.properties -# Globals: -# KAFKA_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_producer_consumer_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@" - kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@" -} - -######################## -# Create alias for environment variable, so both can be used -# Globals: -# None -# Arguments: -# $1 - Alias environment variable name -# $2 - Original environment variable name -# Returns: -# None -######################### -kafka_declare_alias_env() { - local -r alias="${1:?missing environment variable alias}" - local -r original="${2:?missing original environment variable}" - if printenv "${original}" >/dev/null; then - export "$alias"="${!original:-}" - fi -} - -######################## -# Map Kafka legacy environment variables to the new names -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_create_alias_environment_variables() { - suffixes=( - "ADVERTISED_LISTENERS" - "BROKER_ID" - "NODE_ID" - "CONTROLLER_QUORUM_VOTERS" - "PROCESS_ROLES" - "DEFAULT_REPLICATION_FACTOR" - "DELETE_TOPIC_ENABLE" - "INTER_BROKER_LISTENER_NAME" - "LISTENERS" - "LISTENER_SECURITY_PROTOCOL_MAP" - "LOG_DIRS" - "LOG_FLUSH_INTERVAL_MESSAGES" - "LOG_FLUSH_INTERVAL_MS" - "LOG_MESSAGE_FORMAT_VERSION" - "LOG_RETENTION_BYTES" - "LOG_RETENTION_CHECK_INTERVALS_MS" - "LOG_RETENTION_HOURS" - "LOG_SEGMENT_BYTES" - "MESSAGE_MAX_BYTES" - "NUM_IO_THREADS" - "NUM_NETWORK_THREADS" - "NUM_PARTITIONS" - "NUM_RECOVERY_THREADS_PER_DATA_DIR" - "OFFSETS_TOPIC_REPLICATION_FACTOR" - "SOCKET_RECEIVE_BUFFER_BYTES" - "SOCKET_REQUEST_MAX_BYTES" - "SOCKET_SEND_BUFFER_BYTES" - "SSL_ENDPOINT_IDENTIFICATION_ALGORITHM" - "TRANSACTION_STATE_LOG_MIN_ISR" - "TRANSACTION_STATE_LOG_REPLICATION_FACTOR" - "ZOOKEEPER_CONNECT" - "ZOOKEEPER_CONNECTION_TIMEOUT_MS" - ) - kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS" - kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES" - kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES" - kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS" - kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE" - kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER" - kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD" - kafka_declare_alias_env "KAFKA_CLIENT_LISTENER_NAME" "KAFKA_CLIENT_LISTENER" - for s in "${suffixes[@]}"; do - kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}" - done -} - -######################## -# Validate settings in KAFKA_* env vars -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_validate() { - debug "Validating settings in KAFKA_* env vars..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - # If process.roles configured, check its values are valid and perform additional checks for each - check_kraft_process_roles() { - read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$KAFKA_CFG_PROCESS_ROLES")" - for role in "${roles_list[@]}"; do - case "$role" in - broker) ;; - controller) - if is_empty_value "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-}"; then - print_validation_error "Role 'controller' enabled but environment variable KAFKA_CFG_CONTROLLER_LISTENER_NAMES was not provided." - fi - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ ! "$KAFKA_CFG_LISTENERS" =~ ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} ]]; then - print_validation_error "Role 'controller' enabled but listener ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} not found in KAFKA_CFG_LISTENERS." - fi - ;; - *) - print_validation_error "Invalid KRaft process role '$role'. Supported roles are 'broker,controller'" - ;; - esac - done - } - # Check all listeners are using a unique and valid port - check_listener_ports(){ - check_allowed_port() { - local port="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("$port") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port ${port} was specified in the environment variable KAFKA_CFG_LISTENERS: ${err}." - fi - } - - read -r -a listeners <<<"$(tr ',' ' ' <<<"${KAFKA_CFG_LISTENERS:-}")" - local -a ports=() - for listener in "${listeners[@]}"; do - read -r -a arr <<<"$(tr ':' ' ' <<<"$listener")" - # Obtain the port from listener string, e.g. PLAINTEXT://:9092 - port="${arr[2]}" - check_allowed_port "$port" - ports+=("$port") - done - # Check each listener is using an unique port - local -a unique_ports=() - read -r -a unique_ports <<< "$(echo "${ports[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" - if [[ "${#ports[@]}" != "${#unique_ports[@]}" ]]; then - print_validation_error "There are listeners bound to the same port" - fi - } - check_listener_protocols(){ - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - # Check protocol in allowed list - if [[ ! "${allowed_protocols[*]}" =~ $protocol ]]; then - print_validation_error "Authentication protocol ${protocol} is not supported!" - fi - # If inter-broker listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL is set - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}"; then - print_validation_error "When using SASL for inter broker comunication the mechanism should be provided using KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - fi - if is_empty_value "${KAFKA_INTER_BROKER_USER:-}" || is_empty_value "${KAFKA_INTER_BROKER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka inter-broker communications, you must provide the SASL credentials. Set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD to configure the credentials for SASL authentication with between brokers." - fi - fi - # If controller listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL is set - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL:-}"; then - print_validation_error "When using SASL for controller comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - warn "KRaft controller listener may not support SCRAM-SHA-256/SCRAM-SHA-512 mechanisms. If facing any issues, we recommend switching to PLAIN mechanism. More information at: https://issues.apache.org/jira/browse/KAFKA-15513" - fi - if is_empty_value "${KAFKA_CONTROLLER_USER:-}" || is_empty_value "${KAFKA_CONTROLLER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka control plane communications, you must provide the SASL credentials. Set the environment variables KAFKA_CONTROLLER_USER and KAFKA_CONTROLLER_PASSWORD to configure the credentials for SASL authentication with between controllers." - fi - fi - else - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CLIENT_USERS:-}" || is_empty_value "${KAFKA_CLIENT_PASSWORDS:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS to configure the credentials for SASL authentication with clients." - fi - fi - - fi - done - } - - if is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}" && is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - print_validation_error "Kafka haven't been configured to work in either Raft or Zookeper mode. Please make sure at least one of the modes is configured." - fi - # Check KRaft mode - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - # Raft - if [[ "$(kafka_get_version)" =~ ^3\.2\. ]]; then - warn "KRaft mode is not production-ready in Kafka 3.2, for production environments, we recommend upgrading " - fi - # Only allow Zookeeper configuration if migration mode is enabled - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}" && - { is_empty_value "${KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE:-}" || ! is_boolean_yes "$KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE"; }; then - print_validation_error "Both KRaft mode and Zookeeper modes are configured, but KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE is not enabled" - fi - if is_empty_value "${KAFKA_CFG_NODE_ID:-}"; then - print_validation_error "KRaft mode requires an unique node.id, please set the environment variable KAFKA_CFG_NODE_ID" - fi - if is_empty_value "${KAFKA_CFG_CONTROLLER_QUORUM_VOTERS:-}"; then - print_validation_error "KRaft mode requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set" - fi - check_kraft_process_roles - fi - # Check Zookeeper mode - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - # If SSL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]]; then - # Fail if truststore is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if keystore is not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then - warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]]; then - # Fail if CA / validation cert is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if node key or cert are not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if { [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then - warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - fi - # If SASL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - if is_empty_value "${KAFKA_ZOOKEEPER_USER:-}" || is_empty_value "${KAFKA_ZOOKEEPER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper." - fi - fi - # If using plaintext protocol, check it is explicitly allowed - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" = "PLAINTEXT" ]]; then - warn "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure SASL and/or SSL, this setting is not recommended for production environments." - fi - fi - # Check listener ports are unique and allowed - check_listener_ports - # Check listeners are mapped to a valid security protocol - check_listener_protocols - # Warn users if plaintext listeners are configured - if kafka_has_plaintext_listener; then - warn "Kafka has been configured with a PLAINTEXT listener, this setting is not recommended for production environments." - fi - # If SSL/SASL_SSL listeners configured, check certificates are provided - if kafka_has_ssl_listener; then - if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - # If SASL/SASL_SSL listeners configured, check passwords are provided - if kafka_has_sasl_listener; then - if is_empty_value "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}"; then - print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - fi - # Check users and passwords lists are the same size - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" - if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then - print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!" - fi - check_multi_value "KAFKA_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_PROTOCOL" "PLAINTEXT SASL SSL SASL_SSL" - check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required" - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Get kafka version -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# version -######################### -kafka_get_version() { - local -a cmd=("kafka-topics.sh" "--version") - am_i_root && cmd=("run_as_user" "$KAFKA_DAEMON_USER" "${cmd[@]}") - - read -r -a ver_split <<< "$("${cmd[@]}")" - echo "${ver_split[0]}" -} - -######################### -# Configure JAAS for a given listener and SASL mechanisms -# Globals: -# KAFKA_* -# Arguments: -# $1 - Name of the listener JAAS will be configured for -# $2 - Comma-separated list of SASL mechanisms to configure -# $3 - Comma-separated list of usernames -# $4 - Comma-separated list of passwords -# Returns: -# None -######################### -kafka_configure_server_jaas() { - local listener="${1:?missing listener name}" - local role="${2:-}" - - if [[ "$role" = "controller" ]]; then - local jaas_content=() - if [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" = "PLAIN" ]]; then - jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\"" - "user_${KAFKA_CONTROLLER_USER}=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - else - read -r -a sasl_mechanisms_arr <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_SASL_ENABLED_MECHANISMS")" - read -r -a users <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_USERS")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_PASSWORDS")" - # Configure JAAS for each SASL mechanism - # ref: https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html - for sasl_mechanism in "${sasl_mechanisms_arr[@]}"; do - local jaas_content=() - # For PLAIN mechanism, only the first username will be used - if [[ "$sasl_mechanism" = "PLAIN" ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - if [[ "$role" = "inter-broker" ]]; then - jaas_content+=( - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\"" - ) - users+=("$KAFKA_INTER_BROKER_USER") - passwords+=("$KAFKA_INTER_BROKER_PASSWORD") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - jaas_content+=("user_${users[i]}=\"${passwords[i]}\"") - done - # Add semi-colon to the last element of the array - jaas_content[${#jaas_content[@]} - 1]="${jaas_content[${#jaas_content[@]} - 1]};" - elif [[ "$sasl_mechanism" =~ SCRAM ]]; then - if [[ "$role" = "inter-broker" ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\";" - ) - else - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required;") - fi - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$sasl_mechanism" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - done - fi -} - -######################## -# Configure Zookeeper JAAS authentication -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_configure_jaas(){ - local jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_ZOOKEEPER_USER}\"" - "password=\"${KAFKA_ZOOKEEPER_PASSWORD}\";" - ) - - kafka_server_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Generate JAAS authentication file for local producer/consumer to use -# Globals: -# KAFKA_* -# Arguments: -# $1 - Authentication protocol to use for the internal listener -# $2 - Authentication protocol to use for the client listener -# Returns: -# None -######################### -kafka_configure_consumer_producer_jaas(){ - local jaas_content=() - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - - if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ SCRAM ]]; then - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required") - elif [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ PLAIN ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - else - error "Couldn't configure a supported SASL mechanism for Kafka consumer/producer properties" - exit 1 - fi - - jaas_content+=( - "username=\"${users[0]}\"" - "password=\"${passwords[0]}\";" - ) - - kafka_producer_consumer_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Create users in zookeper when using SASL/SCRAM mechanism -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_create_sasl_scram_users() { - info "Creating users in Zookeeper" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - local zookeeper_connect - zookeeper_connect=$(grep "^zookeeper.connect=" "$KAFKA_CONF_FILE" | sed -E 's/^zookeeper\.connect=(\S+)$/\1/') - read -r -a zookeeper_hosts <<<"$(tr ',;' ' ' <<<"${zookeeper_connect}")" - - if [[ "${#zookeeper_hosts[@]}" -eq 0 ]]; then - error "Couldn't obtain zookeeper.connect from $KAFKA_CONF_FILE" - exit 1 - fi - # Wait for Zookeeper to be reachable - read -r -a aux <<<"$(tr ':' ' ' <<<"${zookeeper_hosts[0]}")" - local host="${aux[0]:?missing host}" - local port="${aux[1]:-2181}" - wait-for-port --host "$host" "$port" - - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM" "$KAFKA_CONF_FILE"; then - users+=("${KAFKA_INTER_BROKER_USER}") - passwords+=("${KAFKA_INTER_BROKER_PASSWORD}") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - debug "Creating user ${users[i]} in zookeeper" - # Ref: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#sasl-scram-overview - debug_execute kafka-configs.sh --zookeeper "$zookeeper_connect" --alter --add-config "SCRAM-SHA-256=[iterations=8192,password=${passwords[i]}],SCRAM-SHA-512=[password=${passwords[i]}]" --entity-type users --entity-name "${users[i]}" - done -} - -######################## -# Configure Kafka SSL settings -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_ssl() { - # Configures both Kafka server and producers/consumers - configure_both() { - kafka_server_conf_set "${1:?missing key}" "${2:?missing value}" - kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}" - } - kafka_server_conf_set "ssl.client.auth" "${KAFKA_TLS_CLIENT_AUTH}" - configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}" - configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}" - local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.key.password "$KAFKA_CERTIFICATE_PASSWORD" - if [[ "$KAFKA_TLS_TYPE" = "PEM" ]]; then - file_to_multiline_property() { - awk 'NR > 1{print line"\\n\\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" - } - remove_previous_cert_value() { - local key="${1:?missing key}" - files=( - "${KAFKA_CONF_FILE}" - "${KAFKA_CONF_DIR}/producer.properties" - "${KAFKA_CONF_DIR}/consumer.properties" - ) - for file in "${files[@]}"; do - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Delete all lines from the certificate beginning to its end - sed -i "/^[#\\s]*$key\s*=.*-----BEGIN/,/-----END/d" "$file" - fi - done - } - # We need to remove the previous cert value - # kafka_common_conf_set uses replace_in_file, which can't match multiple lines - remove_previous_cert_value ssl.keystore.key - remove_previous_cert_value ssl.keystore.certificate.chain - remove_previous_cert_value ssl.truststore.certificates - configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")" - configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")" - configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")" - elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then - configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks - configure_both ssl.truststore.location "$kafka_truststore_location" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD" - fi - true # Avoid the function to fail due to the check above -} - -######################## -# Get Zookeeper TLS settings -# Globals: -# KAFKA_ZOOKEEPER_TLS_* -# Arguments: -# None -# Returns: -# String -######################### -kafka_zookeeper_configure_tls() { - # Note that ZooKeeper does not support a key password different from the keystore password, - # so be sure to set the key password in the keystore to be identical to the keystore password; - # otherwise the connection attempt to Zookeeper will fail. - local keystore_location="" - local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")" - - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]]; then - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; then - # Concatenating private key into public certificate file - # This is needed to load keystore from location using PEM - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keypair.pem" - cat "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" > "$keystore_location" - fi - - kafka_server_conf_set "zookeeper.clientCnxnSocket" "org.apache.zookeeper.ClientCnxnSocketNetty" - kafka_server_conf_set "zookeeper.ssl.client.enable" "true" - is_boolean_yes "${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-}" && kafka_server_conf_set "zookeeper.ssl.endpoint.identification.algorithm" "HTTPS" - ! is_empty_value "${keystore_location:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.location" "${keystore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.password" "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD}" - ! is_empty_value "${kafka_zk_truststore_location:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.location" "${kafka_zk_truststore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.password" "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD}" - true # Avoid the function to fail due to the check above -} - -######################## -# Configure Kafka configuration files from environment variables -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_from_environment_variables() { - # List of special cases to apply to the variables - local -r exception_regexps=( - "s/sasl\.ssl/sasl_ssl/g" - "s/sasl\.plaintext/sasl_plaintext/g" - ) - # Map environment variables to config properties - for var in "${!KAFKA_CFG_@}"; do - key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" - - # Exception for the camel case in this environment variable - [[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket" - - # Apply exception regexps - for regex in "${exception_regexps[@]}"; do - key="$(echo "$key" | sed "$regex")" - done - - value="${!var}" - kafka_server_conf_set "$key" "$value" - done -} - -######################## -# Initialize KRaft storage -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_storage_initialize() { - local args=("--config" "$KAFKA_CONF_FILE" "--ignore-formatted") - info "Initializing KRaft storage metadata" - - # If cluster.id found in meta.properties, use it - if [[ -f "${KAFKA_DATA_DIR}/meta.properties" ]]; then - KAFKA_KRAFT_CLUSTER_ID=$(grep "^cluster.id=" "${KAFKA_DATA_DIR}/meta.properties" | sed -E 's/^cluster\.id=(\S+)$/\1/') - fi - - if is_empty_value "${KAFKA_KRAFT_CLUSTER_ID:-}"; then - warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one" - KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)" - info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'" - fi - args+=("--cluster-id" "$KAFKA_KRAFT_CLUSTER_ID") - - # SCRAM users are configured during the cluster bootstrapping process and can later be manually updated using kafka-config.sh - if is_boolean_yes "${KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS:-}"; then - info "Adding KRaft SCRAM users at storage bootstrap" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - # Configure SCRAM-SHA-256 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-256=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Configure SCRAM-SHA-512 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-512=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - fi - # Add controller credentials - if grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - fi - fi - info "Formatting storage directories to add metadata..." - "${KAFKA_HOME}/bin/kafka-storage.sh" format "${args[@]}" -} - -######################## -# Detects inconsitences between the configuration at KAFKA_CONF_FILE and cluster-state file -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_quorum_voters_changed(){ - read -r -a quorum_voters_conf_ids <<<"$(grep "^controller.quorum.voters=" "$KAFKA_CONF_FILE" | sed "s/^controller.quorum.voters=//" | tr "," " " | sed -E "s/\@\S+//g")" - read -r -a quorum_voters_state_ids <<< "$(grep -Eo "\{\"voterId\":[0-9]+\}" "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" | grep -Eo "[0-9]+" | tr "\n" " ")" - - if [[ "${#quorum_voters_conf_ids[@]}" != "${#quorum_voters_state_ids[@]}" ]]; then - true - else - read -r -a sorted_state <<< "$(echo "${quorum_voters_conf_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - read -r -a sorted_conf <<< "$(echo "${quorum_voters_state_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - if [[ "${sorted_state[*]}" = "${sorted_conf[*]}" ]]; then - false - else - true - fi - fi -} - -######################## -# Initialize Kafka -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_initialize() { - info "Initializing Kafka..." - # Check for mounted configuration files - if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then - cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR" - fi - # Copy truststore to cert directory - for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do - # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location) - if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then - info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}" - cp -L "${!cert_var}" "$KAFKA_CERTS_DIR" - fi - done - - if [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" ]]; then - info "No injected configuration files found, creating default config files" - # Restore original server.properties but remove Zookeeper/KRaft specific settings for compatibility with both architectures - cp "${KAFKA_CONF_DIR}/server.properties.original" "$KAFKA_CONF_FILE" - kafka_server_unify_conf - # Configure Kafka settings - kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR" - kafka_configure_from_environment_variables - # Configure Kafka producer/consumer to set up message sizes - ! is_empty_value "${KAFKA_CFG_MAX_REQUEST_SIZE:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE" - ! is_empty_value "${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" - # Zookeeper mode additional settings - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - kafka_zookeeper_configure_tls - fi - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - kafka_zookeeper_configure_jaas - fi - fi - # If at least one listener uses SSL or SASL_SSL, ensure SSL is configured - if kafka_has_ssl_listener; then - kafka_configure_ssl - fi - # If at least one listener uses SASL_PLAINTEXT or SASL_SSL, ensure SASL is configured - if kafka_has_sasl_listener; then - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM ]]; then - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - if [[ "$(kafka_get_version)" =~ ^3\.2\.|^3\.3\.|^3\.4\. ]]; then - # NOTE: This will depend on Kafka version when support for SCRAM is added - warn "KRaft mode requires Kafka version 3.5 or higher for SCRAM to be supported. SCRAM SASL mechanisms will now be disabled." - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN - else - export KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - export KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - # Settings for each Kafka Listener are configured individually - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')" - env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH" - [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}" - fi - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - local role="" - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - role="inter-broker" - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - role="controller" - fi - # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly - if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then - kafka_configure_consumer_producer_jaas - kafka_producer_consumer_conf_set security.protocol "$protocol" - kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}" - fi - # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected - if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - kafka_configure_server_jaas "$listener_lower" "${role:-}" - fi - fi - done - # Configure Kafka using environment variables - # This is executed at the end, to allow users to override properties set by the initialization logic - kafka_configure_from_environment_variables - else - info "Detected mounted server.properties file at ${KAFKA_MOUNTED_CONF_DIR}/server.properties. Skipping configuration based on env variables" - fi - true -} - -######################## -# Returns the most secure SASL mechanism available for Kafka clients -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_client_sasl_mechanism() { - local sasl_mechanism="" - - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-512 ]]; then - sasl_mechanism="SCRAM-SHA-512" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-256 ]]; then - sasl_mechanism="SCRAM-SHA-256" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ PLAIN ]]; then - sasl_mechanism="PLAIN" - fi - echo "$sasl_mechanism" -} - -######################## -# Removes default settings referencing Zookeeper mode or KRaft mode -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_server_unify_conf() { - local -r remove_regexps=( - #Zookeeper - "s/^zookeeper\./#zookeeper./g" - "s/^group\.initial/#group.initial/g" - "s/^broker\./#broker./g" - "s/^node\./#node./g" - "s/^process\./#process./g" - "s/^listeners=/#listeners=/g" - "s/^listener\./#listener./g" - "s/^controller\./#controller./g" - "s/^inter\.broker/#inter.broker/g" - "s/^advertised\.listeners/#advertised.listeners/g" - ) - - # Map environment variables to config properties - for regex in "${remove_regexps[@]}"; do - sed -i "${regex}" "$KAFKA_CONF_FILE" - done -} - -######################## -# Dinamically set node.id/broker.id/controller.quorum.voters if their alternative environment variable _COMMAND is set -# Globals: -# KAFKA_*_COMMAND -# Arguments: -# None -# Returns: -# None -######################### -kafka_dynamic_environment_variables() { - # KRaft mode - if ! is_empty_value "${KAFKA_NODE_ID_COMMAND:-}"; then - KAFKA_CFG_NODE_ID="$(eval "${KAFKA_NODE_ID_COMMAND}")" - export KAFKA_CFG_NODE_ID - fi - if ! is_empty_value "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND:-}"; then - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS="$(eval "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND}")" - export KAFKA_CFG_CONTROLLER_QUORUM_VOTERS - fi - # Zookeeper mode - # DEPRECATED - BROKER_ID_COMMAND has been deprecated, please use KAFKA_BROKER_ID_COMMAND instead - if ! is_empty_value "${KAFKA_BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${KAFKA_BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - elif ! is_empty_value "${BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - fi -} - -######################## -# Run custom initialization scripts -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_custom_init_scripts() { - if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR" - for f in /docker-entrypoint-initdb.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is running -######################## -is_kafka_running() { - local pid - pid="$(get_pid_from_file "$KAFKA_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is not running -######################## -is_kafka_not_running() { - ! is_kafka_running -} - -######################## -# Stop Kafka -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_stop() { - ! is_kafka_running && return - stop_service_using_pid "$KAFKA_PID_FILE" TERM -} diff --git a/bitnami/kafka/3.4/debian-12/tags-info.yaml b/bitnami/kafka/3.4/debian-12/tags-info.yaml deleted file mode 100644 index 18cf5f73e7f88..0000000000000 --- a/bitnami/kafka/3.4/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "3.4" -- 3.4-debian-12 -- 3.4.1 diff --git a/bitnami/kafka/3.5/README.md b/bitnami/kafka/3.5/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/kafka/3.5/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/kafka/3.5/debian-12/Dockerfile b/bitnami/kafka/3.5/debian-12/Dockerfile deleted file mode 100644 index e3a8fc83866a4..0000000000000 --- a/bitnami/kafka/3.5/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T21:51:32Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.5.2-debian-12-r17" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \ - org.opencontainers.image.title="kafka" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.5.2" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "kafka-3.5.2-5-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/kafka/postunpack.sh -ENV APP_VERSION="3.5.2" \ - BITNAMI_APP_NAME="kafka" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH" - -EXPOSE 9092 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/bitnami/kafka/3.5/debian-12/docker-compose.yml b/bitnami/kafka/3.5/debian-12/docker-compose.yml deleted file mode 100644 index 84826f5f44294..0000000000000 --- a/bitnami/kafka/3.5/debian-12/docker-compose.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: "2" - -services: - kafka: - image: docker.io/bitnami/kafka:3.5 - ports: - - "9092:9092" - volumes: - - "kafka_data:/bitnami" - environment: - # KRaft settings - - KAFKA_CFG_NODE_ID=0 - - KAFKA_CFG_PROCESS_ROLES=controller,broker - - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093 - # Listeners - - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093 - - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092 - - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT - - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER - - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT -volumes: - kafka_data: - driver: local diff --git a/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 5f1381f7d912a..0000000000000 --- a/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "kafka": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.5.2-5" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/kafka/3.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh b/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh deleted file mode 100644 index f58958279ce88..0000000000000 --- a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for kafka - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-kafka}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -kafka_env_vars=( - KAFKA_MOUNTED_CONF_DIR - KAFKA_INTER_BROKER_USER - KAFKA_INTER_BROKER_PASSWORD - KAFKA_CONTROLLER_USER - KAFKA_CONTROLLER_PASSWORD - KAFKA_CERTIFICATE_PASSWORD - KAFKA_TLS_TRUSTSTORE_FILE - KAFKA_TLS_TYPE - KAFKA_TLS_CLIENT_AUTH - KAFKA_OPTS - KAFKA_CFG_SASL_ENABLED_MECHANISMS - KAFKA_KRAFT_CLUSTER_ID - KAFKA_SKIP_KRAFT_STORAGE_INIT - KAFKA_CLIENT_LISTENER_NAME - KAFKA_ZOOKEEPER_PROTOCOL - KAFKA_ZOOKEEPER_PASSWORD - KAFKA_ZOOKEEPER_USER - KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE - KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME - KAFKA_ZOOKEEPER_TLS_TYPE - KAFKA_CLIENT_USERS - KAFKA_CLIENT_PASSWORDS - KAFKA_HEAP_OPTS -) -for env_var in "${kafka_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset kafka_env_vars - -# Paths -export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka" -export KAFKA_VOLUME_DIR="/bitnami/kafka" -export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data" -export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config" -export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties" -export KAFKA_MOUNTED_CONF_DIR="${KAFKA_MOUNTED_CONF_DIR:-${KAFKA_VOLUME_DIR}/config}" -export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs" -export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs" -export KAFKA_HOME="$KAFKA_BASE_DIR" -export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}" - -# System users (when running with a privileged user) -export KAFKA_DAEMON_USER="kafka" -export KAFKA_DAEMON_GROUP="kafka" - -# Kafka runtime settings -export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}" -export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}" -export KAFKA_CONTROLLER_USER="${KAFKA_CONTROLLER_USER:-controller_user}" -export KAFKA_CONTROLLER_PASSWORD="${KAFKA_CONTROLLER_PASSWORD:-bitnami}" -export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}" -export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}" -export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}" -export KAFKA_OPTS="${KAFKA_OPTS:-}" - -# Kafka configuration overrides -export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}" -export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}" -export KAFKA_SKIP_KRAFT_STORAGE_INIT="${KAFKA_SKIP_KRAFT_STORAGE_INIT:-false}" -export KAFKA_CLIENT_LISTENER_NAME="${KAFKA_CLIENT_LISTENER_NAME:-}" - -# ZooKeeper connection settings -export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}" -export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}" -export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}" -export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}" -export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}" - -# Authentication -export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}" -export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}" - -# Java settings -export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}" - -# Custom environment variables may be defined below diff --git a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh b/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh deleted file mode 100755 index d7413bcfc4f33..0000000000000 --- a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -print_welcome_page - -if [[ "$*" = *"/opt/bitnami/scripts/kafka/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Kafka setup **" - /opt/bitnami/scripts/kafka/setup.sh - info "** Kafka setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh b/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh deleted file mode 100755 index 7255563236c0b..0000000000000 --- a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libfs.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Move server.properties from configtmp to config -# Temporary solution until kafka tarball places server.properties into config -if [[ -d "${KAFKA_BASE_DIR}/configtmp" ]]; then - mv "${KAFKA_BASE_DIR}/configtmp"/* "$KAFKA_CONF_DIR" - rmdir "${KAFKA_BASE_DIR}/configtmp" -fi -[[ -d "${KAFKA_BASE_DIR}/conf" ]] && rmdir "${KAFKA_BASE_DIR}/conf" - -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR"; do - ensure_dir_exists "$dir" -done -chmod -R g+rwX "$KAFKA_BASE_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR" - -# Move the original server.properties, so users can skip initialization logic by mounting their own server.properties directly instead of using the MOUNTED_CONF_DIR -mv "${KAFKA_CONF_DIR}/server.properties" "${KAFKA_CONF_DIR}/server.properties.original" - -# Disable logging to stdout and garbage collection -# Source: https://logging.apache.org/log4j/log4j-2.4/manual/appenders.html -replace_in_file "${KAFKA_BASE_DIR}/bin/kafka-server-start.sh" " [-]loggc" " " -replace_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DailyRollingFileAppender" "ConsoleAppender" - -# Disable the default console logger in favour of KafkaAppender (which provides the exact output) -echo "log4j.appender.stdout.Threshold=OFF" >>"${KAFKA_CONF_DIR}/log4j.properties" - -# Remove invalid parameters for ConsoleAppender -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DatePattern" -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "Appender.File" diff --git a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh b/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh deleted file mode 100755 index 76d4380aff57e..0000000000000 --- a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libos.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -if [[ -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - export KAFKA_OPTS="${KAFKA_OPTS:-} -Djava.security.auth.login.config=${KAFKA_CONF_DIR}/kafka_jaas.conf" -fi - -cmd="$KAFKA_HOME/bin/kafka-server-start.sh" -args=("$KAFKA_CONF_FILE") -! is_empty_value "${KAFKA_EXTRA_FLAGS:-}" && args=("${args[@]}" "${KAFKA_EXTRA_FLAGS[@]}") - -info "** Starting Kafka **" -if am_i_root; then - exec_as_user "$KAFKA_DAEMON_USER" "$cmd" "${args[@]}" "$@" -else - exec "$cmd" "${args[@]}" "$@" -fi diff --git a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh b/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh deleted file mode 100755 index 5195f71910176..0000000000000 --- a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Map Kafka environment variables -kafka_create_alias_environment_variables - -# Dinamically set node.id/broker.id/controller.quorum.voters if the _COMMAND environment variable is set -kafka_dynamic_environment_variables - -# Set the default tuststore locations before validation -kafka_configure_default_truststore_locations -# Ensure Kafka user and group exist when running as 'root' -am_i_root && ensure_user_exists "$KAFKA_DAEMON_USER" --group "$KAFKA_DAEMON_GROUP" -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR"; do - if am_i_root; then - ensure_dir_exists "$dir" "$KAFKA_DAEMON_USER" "$KAFKA_DAEMON_GROUP" - else - ensure_dir_exists "$dir" - fi -done - -# Kafka validation, skipped if server.properties was mounted at either $KAFKA_MOUNTED_CONF_DIR or $KAFKA_CONF_DIR -[[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" && ! -f "$KAFKA_CONF_FILE" ]] && kafka_validate -# Kafka initialization, skipped if server.properties was mounted at $KAFKA_CONF_DIR -[[ ! -f "$KAFKA_CONF_FILE" ]] && kafka_initialize - -# Initialise KRaft metadata storage if process.roles configured -if grep -q "^process.roles=" "$KAFKA_CONF_FILE" && ! is_boolean_yes "$KAFKA_SKIP_KRAFT_STORAGE_INIT" ; then - kafka_kraft_storage_initialize -fi -# Configure Zookeeper SCRAM users -if is_boolean_yes "${KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS:-}"; then - kafka_zookeeper_create_sasl_scram_users -fi -# KRaft controllers may get stuck starting when the controller quorum voters are changed. -# Workaround: Remove quorum-state file when scaling up/down controllers (Waiting proposal KIP-853) -# https://cwiki.apache.org/confluence/display/KAFKA/KIP-853%3A+KRaft+Voter+Changes -if [[ -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" ]] && grep -q "^controller.quorum.voters=" "$KAFKA_CONF_FILE" && kafka_kraft_quorum_voters_changed; then - warn "Detected inconsitences between controller.quorum.voters and quorum-state, removing it..." - rm -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" -fi -# Ensure custom initialization scripts are executed -kafka_custom_init_scripts diff --git a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh b/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh deleted file mode 100644 index b36e8c48b05bc..0000000000000 --- a/bitnami/kafka/3.5/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh +++ /dev/null @@ -1,1180 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Kafka library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -# Functions - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -kafka_common_conf_set() { - local file="${1:?missing file}" - local key="${2:?missing key}" - shift - shift - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Returns true if at least one listener is configured using SSL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_ssl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SSL: || "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using SASL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_sasl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SASL_PLAINTEXT: ]] || [[ "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using plaintext -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_plaintext_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "PLAINTEXT" ]]; then - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - else - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ PLAINTEXT: ]]; then - return - fi - fi - return 1 -} - -######################## -# Backwards compatibility measure to configure the TLS truststore locations -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_default_truststore_locations() { - # Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt - # the UX that the previous version of the containers and the helm chart have. - # Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks. - # Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom - # locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need - # use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set - - # Kafka truststore - if kafka_has_ssl_listener && is_empty_value "${KAFKA_TLS_TRUSTSTORE_FILE:-}"; then - local kafka_truststore_filename="kafka.truststore.jks" - [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}" - fi - fi - # Zookeeper truststore - if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"; then - local zk_truststore_filename="zookeeper.truststore.jks" - [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}" - fi - fi -} - -######################## -# Set a configuration setting value to server.properties -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_server_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_FILE" "$@" -} - -######################## -# Set a configuration setting value to producer.properties and consumer.properties -# Globals: -# KAFKA_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_producer_consumer_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@" - kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@" -} - -######################## -# Create alias for environment variable, so both can be used -# Globals: -# None -# Arguments: -# $1 - Alias environment variable name -# $2 - Original environment variable name -# Returns: -# None -######################### -kafka_declare_alias_env() { - local -r alias="${1:?missing environment variable alias}" - local -r original="${2:?missing original environment variable}" - if printenv "${original}" >/dev/null; then - export "$alias"="${!original:-}" - fi -} - -######################## -# Map Kafka legacy environment variables to the new names -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_create_alias_environment_variables() { - suffixes=( - "ADVERTISED_LISTENERS" - "BROKER_ID" - "NODE_ID" - "CONTROLLER_QUORUM_VOTERS" - "PROCESS_ROLES" - "DEFAULT_REPLICATION_FACTOR" - "DELETE_TOPIC_ENABLE" - "INTER_BROKER_LISTENER_NAME" - "LISTENERS" - "LISTENER_SECURITY_PROTOCOL_MAP" - "LOG_DIRS" - "LOG_FLUSH_INTERVAL_MESSAGES" - "LOG_FLUSH_INTERVAL_MS" - "LOG_MESSAGE_FORMAT_VERSION" - "LOG_RETENTION_BYTES" - "LOG_RETENTION_CHECK_INTERVALS_MS" - "LOG_RETENTION_HOURS" - "LOG_SEGMENT_BYTES" - "MESSAGE_MAX_BYTES" - "NUM_IO_THREADS" - "NUM_NETWORK_THREADS" - "NUM_PARTITIONS" - "NUM_RECOVERY_THREADS_PER_DATA_DIR" - "OFFSETS_TOPIC_REPLICATION_FACTOR" - "SOCKET_RECEIVE_BUFFER_BYTES" - "SOCKET_REQUEST_MAX_BYTES" - "SOCKET_SEND_BUFFER_BYTES" - "SSL_ENDPOINT_IDENTIFICATION_ALGORITHM" - "TRANSACTION_STATE_LOG_MIN_ISR" - "TRANSACTION_STATE_LOG_REPLICATION_FACTOR" - "ZOOKEEPER_CONNECT" - "ZOOKEEPER_CONNECTION_TIMEOUT_MS" - ) - kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS" - kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES" - kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES" - kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS" - kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE" - kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER" - kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD" - kafka_declare_alias_env "KAFKA_CLIENT_LISTENER_NAME" "KAFKA_CLIENT_LISTENER" - for s in "${suffixes[@]}"; do - kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}" - done -} - -######################## -# Validate settings in KAFKA_* env vars -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_validate() { - debug "Validating settings in KAFKA_* env vars..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - # If process.roles configured, check its values are valid and perform additional checks for each - check_kraft_process_roles() { - read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$KAFKA_CFG_PROCESS_ROLES")" - for role in "${roles_list[@]}"; do - case "$role" in - broker) ;; - controller) - if is_empty_value "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-}"; then - print_validation_error "Role 'controller' enabled but environment variable KAFKA_CFG_CONTROLLER_LISTENER_NAMES was not provided." - fi - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ ! "$KAFKA_CFG_LISTENERS" =~ ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} ]]; then - print_validation_error "Role 'controller' enabled but listener ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} not found in KAFKA_CFG_LISTENERS." - fi - ;; - *) - print_validation_error "Invalid KRaft process role '$role'. Supported roles are 'broker,controller'" - ;; - esac - done - } - # Check all listeners are using a unique and valid port - check_listener_ports(){ - check_allowed_port() { - local port="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("$port") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port ${port} was specified in the environment variable KAFKA_CFG_LISTENERS: ${err}." - fi - } - - read -r -a listeners <<<"$(tr ',' ' ' <<<"${KAFKA_CFG_LISTENERS:-}")" - local -a ports=() - for listener in "${listeners[@]}"; do - read -r -a arr <<<"$(tr ':' ' ' <<<"$listener")" - # Obtain the port from listener string, e.g. PLAINTEXT://:9092 - port="${arr[2]}" - check_allowed_port "$port" - ports+=("$port") - done - # Check each listener is using an unique port - local -a unique_ports=() - read -r -a unique_ports <<< "$(echo "${ports[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" - if [[ "${#ports[@]}" != "${#unique_ports[@]}" ]]; then - print_validation_error "There are listeners bound to the same port" - fi - } - check_listener_protocols(){ - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - # Check protocol in allowed list - if [[ ! "${allowed_protocols[*]}" =~ $protocol ]]; then - print_validation_error "Authentication protocol ${protocol} is not supported!" - fi - # If inter-broker listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL is set - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}"; then - print_validation_error "When using SASL for inter broker comunication the mechanism should be provided using KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - fi - if is_empty_value "${KAFKA_INTER_BROKER_USER:-}" || is_empty_value "${KAFKA_INTER_BROKER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka inter-broker communications, you must provide the SASL credentials. Set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD to configure the credentials for SASL authentication with between brokers." - fi - fi - # If controller listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL is set - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL:-}"; then - print_validation_error "When using SASL for controller comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - warn "KRaft controller listener may not support SCRAM-SHA-256/SCRAM-SHA-512 mechanisms. If facing any issues, we recommend switching to PLAIN mechanism. More information at: https://issues.apache.org/jira/browse/KAFKA-15513" - fi - if is_empty_value "${KAFKA_CONTROLLER_USER:-}" || is_empty_value "${KAFKA_CONTROLLER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka control plane communications, you must provide the SASL credentials. Set the environment variables KAFKA_CONTROLLER_USER and KAFKA_CONTROLLER_PASSWORD to configure the credentials for SASL authentication with between controllers." - fi - fi - else - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CLIENT_USERS:-}" || is_empty_value "${KAFKA_CLIENT_PASSWORDS:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS to configure the credentials for SASL authentication with clients." - fi - fi - - fi - done - } - - if is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}" && is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - print_validation_error "Kafka haven't been configured to work in either Raft or Zookeper mode. Please make sure at least one of the modes is configured." - fi - # Check KRaft mode - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - # Raft - if [[ "$(kafka_get_version)" =~ ^3\.2\. ]]; then - warn "KRaft mode is not production-ready in Kafka 3.2, for production environments, we recommend upgrading " - fi - # Only allow Zookeeper configuration if migration mode is enabled - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}" && - { is_empty_value "${KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE:-}" || ! is_boolean_yes "$KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE"; }; then - print_validation_error "Both KRaft mode and Zookeeper modes are configured, but KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE is not enabled" - fi - if is_empty_value "${KAFKA_CFG_NODE_ID:-}"; then - print_validation_error "KRaft mode requires an unique node.id, please set the environment variable KAFKA_CFG_NODE_ID" - fi - if is_empty_value "${KAFKA_CFG_CONTROLLER_QUORUM_VOTERS:-}"; then - print_validation_error "KRaft mode requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set" - fi - check_kraft_process_roles - fi - # Check Zookeeper mode - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - # If SSL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]]; then - # Fail if truststore is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if keystore is not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then - warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]]; then - # Fail if CA / validation cert is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if node key or cert are not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if { [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then - warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - fi - # If SASL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - if is_empty_value "${KAFKA_ZOOKEEPER_USER:-}" || is_empty_value "${KAFKA_ZOOKEEPER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper." - fi - fi - # If using plaintext protocol, check it is explicitly allowed - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" = "PLAINTEXT" ]]; then - warn "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure SASL and/or SSL, this setting is not recommended for production environments." - fi - fi - # Check listener ports are unique and allowed - check_listener_ports - # Check listeners are mapped to a valid security protocol - check_listener_protocols - # Warn users if plaintext listeners are configured - if kafka_has_plaintext_listener; then - warn "Kafka has been configured with a PLAINTEXT listener, this setting is not recommended for production environments." - fi - # If SSL/SASL_SSL listeners configured, check certificates are provided - if kafka_has_ssl_listener; then - if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - # If SASL/SASL_SSL listeners configured, check passwords are provided - if kafka_has_sasl_listener; then - if is_empty_value "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}"; then - print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - fi - # Check users and passwords lists are the same size - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" - if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then - print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!" - fi - check_multi_value "KAFKA_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_PROTOCOL" "PLAINTEXT SASL SSL SASL_SSL" - check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required" - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Get kafka version -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# version -######################### -kafka_get_version() { - local -a cmd=("kafka-topics.sh" "--version") - am_i_root && cmd=("run_as_user" "$KAFKA_DAEMON_USER" "${cmd[@]}") - - read -r -a ver_split <<< "$("${cmd[@]}")" - echo "${ver_split[0]}" -} - -######################### -# Configure JAAS for a given listener and SASL mechanisms -# Globals: -# KAFKA_* -# Arguments: -# $1 - Name of the listener JAAS will be configured for -# $2 - Comma-separated list of SASL mechanisms to configure -# $3 - Comma-separated list of usernames -# $4 - Comma-separated list of passwords -# Returns: -# None -######################### -kafka_configure_server_jaas() { - local listener="${1:?missing listener name}" - local role="${2:-}" - - if [[ "$role" = "controller" ]]; then - local jaas_content=() - if [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" = "PLAIN" ]]; then - jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\"" - "user_${KAFKA_CONTROLLER_USER}=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - else - read -r -a sasl_mechanisms_arr <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_SASL_ENABLED_MECHANISMS")" - read -r -a users <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_USERS")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_PASSWORDS")" - # Configure JAAS for each SASL mechanism - # ref: https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html - for sasl_mechanism in "${sasl_mechanisms_arr[@]}"; do - local jaas_content=() - # For PLAIN mechanism, only the first username will be used - if [[ "$sasl_mechanism" = "PLAIN" ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - if [[ "$role" = "inter-broker" ]]; then - jaas_content+=( - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\"" - ) - users+=("$KAFKA_INTER_BROKER_USER") - passwords+=("$KAFKA_INTER_BROKER_PASSWORD") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - jaas_content+=("user_${users[i]}=\"${passwords[i]}\"") - done - # Add semi-colon to the last element of the array - jaas_content[${#jaas_content[@]} - 1]="${jaas_content[${#jaas_content[@]} - 1]};" - elif [[ "$sasl_mechanism" =~ SCRAM ]]; then - if [[ "$role" = "inter-broker" ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\";" - ) - else - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required;") - fi - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$sasl_mechanism" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - done - fi -} - -######################## -# Configure Zookeeper JAAS authentication -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_configure_jaas(){ - local jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_ZOOKEEPER_USER}\"" - "password=\"${KAFKA_ZOOKEEPER_PASSWORD}\";" - ) - - kafka_server_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Generate JAAS authentication file for local producer/consumer to use -# Globals: -# KAFKA_* -# Arguments: -# $1 - Authentication protocol to use for the internal listener -# $2 - Authentication protocol to use for the client listener -# Returns: -# None -######################### -kafka_configure_consumer_producer_jaas(){ - local jaas_content=() - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - - if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ SCRAM ]]; then - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required") - elif [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ PLAIN ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - else - error "Couldn't configure a supported SASL mechanism for Kafka consumer/producer properties" - exit 1 - fi - - jaas_content+=( - "username=\"${users[0]}\"" - "password=\"${passwords[0]}\";" - ) - - kafka_producer_consumer_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Create users in zookeper when using SASL/SCRAM mechanism -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_create_sasl_scram_users() { - info "Creating users in Zookeeper" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - local zookeeper_connect - zookeeper_connect=$(grep "^zookeeper.connect=" "$KAFKA_CONF_FILE" | sed -E 's/^zookeeper\.connect=(\S+)$/\1/') - read -r -a zookeeper_hosts <<<"$(tr ',;' ' ' <<<"${zookeeper_connect}")" - - if [[ "${#zookeeper_hosts[@]}" -eq 0 ]]; then - error "Couldn't obtain zookeeper.connect from $KAFKA_CONF_FILE" - exit 1 - fi - # Wait for Zookeeper to be reachable - read -r -a aux <<<"$(tr ':' ' ' <<<"${zookeeper_hosts[0]}")" - local host="${aux[0]:?missing host}" - local port="${aux[1]:-2181}" - wait-for-port --host "$host" "$port" - - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM" "$KAFKA_CONF_FILE"; then - users+=("${KAFKA_INTER_BROKER_USER}") - passwords+=("${KAFKA_INTER_BROKER_PASSWORD}") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - debug "Creating user ${users[i]} in zookeeper" - # Ref: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#sasl-scram-overview - debug_execute kafka-configs.sh --zookeeper "$zookeeper_connect" --alter --add-config "SCRAM-SHA-256=[iterations=8192,password=${passwords[i]}],SCRAM-SHA-512=[password=${passwords[i]}]" --entity-type users --entity-name "${users[i]}" - done -} - -######################## -# Configure Kafka SSL settings -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_ssl() { - # Configures both Kafka server and producers/consumers - configure_both() { - kafka_server_conf_set "${1:?missing key}" "${2:?missing value}" - kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}" - } - kafka_server_conf_set "ssl.client.auth" "${KAFKA_TLS_CLIENT_AUTH}" - configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}" - configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}" - local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.key.password "$KAFKA_CERTIFICATE_PASSWORD" - if [[ "$KAFKA_TLS_TYPE" = "PEM" ]]; then - file_to_multiline_property() { - awk 'NR > 1{print line"\\n\\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" - } - remove_previous_cert_value() { - local key="${1:?missing key}" - files=( - "${KAFKA_CONF_FILE}" - "${KAFKA_CONF_DIR}/producer.properties" - "${KAFKA_CONF_DIR}/consumer.properties" - ) - for file in "${files[@]}"; do - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Delete all lines from the certificate beginning to its end - sed -i "/^[#\\s]*$key\s*=.*-----BEGIN/,/-----END/d" "$file" - fi - done - } - # We need to remove the previous cert value - # kafka_common_conf_set uses replace_in_file, which can't match multiple lines - remove_previous_cert_value ssl.keystore.key - remove_previous_cert_value ssl.keystore.certificate.chain - remove_previous_cert_value ssl.truststore.certificates - configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")" - configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")" - configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")" - elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then - configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks - configure_both ssl.truststore.location "$kafka_truststore_location" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD" - fi - true # Avoid the function to fail due to the check above -} - -######################## -# Get Zookeeper TLS settings -# Globals: -# KAFKA_ZOOKEEPER_TLS_* -# Arguments: -# None -# Returns: -# String -######################### -kafka_zookeeper_configure_tls() { - # Note that ZooKeeper does not support a key password different from the keystore password, - # so be sure to set the key password in the keystore to be identical to the keystore password; - # otherwise the connection attempt to Zookeeper will fail. - local keystore_location="" - local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")" - - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]]; then - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; then - # Concatenating private key into public certificate file - # This is needed to load keystore from location using PEM - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keypair.pem" - cat "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" > "$keystore_location" - fi - - kafka_server_conf_set "zookeeper.clientCnxnSocket" "org.apache.zookeeper.ClientCnxnSocketNetty" - kafka_server_conf_set "zookeeper.ssl.client.enable" "true" - is_boolean_yes "${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-}" && kafka_server_conf_set "zookeeper.ssl.endpoint.identification.algorithm" "HTTPS" - ! is_empty_value "${keystore_location:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.location" "${keystore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.password" "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD}" - ! is_empty_value "${kafka_zk_truststore_location:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.location" "${kafka_zk_truststore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.password" "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD}" - true # Avoid the function to fail due to the check above -} - -######################## -# Configure Kafka configuration files from environment variables -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_from_environment_variables() { - # List of special cases to apply to the variables - local -r exception_regexps=( - "s/sasl\.ssl/sasl_ssl/g" - "s/sasl\.plaintext/sasl_plaintext/g" - ) - # Map environment variables to config properties - for var in "${!KAFKA_CFG_@}"; do - key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" - - # Exception for the camel case in this environment variable - [[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket" - - # Apply exception regexps - for regex in "${exception_regexps[@]}"; do - key="$(echo "$key" | sed "$regex")" - done - - value="${!var}" - kafka_server_conf_set "$key" "$value" - done -} - -######################## -# Initialize KRaft storage -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_storage_initialize() { - local args=("--config" "$KAFKA_CONF_FILE" "--ignore-formatted") - info "Initializing KRaft storage metadata" - - # If cluster.id found in meta.properties, use it - if [[ -f "${KAFKA_DATA_DIR}/meta.properties" ]]; then - KAFKA_KRAFT_CLUSTER_ID=$(grep "^cluster.id=" "${KAFKA_DATA_DIR}/meta.properties" | sed -E 's/^cluster\.id=(\S+)$/\1/') - fi - - if is_empty_value "${KAFKA_KRAFT_CLUSTER_ID:-}"; then - warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one" - KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)" - info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'" - fi - args+=("--cluster-id" "$KAFKA_KRAFT_CLUSTER_ID") - - # SCRAM users are configured during the cluster bootstrapping process and can later be manually updated using kafka-config.sh - if is_boolean_yes "${KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS:-}"; then - info "Adding KRaft SCRAM users at storage bootstrap" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - # Configure SCRAM-SHA-256 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-256=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Configure SCRAM-SHA-512 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-512=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - fi - # Add controller credentials - if grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - fi - fi - info "Formatting storage directories to add metadata..." - "${KAFKA_HOME}/bin/kafka-storage.sh" format "${args[@]}" -} - -######################## -# Detects inconsitences between the configuration at KAFKA_CONF_FILE and cluster-state file -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_quorum_voters_changed(){ - read -r -a quorum_voters_conf_ids <<<"$(grep "^controller.quorum.voters=" "$KAFKA_CONF_FILE" | sed "s/^controller.quorum.voters=//" | tr "," " " | sed -E "s/\@\S+//g")" - read -r -a quorum_voters_state_ids <<< "$(grep -Eo "\{\"voterId\":[0-9]+\}" "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" | grep -Eo "[0-9]+" | tr "\n" " ")" - - if [[ "${#quorum_voters_conf_ids[@]}" != "${#quorum_voters_state_ids[@]}" ]]; then - true - else - read -r -a sorted_state <<< "$(echo "${quorum_voters_conf_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - read -r -a sorted_conf <<< "$(echo "${quorum_voters_state_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - if [[ "${sorted_state[*]}" = "${sorted_conf[*]}" ]]; then - false - else - true - fi - fi -} - -######################## -# Initialize Kafka -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_initialize() { - info "Initializing Kafka..." - # Check for mounted configuration files - if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then - cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR" - fi - # Copy truststore to cert directory - for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do - # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location) - if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then - info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}" - cp -L "${!cert_var}" "$KAFKA_CERTS_DIR" - fi - done - - if [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" ]]; then - info "No injected configuration files found, creating default config files" - # Restore original server.properties but remove Zookeeper/KRaft specific settings for compatibility with both architectures - cp "${KAFKA_CONF_DIR}/server.properties.original" "$KAFKA_CONF_FILE" - kafka_server_unify_conf - # Configure Kafka settings - kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR" - kafka_configure_from_environment_variables - # Configure Kafka producer/consumer to set up message sizes - ! is_empty_value "${KAFKA_CFG_MAX_REQUEST_SIZE:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE" - ! is_empty_value "${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" - # Zookeeper mode additional settings - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - kafka_zookeeper_configure_tls - fi - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - kafka_zookeeper_configure_jaas - fi - fi - # If at least one listener uses SSL or SASL_SSL, ensure SSL is configured - if kafka_has_ssl_listener; then - kafka_configure_ssl - fi - # If at least one listener uses SASL_PLAINTEXT or SASL_SSL, ensure SASL is configured - if kafka_has_sasl_listener; then - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM ]]; then - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - if [[ "$(kafka_get_version)" =~ ^3\.2\.|^3\.3\.|^3\.4\. ]]; then - # NOTE: This will depend on Kafka version when support for SCRAM is added - warn "KRaft mode requires Kafka version 3.5 or higher for SCRAM to be supported. SCRAM SASL mechanisms will now be disabled." - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN - else - export KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - export KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - # Settings for each Kafka Listener are configured individually - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')" - env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH" - [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}" - fi - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - local role="" - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - role="inter-broker" - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - role="controller" - fi - # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly - if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then - kafka_configure_consumer_producer_jaas - kafka_producer_consumer_conf_set security.protocol "$protocol" - kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}" - fi - # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected - if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - kafka_configure_server_jaas "$listener_lower" "${role:-}" - fi - fi - done - # Configure Kafka using environment variables - # This is executed at the end, to allow users to override properties set by the initialization logic - kafka_configure_from_environment_variables - else - info "Detected mounted server.properties file at ${KAFKA_MOUNTED_CONF_DIR}/server.properties. Skipping configuration based on env variables" - fi - true -} - -######################## -# Returns the most secure SASL mechanism available for Kafka clients -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_client_sasl_mechanism() { - local sasl_mechanism="" - - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-512 ]]; then - sasl_mechanism="SCRAM-SHA-512" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-256 ]]; then - sasl_mechanism="SCRAM-SHA-256" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ PLAIN ]]; then - sasl_mechanism="PLAIN" - fi - echo "$sasl_mechanism" -} - -######################## -# Removes default settings referencing Zookeeper mode or KRaft mode -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_server_unify_conf() { - local -r remove_regexps=( - #Zookeeper - "s/^zookeeper\./#zookeeper./g" - "s/^group\.initial/#group.initial/g" - "s/^broker\./#broker./g" - "s/^node\./#node./g" - "s/^process\./#process./g" - "s/^listeners=/#listeners=/g" - "s/^listener\./#listener./g" - "s/^controller\./#controller./g" - "s/^inter\.broker/#inter.broker/g" - "s/^advertised\.listeners/#advertised.listeners/g" - ) - - # Map environment variables to config properties - for regex in "${remove_regexps[@]}"; do - sed -i "${regex}" "$KAFKA_CONF_FILE" - done -} - -######################## -# Dinamically set node.id/broker.id/controller.quorum.voters if their alternative environment variable _COMMAND is set -# Globals: -# KAFKA_*_COMMAND -# Arguments: -# None -# Returns: -# None -######################### -kafka_dynamic_environment_variables() { - # KRaft mode - if ! is_empty_value "${KAFKA_NODE_ID_COMMAND:-}"; then - KAFKA_CFG_NODE_ID="$(eval "${KAFKA_NODE_ID_COMMAND}")" - export KAFKA_CFG_NODE_ID - fi - if ! is_empty_value "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND:-}"; then - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS="$(eval "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND}")" - export KAFKA_CFG_CONTROLLER_QUORUM_VOTERS - fi - # Zookeeper mode - # DEPRECATED - BROKER_ID_COMMAND has been deprecated, please use KAFKA_BROKER_ID_COMMAND instead - if ! is_empty_value "${KAFKA_BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${KAFKA_BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - elif ! is_empty_value "${BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - fi -} - -######################## -# Run custom initialization scripts -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_custom_init_scripts() { - if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR" - for f in /docker-entrypoint-initdb.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is running -######################## -is_kafka_running() { - local pid - pid="$(get_pid_from_file "$KAFKA_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is not running -######################## -is_kafka_not_running() { - ! is_kafka_running -} - -######################## -# Stop Kafka -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_stop() { - ! is_kafka_running && return - stop_service_using_pid "$KAFKA_PID_FILE" TERM -} diff --git a/bitnami/kafka/3.5/debian-12/tags-info.yaml b/bitnami/kafka/3.5/debian-12/tags-info.yaml deleted file mode 100644 index 2ed2b4982663e..0000000000000 --- a/bitnami/kafka/3.5/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "3.5" -- 3.5-debian-12 -- 3.5.2 diff --git a/bitnami/kafka/3.6/README.md b/bitnami/kafka/3.6/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/kafka/3.6/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/kafka/3.6/debian-12/Dockerfile b/bitnami/kafka/3.6/debian-12/Dockerfile deleted file mode 100644 index e6445ad1fcebb..0000000000000 --- a/bitnami/kafka/3.6/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T21:51:31Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.6.2-debian-12-r4" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \ - org.opencontainers.image.title="kafka" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.6.2" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "kafka-3.6.2-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/kafka/postunpack.sh -ENV APP_VERSION="3.6.2" \ - BITNAMI_APP_NAME="kafka" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH" - -EXPOSE 9092 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/bitnami/kafka/3.6/debian-12/docker-compose.yml b/bitnami/kafka/3.6/debian-12/docker-compose.yml deleted file mode 100644 index fcc517d5378c3..0000000000000 --- a/bitnami/kafka/3.6/debian-12/docker-compose.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: "2" - -services: - kafka: - image: docker.io/bitnami/kafka:3.6 - ports: - - "9092:9092" - volumes: - - "kafka_data:/bitnami" - environment: - # KRaft settings - - KAFKA_CFG_NODE_ID=0 - - KAFKA_CFG_PROCESS_ROLES=controller,broker - - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093 - # Listeners - - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093 - - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092 - - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT - - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER - - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT -volumes: - kafka_data: - driver: local diff --git a/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 03ba9a11fa8f9..0000000000000 --- a/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "kafka": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.6.2-2" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/kafka/3.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh b/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh deleted file mode 100644 index f58958279ce88..0000000000000 --- a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for kafka - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-kafka}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -kafka_env_vars=( - KAFKA_MOUNTED_CONF_DIR - KAFKA_INTER_BROKER_USER - KAFKA_INTER_BROKER_PASSWORD - KAFKA_CONTROLLER_USER - KAFKA_CONTROLLER_PASSWORD - KAFKA_CERTIFICATE_PASSWORD - KAFKA_TLS_TRUSTSTORE_FILE - KAFKA_TLS_TYPE - KAFKA_TLS_CLIENT_AUTH - KAFKA_OPTS - KAFKA_CFG_SASL_ENABLED_MECHANISMS - KAFKA_KRAFT_CLUSTER_ID - KAFKA_SKIP_KRAFT_STORAGE_INIT - KAFKA_CLIENT_LISTENER_NAME - KAFKA_ZOOKEEPER_PROTOCOL - KAFKA_ZOOKEEPER_PASSWORD - KAFKA_ZOOKEEPER_USER - KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE - KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME - KAFKA_ZOOKEEPER_TLS_TYPE - KAFKA_CLIENT_USERS - KAFKA_CLIENT_PASSWORDS - KAFKA_HEAP_OPTS -) -for env_var in "${kafka_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset kafka_env_vars - -# Paths -export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka" -export KAFKA_VOLUME_DIR="/bitnami/kafka" -export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data" -export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config" -export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties" -export KAFKA_MOUNTED_CONF_DIR="${KAFKA_MOUNTED_CONF_DIR:-${KAFKA_VOLUME_DIR}/config}" -export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs" -export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs" -export KAFKA_HOME="$KAFKA_BASE_DIR" -export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}" - -# System users (when running with a privileged user) -export KAFKA_DAEMON_USER="kafka" -export KAFKA_DAEMON_GROUP="kafka" - -# Kafka runtime settings -export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}" -export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}" -export KAFKA_CONTROLLER_USER="${KAFKA_CONTROLLER_USER:-controller_user}" -export KAFKA_CONTROLLER_PASSWORD="${KAFKA_CONTROLLER_PASSWORD:-bitnami}" -export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}" -export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}" -export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}" -export KAFKA_OPTS="${KAFKA_OPTS:-}" - -# Kafka configuration overrides -export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}" -export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}" -export KAFKA_SKIP_KRAFT_STORAGE_INIT="${KAFKA_SKIP_KRAFT_STORAGE_INIT:-false}" -export KAFKA_CLIENT_LISTENER_NAME="${KAFKA_CLIENT_LISTENER_NAME:-}" - -# ZooKeeper connection settings -export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}" -export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}" -export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}" -export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}" -export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}" - -# Authentication -export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}" -export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}" - -# Java settings -export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}" - -# Custom environment variables may be defined below diff --git a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh b/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh deleted file mode 100755 index d7413bcfc4f33..0000000000000 --- a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -print_welcome_page - -if [[ "$*" = *"/opt/bitnami/scripts/kafka/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Kafka setup **" - /opt/bitnami/scripts/kafka/setup.sh - info "** Kafka setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh b/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh deleted file mode 100755 index 7255563236c0b..0000000000000 --- a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libfs.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Move server.properties from configtmp to config -# Temporary solution until kafka tarball places server.properties into config -if [[ -d "${KAFKA_BASE_DIR}/configtmp" ]]; then - mv "${KAFKA_BASE_DIR}/configtmp"/* "$KAFKA_CONF_DIR" - rmdir "${KAFKA_BASE_DIR}/configtmp" -fi -[[ -d "${KAFKA_BASE_DIR}/conf" ]] && rmdir "${KAFKA_BASE_DIR}/conf" - -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR"; do - ensure_dir_exists "$dir" -done -chmod -R g+rwX "$KAFKA_BASE_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR" - -# Move the original server.properties, so users can skip initialization logic by mounting their own server.properties directly instead of using the MOUNTED_CONF_DIR -mv "${KAFKA_CONF_DIR}/server.properties" "${KAFKA_CONF_DIR}/server.properties.original" - -# Disable logging to stdout and garbage collection -# Source: https://logging.apache.org/log4j/log4j-2.4/manual/appenders.html -replace_in_file "${KAFKA_BASE_DIR}/bin/kafka-server-start.sh" " [-]loggc" " " -replace_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DailyRollingFileAppender" "ConsoleAppender" - -# Disable the default console logger in favour of KafkaAppender (which provides the exact output) -echo "log4j.appender.stdout.Threshold=OFF" >>"${KAFKA_CONF_DIR}/log4j.properties" - -# Remove invalid parameters for ConsoleAppender -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DatePattern" -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "Appender.File" diff --git a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh b/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh deleted file mode 100755 index 76d4380aff57e..0000000000000 --- a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libos.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -if [[ -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - export KAFKA_OPTS="${KAFKA_OPTS:-} -Djava.security.auth.login.config=${KAFKA_CONF_DIR}/kafka_jaas.conf" -fi - -cmd="$KAFKA_HOME/bin/kafka-server-start.sh" -args=("$KAFKA_CONF_FILE") -! is_empty_value "${KAFKA_EXTRA_FLAGS:-}" && args=("${args[@]}" "${KAFKA_EXTRA_FLAGS[@]}") - -info "** Starting Kafka **" -if am_i_root; then - exec_as_user "$KAFKA_DAEMON_USER" "$cmd" "${args[@]}" "$@" -else - exec "$cmd" "${args[@]}" "$@" -fi diff --git a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh b/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh deleted file mode 100755 index 5195f71910176..0000000000000 --- a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Map Kafka environment variables -kafka_create_alias_environment_variables - -# Dinamically set node.id/broker.id/controller.quorum.voters if the _COMMAND environment variable is set -kafka_dynamic_environment_variables - -# Set the default tuststore locations before validation -kafka_configure_default_truststore_locations -# Ensure Kafka user and group exist when running as 'root' -am_i_root && ensure_user_exists "$KAFKA_DAEMON_USER" --group "$KAFKA_DAEMON_GROUP" -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR"; do - if am_i_root; then - ensure_dir_exists "$dir" "$KAFKA_DAEMON_USER" "$KAFKA_DAEMON_GROUP" - else - ensure_dir_exists "$dir" - fi -done - -# Kafka validation, skipped if server.properties was mounted at either $KAFKA_MOUNTED_CONF_DIR or $KAFKA_CONF_DIR -[[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" && ! -f "$KAFKA_CONF_FILE" ]] && kafka_validate -# Kafka initialization, skipped if server.properties was mounted at $KAFKA_CONF_DIR -[[ ! -f "$KAFKA_CONF_FILE" ]] && kafka_initialize - -# Initialise KRaft metadata storage if process.roles configured -if grep -q "^process.roles=" "$KAFKA_CONF_FILE" && ! is_boolean_yes "$KAFKA_SKIP_KRAFT_STORAGE_INIT" ; then - kafka_kraft_storage_initialize -fi -# Configure Zookeeper SCRAM users -if is_boolean_yes "${KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS:-}"; then - kafka_zookeeper_create_sasl_scram_users -fi -# KRaft controllers may get stuck starting when the controller quorum voters are changed. -# Workaround: Remove quorum-state file when scaling up/down controllers (Waiting proposal KIP-853) -# https://cwiki.apache.org/confluence/display/KAFKA/KIP-853%3A+KRaft+Voter+Changes -if [[ -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" ]] && grep -q "^controller.quorum.voters=" "$KAFKA_CONF_FILE" && kafka_kraft_quorum_voters_changed; then - warn "Detected inconsitences between controller.quorum.voters and quorum-state, removing it..." - rm -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" -fi -# Ensure custom initialization scripts are executed -kafka_custom_init_scripts diff --git a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh b/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh deleted file mode 100644 index b36e8c48b05bc..0000000000000 --- a/bitnami/kafka/3.6/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh +++ /dev/null @@ -1,1180 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Kafka library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -# Functions - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -kafka_common_conf_set() { - local file="${1:?missing file}" - local key="${2:?missing key}" - shift - shift - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Returns true if at least one listener is configured using SSL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_ssl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SSL: || "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using SASL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_sasl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SASL_PLAINTEXT: ]] || [[ "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using plaintext -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_plaintext_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "PLAINTEXT" ]]; then - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - else - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ PLAINTEXT: ]]; then - return - fi - fi - return 1 -} - -######################## -# Backwards compatibility measure to configure the TLS truststore locations -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_default_truststore_locations() { - # Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt - # the UX that the previous version of the containers and the helm chart have. - # Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks. - # Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom - # locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need - # use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set - - # Kafka truststore - if kafka_has_ssl_listener && is_empty_value "${KAFKA_TLS_TRUSTSTORE_FILE:-}"; then - local kafka_truststore_filename="kafka.truststore.jks" - [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}" - fi - fi - # Zookeeper truststore - if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"; then - local zk_truststore_filename="zookeeper.truststore.jks" - [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}" - fi - fi -} - -######################## -# Set a configuration setting value to server.properties -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_server_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_FILE" "$@" -} - -######################## -# Set a configuration setting value to producer.properties and consumer.properties -# Globals: -# KAFKA_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_producer_consumer_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@" - kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@" -} - -######################## -# Create alias for environment variable, so both can be used -# Globals: -# None -# Arguments: -# $1 - Alias environment variable name -# $2 - Original environment variable name -# Returns: -# None -######################### -kafka_declare_alias_env() { - local -r alias="${1:?missing environment variable alias}" - local -r original="${2:?missing original environment variable}" - if printenv "${original}" >/dev/null; then - export "$alias"="${!original:-}" - fi -} - -######################## -# Map Kafka legacy environment variables to the new names -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_create_alias_environment_variables() { - suffixes=( - "ADVERTISED_LISTENERS" - "BROKER_ID" - "NODE_ID" - "CONTROLLER_QUORUM_VOTERS" - "PROCESS_ROLES" - "DEFAULT_REPLICATION_FACTOR" - "DELETE_TOPIC_ENABLE" - "INTER_BROKER_LISTENER_NAME" - "LISTENERS" - "LISTENER_SECURITY_PROTOCOL_MAP" - "LOG_DIRS" - "LOG_FLUSH_INTERVAL_MESSAGES" - "LOG_FLUSH_INTERVAL_MS" - "LOG_MESSAGE_FORMAT_VERSION" - "LOG_RETENTION_BYTES" - "LOG_RETENTION_CHECK_INTERVALS_MS" - "LOG_RETENTION_HOURS" - "LOG_SEGMENT_BYTES" - "MESSAGE_MAX_BYTES" - "NUM_IO_THREADS" - "NUM_NETWORK_THREADS" - "NUM_PARTITIONS" - "NUM_RECOVERY_THREADS_PER_DATA_DIR" - "OFFSETS_TOPIC_REPLICATION_FACTOR" - "SOCKET_RECEIVE_BUFFER_BYTES" - "SOCKET_REQUEST_MAX_BYTES" - "SOCKET_SEND_BUFFER_BYTES" - "SSL_ENDPOINT_IDENTIFICATION_ALGORITHM" - "TRANSACTION_STATE_LOG_MIN_ISR" - "TRANSACTION_STATE_LOG_REPLICATION_FACTOR" - "ZOOKEEPER_CONNECT" - "ZOOKEEPER_CONNECTION_TIMEOUT_MS" - ) - kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS" - kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES" - kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES" - kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS" - kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE" - kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER" - kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD" - kafka_declare_alias_env "KAFKA_CLIENT_LISTENER_NAME" "KAFKA_CLIENT_LISTENER" - for s in "${suffixes[@]}"; do - kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}" - done -} - -######################## -# Validate settings in KAFKA_* env vars -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_validate() { - debug "Validating settings in KAFKA_* env vars..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - # If process.roles configured, check its values are valid and perform additional checks for each - check_kraft_process_roles() { - read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$KAFKA_CFG_PROCESS_ROLES")" - for role in "${roles_list[@]}"; do - case "$role" in - broker) ;; - controller) - if is_empty_value "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-}"; then - print_validation_error "Role 'controller' enabled but environment variable KAFKA_CFG_CONTROLLER_LISTENER_NAMES was not provided." - fi - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ ! "$KAFKA_CFG_LISTENERS" =~ ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} ]]; then - print_validation_error "Role 'controller' enabled but listener ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} not found in KAFKA_CFG_LISTENERS." - fi - ;; - *) - print_validation_error "Invalid KRaft process role '$role'. Supported roles are 'broker,controller'" - ;; - esac - done - } - # Check all listeners are using a unique and valid port - check_listener_ports(){ - check_allowed_port() { - local port="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("$port") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port ${port} was specified in the environment variable KAFKA_CFG_LISTENERS: ${err}." - fi - } - - read -r -a listeners <<<"$(tr ',' ' ' <<<"${KAFKA_CFG_LISTENERS:-}")" - local -a ports=() - for listener in "${listeners[@]}"; do - read -r -a arr <<<"$(tr ':' ' ' <<<"$listener")" - # Obtain the port from listener string, e.g. PLAINTEXT://:9092 - port="${arr[2]}" - check_allowed_port "$port" - ports+=("$port") - done - # Check each listener is using an unique port - local -a unique_ports=() - read -r -a unique_ports <<< "$(echo "${ports[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" - if [[ "${#ports[@]}" != "${#unique_ports[@]}" ]]; then - print_validation_error "There are listeners bound to the same port" - fi - } - check_listener_protocols(){ - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - # Check protocol in allowed list - if [[ ! "${allowed_protocols[*]}" =~ $protocol ]]; then - print_validation_error "Authentication protocol ${protocol} is not supported!" - fi - # If inter-broker listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL is set - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}"; then - print_validation_error "When using SASL for inter broker comunication the mechanism should be provided using KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - fi - if is_empty_value "${KAFKA_INTER_BROKER_USER:-}" || is_empty_value "${KAFKA_INTER_BROKER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka inter-broker communications, you must provide the SASL credentials. Set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD to configure the credentials for SASL authentication with between brokers." - fi - fi - # If controller listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL is set - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL:-}"; then - print_validation_error "When using SASL for controller comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - warn "KRaft controller listener may not support SCRAM-SHA-256/SCRAM-SHA-512 mechanisms. If facing any issues, we recommend switching to PLAIN mechanism. More information at: https://issues.apache.org/jira/browse/KAFKA-15513" - fi - if is_empty_value "${KAFKA_CONTROLLER_USER:-}" || is_empty_value "${KAFKA_CONTROLLER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka control plane communications, you must provide the SASL credentials. Set the environment variables KAFKA_CONTROLLER_USER and KAFKA_CONTROLLER_PASSWORD to configure the credentials for SASL authentication with between controllers." - fi - fi - else - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CLIENT_USERS:-}" || is_empty_value "${KAFKA_CLIENT_PASSWORDS:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS to configure the credentials for SASL authentication with clients." - fi - fi - - fi - done - } - - if is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}" && is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - print_validation_error "Kafka haven't been configured to work in either Raft or Zookeper mode. Please make sure at least one of the modes is configured." - fi - # Check KRaft mode - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - # Raft - if [[ "$(kafka_get_version)" =~ ^3\.2\. ]]; then - warn "KRaft mode is not production-ready in Kafka 3.2, for production environments, we recommend upgrading " - fi - # Only allow Zookeeper configuration if migration mode is enabled - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}" && - { is_empty_value "${KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE:-}" || ! is_boolean_yes "$KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE"; }; then - print_validation_error "Both KRaft mode and Zookeeper modes are configured, but KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE is not enabled" - fi - if is_empty_value "${KAFKA_CFG_NODE_ID:-}"; then - print_validation_error "KRaft mode requires an unique node.id, please set the environment variable KAFKA_CFG_NODE_ID" - fi - if is_empty_value "${KAFKA_CFG_CONTROLLER_QUORUM_VOTERS:-}"; then - print_validation_error "KRaft mode requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set" - fi - check_kraft_process_roles - fi - # Check Zookeeper mode - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - # If SSL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]]; then - # Fail if truststore is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if keystore is not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then - warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]]; then - # Fail if CA / validation cert is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if node key or cert are not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if { [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then - warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - fi - # If SASL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - if is_empty_value "${KAFKA_ZOOKEEPER_USER:-}" || is_empty_value "${KAFKA_ZOOKEEPER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper." - fi - fi - # If using plaintext protocol, check it is explicitly allowed - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" = "PLAINTEXT" ]]; then - warn "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure SASL and/or SSL, this setting is not recommended for production environments." - fi - fi - # Check listener ports are unique and allowed - check_listener_ports - # Check listeners are mapped to a valid security protocol - check_listener_protocols - # Warn users if plaintext listeners are configured - if kafka_has_plaintext_listener; then - warn "Kafka has been configured with a PLAINTEXT listener, this setting is not recommended for production environments." - fi - # If SSL/SASL_SSL listeners configured, check certificates are provided - if kafka_has_ssl_listener; then - if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - # If SASL/SASL_SSL listeners configured, check passwords are provided - if kafka_has_sasl_listener; then - if is_empty_value "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}"; then - print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - fi - # Check users and passwords lists are the same size - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" - if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then - print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!" - fi - check_multi_value "KAFKA_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_PROTOCOL" "PLAINTEXT SASL SSL SASL_SSL" - check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required" - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Get kafka version -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# version -######################### -kafka_get_version() { - local -a cmd=("kafka-topics.sh" "--version") - am_i_root && cmd=("run_as_user" "$KAFKA_DAEMON_USER" "${cmd[@]}") - - read -r -a ver_split <<< "$("${cmd[@]}")" - echo "${ver_split[0]}" -} - -######################### -# Configure JAAS for a given listener and SASL mechanisms -# Globals: -# KAFKA_* -# Arguments: -# $1 - Name of the listener JAAS will be configured for -# $2 - Comma-separated list of SASL mechanisms to configure -# $3 - Comma-separated list of usernames -# $4 - Comma-separated list of passwords -# Returns: -# None -######################### -kafka_configure_server_jaas() { - local listener="${1:?missing listener name}" - local role="${2:-}" - - if [[ "$role" = "controller" ]]; then - local jaas_content=() - if [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" = "PLAIN" ]]; then - jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\"" - "user_${KAFKA_CONTROLLER_USER}=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - else - read -r -a sasl_mechanisms_arr <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_SASL_ENABLED_MECHANISMS")" - read -r -a users <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_USERS")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_PASSWORDS")" - # Configure JAAS for each SASL mechanism - # ref: https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html - for sasl_mechanism in "${sasl_mechanisms_arr[@]}"; do - local jaas_content=() - # For PLAIN mechanism, only the first username will be used - if [[ "$sasl_mechanism" = "PLAIN" ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - if [[ "$role" = "inter-broker" ]]; then - jaas_content+=( - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\"" - ) - users+=("$KAFKA_INTER_BROKER_USER") - passwords+=("$KAFKA_INTER_BROKER_PASSWORD") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - jaas_content+=("user_${users[i]}=\"${passwords[i]}\"") - done - # Add semi-colon to the last element of the array - jaas_content[${#jaas_content[@]} - 1]="${jaas_content[${#jaas_content[@]} - 1]};" - elif [[ "$sasl_mechanism" =~ SCRAM ]]; then - if [[ "$role" = "inter-broker" ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\";" - ) - else - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required;") - fi - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$sasl_mechanism" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - done - fi -} - -######################## -# Configure Zookeeper JAAS authentication -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_configure_jaas(){ - local jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_ZOOKEEPER_USER}\"" - "password=\"${KAFKA_ZOOKEEPER_PASSWORD}\";" - ) - - kafka_server_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Generate JAAS authentication file for local producer/consumer to use -# Globals: -# KAFKA_* -# Arguments: -# $1 - Authentication protocol to use for the internal listener -# $2 - Authentication protocol to use for the client listener -# Returns: -# None -######################### -kafka_configure_consumer_producer_jaas(){ - local jaas_content=() - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - - if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ SCRAM ]]; then - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required") - elif [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ PLAIN ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - else - error "Couldn't configure a supported SASL mechanism for Kafka consumer/producer properties" - exit 1 - fi - - jaas_content+=( - "username=\"${users[0]}\"" - "password=\"${passwords[0]}\";" - ) - - kafka_producer_consumer_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Create users in zookeper when using SASL/SCRAM mechanism -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_create_sasl_scram_users() { - info "Creating users in Zookeeper" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - local zookeeper_connect - zookeeper_connect=$(grep "^zookeeper.connect=" "$KAFKA_CONF_FILE" | sed -E 's/^zookeeper\.connect=(\S+)$/\1/') - read -r -a zookeeper_hosts <<<"$(tr ',;' ' ' <<<"${zookeeper_connect}")" - - if [[ "${#zookeeper_hosts[@]}" -eq 0 ]]; then - error "Couldn't obtain zookeeper.connect from $KAFKA_CONF_FILE" - exit 1 - fi - # Wait for Zookeeper to be reachable - read -r -a aux <<<"$(tr ':' ' ' <<<"${zookeeper_hosts[0]}")" - local host="${aux[0]:?missing host}" - local port="${aux[1]:-2181}" - wait-for-port --host "$host" "$port" - - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM" "$KAFKA_CONF_FILE"; then - users+=("${KAFKA_INTER_BROKER_USER}") - passwords+=("${KAFKA_INTER_BROKER_PASSWORD}") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - debug "Creating user ${users[i]} in zookeeper" - # Ref: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#sasl-scram-overview - debug_execute kafka-configs.sh --zookeeper "$zookeeper_connect" --alter --add-config "SCRAM-SHA-256=[iterations=8192,password=${passwords[i]}],SCRAM-SHA-512=[password=${passwords[i]}]" --entity-type users --entity-name "${users[i]}" - done -} - -######################## -# Configure Kafka SSL settings -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_ssl() { - # Configures both Kafka server and producers/consumers - configure_both() { - kafka_server_conf_set "${1:?missing key}" "${2:?missing value}" - kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}" - } - kafka_server_conf_set "ssl.client.auth" "${KAFKA_TLS_CLIENT_AUTH}" - configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}" - configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}" - local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.key.password "$KAFKA_CERTIFICATE_PASSWORD" - if [[ "$KAFKA_TLS_TYPE" = "PEM" ]]; then - file_to_multiline_property() { - awk 'NR > 1{print line"\\n\\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" - } - remove_previous_cert_value() { - local key="${1:?missing key}" - files=( - "${KAFKA_CONF_FILE}" - "${KAFKA_CONF_DIR}/producer.properties" - "${KAFKA_CONF_DIR}/consumer.properties" - ) - for file in "${files[@]}"; do - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Delete all lines from the certificate beginning to its end - sed -i "/^[#\\s]*$key\s*=.*-----BEGIN/,/-----END/d" "$file" - fi - done - } - # We need to remove the previous cert value - # kafka_common_conf_set uses replace_in_file, which can't match multiple lines - remove_previous_cert_value ssl.keystore.key - remove_previous_cert_value ssl.keystore.certificate.chain - remove_previous_cert_value ssl.truststore.certificates - configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")" - configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")" - configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")" - elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then - configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks - configure_both ssl.truststore.location "$kafka_truststore_location" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD" - fi - true # Avoid the function to fail due to the check above -} - -######################## -# Get Zookeeper TLS settings -# Globals: -# KAFKA_ZOOKEEPER_TLS_* -# Arguments: -# None -# Returns: -# String -######################### -kafka_zookeeper_configure_tls() { - # Note that ZooKeeper does not support a key password different from the keystore password, - # so be sure to set the key password in the keystore to be identical to the keystore password; - # otherwise the connection attempt to Zookeeper will fail. - local keystore_location="" - local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")" - - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]]; then - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; then - # Concatenating private key into public certificate file - # This is needed to load keystore from location using PEM - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keypair.pem" - cat "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" > "$keystore_location" - fi - - kafka_server_conf_set "zookeeper.clientCnxnSocket" "org.apache.zookeeper.ClientCnxnSocketNetty" - kafka_server_conf_set "zookeeper.ssl.client.enable" "true" - is_boolean_yes "${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-}" && kafka_server_conf_set "zookeeper.ssl.endpoint.identification.algorithm" "HTTPS" - ! is_empty_value "${keystore_location:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.location" "${keystore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.password" "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD}" - ! is_empty_value "${kafka_zk_truststore_location:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.location" "${kafka_zk_truststore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.password" "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD}" - true # Avoid the function to fail due to the check above -} - -######################## -# Configure Kafka configuration files from environment variables -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_from_environment_variables() { - # List of special cases to apply to the variables - local -r exception_regexps=( - "s/sasl\.ssl/sasl_ssl/g" - "s/sasl\.plaintext/sasl_plaintext/g" - ) - # Map environment variables to config properties - for var in "${!KAFKA_CFG_@}"; do - key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" - - # Exception for the camel case in this environment variable - [[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket" - - # Apply exception regexps - for regex in "${exception_regexps[@]}"; do - key="$(echo "$key" | sed "$regex")" - done - - value="${!var}" - kafka_server_conf_set "$key" "$value" - done -} - -######################## -# Initialize KRaft storage -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_storage_initialize() { - local args=("--config" "$KAFKA_CONF_FILE" "--ignore-formatted") - info "Initializing KRaft storage metadata" - - # If cluster.id found in meta.properties, use it - if [[ -f "${KAFKA_DATA_DIR}/meta.properties" ]]; then - KAFKA_KRAFT_CLUSTER_ID=$(grep "^cluster.id=" "${KAFKA_DATA_DIR}/meta.properties" | sed -E 's/^cluster\.id=(\S+)$/\1/') - fi - - if is_empty_value "${KAFKA_KRAFT_CLUSTER_ID:-}"; then - warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one" - KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)" - info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'" - fi - args+=("--cluster-id" "$KAFKA_KRAFT_CLUSTER_ID") - - # SCRAM users are configured during the cluster bootstrapping process and can later be manually updated using kafka-config.sh - if is_boolean_yes "${KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS:-}"; then - info "Adding KRaft SCRAM users at storage bootstrap" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - # Configure SCRAM-SHA-256 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-256=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Configure SCRAM-SHA-512 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-512=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - fi - # Add controller credentials - if grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - fi - fi - info "Formatting storage directories to add metadata..." - "${KAFKA_HOME}/bin/kafka-storage.sh" format "${args[@]}" -} - -######################## -# Detects inconsitences between the configuration at KAFKA_CONF_FILE and cluster-state file -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_quorum_voters_changed(){ - read -r -a quorum_voters_conf_ids <<<"$(grep "^controller.quorum.voters=" "$KAFKA_CONF_FILE" | sed "s/^controller.quorum.voters=//" | tr "," " " | sed -E "s/\@\S+//g")" - read -r -a quorum_voters_state_ids <<< "$(grep -Eo "\{\"voterId\":[0-9]+\}" "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" | grep -Eo "[0-9]+" | tr "\n" " ")" - - if [[ "${#quorum_voters_conf_ids[@]}" != "${#quorum_voters_state_ids[@]}" ]]; then - true - else - read -r -a sorted_state <<< "$(echo "${quorum_voters_conf_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - read -r -a sorted_conf <<< "$(echo "${quorum_voters_state_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - if [[ "${sorted_state[*]}" = "${sorted_conf[*]}" ]]; then - false - else - true - fi - fi -} - -######################## -# Initialize Kafka -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_initialize() { - info "Initializing Kafka..." - # Check for mounted configuration files - if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then - cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR" - fi - # Copy truststore to cert directory - for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do - # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location) - if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then - info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}" - cp -L "${!cert_var}" "$KAFKA_CERTS_DIR" - fi - done - - if [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" ]]; then - info "No injected configuration files found, creating default config files" - # Restore original server.properties but remove Zookeeper/KRaft specific settings for compatibility with both architectures - cp "${KAFKA_CONF_DIR}/server.properties.original" "$KAFKA_CONF_FILE" - kafka_server_unify_conf - # Configure Kafka settings - kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR" - kafka_configure_from_environment_variables - # Configure Kafka producer/consumer to set up message sizes - ! is_empty_value "${KAFKA_CFG_MAX_REQUEST_SIZE:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE" - ! is_empty_value "${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" - # Zookeeper mode additional settings - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - kafka_zookeeper_configure_tls - fi - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - kafka_zookeeper_configure_jaas - fi - fi - # If at least one listener uses SSL or SASL_SSL, ensure SSL is configured - if kafka_has_ssl_listener; then - kafka_configure_ssl - fi - # If at least one listener uses SASL_PLAINTEXT or SASL_SSL, ensure SASL is configured - if kafka_has_sasl_listener; then - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM ]]; then - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - if [[ "$(kafka_get_version)" =~ ^3\.2\.|^3\.3\.|^3\.4\. ]]; then - # NOTE: This will depend on Kafka version when support for SCRAM is added - warn "KRaft mode requires Kafka version 3.5 or higher for SCRAM to be supported. SCRAM SASL mechanisms will now be disabled." - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN - else - export KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - export KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - # Settings for each Kafka Listener are configured individually - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')" - env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH" - [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}" - fi - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - local role="" - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - role="inter-broker" - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - role="controller" - fi - # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly - if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then - kafka_configure_consumer_producer_jaas - kafka_producer_consumer_conf_set security.protocol "$protocol" - kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}" - fi - # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected - if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - kafka_configure_server_jaas "$listener_lower" "${role:-}" - fi - fi - done - # Configure Kafka using environment variables - # This is executed at the end, to allow users to override properties set by the initialization logic - kafka_configure_from_environment_variables - else - info "Detected mounted server.properties file at ${KAFKA_MOUNTED_CONF_DIR}/server.properties. Skipping configuration based on env variables" - fi - true -} - -######################## -# Returns the most secure SASL mechanism available for Kafka clients -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_client_sasl_mechanism() { - local sasl_mechanism="" - - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-512 ]]; then - sasl_mechanism="SCRAM-SHA-512" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-256 ]]; then - sasl_mechanism="SCRAM-SHA-256" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ PLAIN ]]; then - sasl_mechanism="PLAIN" - fi - echo "$sasl_mechanism" -} - -######################## -# Removes default settings referencing Zookeeper mode or KRaft mode -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_server_unify_conf() { - local -r remove_regexps=( - #Zookeeper - "s/^zookeeper\./#zookeeper./g" - "s/^group\.initial/#group.initial/g" - "s/^broker\./#broker./g" - "s/^node\./#node./g" - "s/^process\./#process./g" - "s/^listeners=/#listeners=/g" - "s/^listener\./#listener./g" - "s/^controller\./#controller./g" - "s/^inter\.broker/#inter.broker/g" - "s/^advertised\.listeners/#advertised.listeners/g" - ) - - # Map environment variables to config properties - for regex in "${remove_regexps[@]}"; do - sed -i "${regex}" "$KAFKA_CONF_FILE" - done -} - -######################## -# Dinamically set node.id/broker.id/controller.quorum.voters if their alternative environment variable _COMMAND is set -# Globals: -# KAFKA_*_COMMAND -# Arguments: -# None -# Returns: -# None -######################### -kafka_dynamic_environment_variables() { - # KRaft mode - if ! is_empty_value "${KAFKA_NODE_ID_COMMAND:-}"; then - KAFKA_CFG_NODE_ID="$(eval "${KAFKA_NODE_ID_COMMAND}")" - export KAFKA_CFG_NODE_ID - fi - if ! is_empty_value "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND:-}"; then - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS="$(eval "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND}")" - export KAFKA_CFG_CONTROLLER_QUORUM_VOTERS - fi - # Zookeeper mode - # DEPRECATED - BROKER_ID_COMMAND has been deprecated, please use KAFKA_BROKER_ID_COMMAND instead - if ! is_empty_value "${KAFKA_BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${KAFKA_BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - elif ! is_empty_value "${BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - fi -} - -######################## -# Run custom initialization scripts -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_custom_init_scripts() { - if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR" - for f in /docker-entrypoint-initdb.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is running -######################## -is_kafka_running() { - local pid - pid="$(get_pid_from_file "$KAFKA_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is not running -######################## -is_kafka_not_running() { - ! is_kafka_running -} - -######################## -# Stop Kafka -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_stop() { - ! is_kafka_running && return - stop_service_using_pid "$KAFKA_PID_FILE" TERM -} diff --git a/bitnami/kafka/3.6/debian-12/tags-info.yaml b/bitnami/kafka/3.6/debian-12/tags-info.yaml deleted file mode 100644 index c0d0e0372375d..0000000000000 --- a/bitnami/kafka/3.6/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "3.6" -- 3.6-debian-12 -- 3.6.2 diff --git a/bitnami/kafka/3.7/README.md b/bitnami/kafka/3.7/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/kafka/3.7/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/kafka/3.7/debian-12/Dockerfile b/bitnami/kafka/3.7/debian-12/Dockerfile deleted file mode 100644 index c3b375f7cbdb8..0000000000000 --- a/bitnami/kafka/3.7/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T21:51:40Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.7.0-debian-12-r6" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \ - org.opencontainers.image.title="kafka" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.7.0" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "kafka-3.7.0-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/kafka/postunpack.sh -ENV APP_VERSION="3.7.0" \ - BITNAMI_APP_NAME="kafka" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH" - -EXPOSE 9092 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/bitnami/kafka/3.7/debian-12/docker-compose.yml b/bitnami/kafka/3.7/debian-12/docker-compose.yml deleted file mode 100644 index 64235b74230bf..0000000000000 --- a/bitnami/kafka/3.7/debian-12/docker-compose.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: "2" - -services: - kafka: - image: docker.io/bitnami/kafka:3.7 - ports: - - "9092:9092" - volumes: - - "kafka_data:/bitnami" - environment: - # KRaft settings - - KAFKA_CFG_NODE_ID=0 - - KAFKA_CFG_PROCESS_ROLES=controller,broker - - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093 - # Listeners - - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093 - - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092 - - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT - - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER - - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT -volumes: - kafka_data: - driver: local diff --git a/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 17a9caf2bcd04..0000000000000 --- a/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "kafka": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.7.0-2" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/kafka/3.7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh b/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh deleted file mode 100644 index f58958279ce88..0000000000000 --- a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for kafka - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-kafka}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -kafka_env_vars=( - KAFKA_MOUNTED_CONF_DIR - KAFKA_INTER_BROKER_USER - KAFKA_INTER_BROKER_PASSWORD - KAFKA_CONTROLLER_USER - KAFKA_CONTROLLER_PASSWORD - KAFKA_CERTIFICATE_PASSWORD - KAFKA_TLS_TRUSTSTORE_FILE - KAFKA_TLS_TYPE - KAFKA_TLS_CLIENT_AUTH - KAFKA_OPTS - KAFKA_CFG_SASL_ENABLED_MECHANISMS - KAFKA_KRAFT_CLUSTER_ID - KAFKA_SKIP_KRAFT_STORAGE_INIT - KAFKA_CLIENT_LISTENER_NAME - KAFKA_ZOOKEEPER_PROTOCOL - KAFKA_ZOOKEEPER_PASSWORD - KAFKA_ZOOKEEPER_USER - KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE - KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME - KAFKA_ZOOKEEPER_TLS_TYPE - KAFKA_CLIENT_USERS - KAFKA_CLIENT_PASSWORDS - KAFKA_HEAP_OPTS -) -for env_var in "${kafka_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset kafka_env_vars - -# Paths -export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka" -export KAFKA_VOLUME_DIR="/bitnami/kafka" -export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data" -export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config" -export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties" -export KAFKA_MOUNTED_CONF_DIR="${KAFKA_MOUNTED_CONF_DIR:-${KAFKA_VOLUME_DIR}/config}" -export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs" -export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs" -export KAFKA_HOME="$KAFKA_BASE_DIR" -export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}" - -# System users (when running with a privileged user) -export KAFKA_DAEMON_USER="kafka" -export KAFKA_DAEMON_GROUP="kafka" - -# Kafka runtime settings -export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}" -export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}" -export KAFKA_CONTROLLER_USER="${KAFKA_CONTROLLER_USER:-controller_user}" -export KAFKA_CONTROLLER_PASSWORD="${KAFKA_CONTROLLER_PASSWORD:-bitnami}" -export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}" -export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}" -export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}" -export KAFKA_OPTS="${KAFKA_OPTS:-}" - -# Kafka configuration overrides -export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}" -export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}" -export KAFKA_SKIP_KRAFT_STORAGE_INIT="${KAFKA_SKIP_KRAFT_STORAGE_INIT:-false}" -export KAFKA_CLIENT_LISTENER_NAME="${KAFKA_CLIENT_LISTENER_NAME:-}" - -# ZooKeeper connection settings -export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}" -export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}" -export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}" -export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}" -export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}" - -# Authentication -export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}" -export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}" - -# Java settings -export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}" - -# Custom environment variables may be defined below diff --git a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh b/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh deleted file mode 100755 index d7413bcfc4f33..0000000000000 --- a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -print_welcome_page - -if [[ "$*" = *"/opt/bitnami/scripts/kafka/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Kafka setup **" - /opt/bitnami/scripts/kafka/setup.sh - info "** Kafka setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh b/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh deleted file mode 100755 index 7255563236c0b..0000000000000 --- a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libfs.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Move server.properties from configtmp to config -# Temporary solution until kafka tarball places server.properties into config -if [[ -d "${KAFKA_BASE_DIR}/configtmp" ]]; then - mv "${KAFKA_BASE_DIR}/configtmp"/* "$KAFKA_CONF_DIR" - rmdir "${KAFKA_BASE_DIR}/configtmp" -fi -[[ -d "${KAFKA_BASE_DIR}/conf" ]] && rmdir "${KAFKA_BASE_DIR}/conf" - -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR"; do - ensure_dir_exists "$dir" -done -chmod -R g+rwX "$KAFKA_BASE_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR" - -# Move the original server.properties, so users can skip initialization logic by mounting their own server.properties directly instead of using the MOUNTED_CONF_DIR -mv "${KAFKA_CONF_DIR}/server.properties" "${KAFKA_CONF_DIR}/server.properties.original" - -# Disable logging to stdout and garbage collection -# Source: https://logging.apache.org/log4j/log4j-2.4/manual/appenders.html -replace_in_file "${KAFKA_BASE_DIR}/bin/kafka-server-start.sh" " [-]loggc" " " -replace_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DailyRollingFileAppender" "ConsoleAppender" - -# Disable the default console logger in favour of KafkaAppender (which provides the exact output) -echo "log4j.appender.stdout.Threshold=OFF" >>"${KAFKA_CONF_DIR}/log4j.properties" - -# Remove invalid parameters for ConsoleAppender -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DatePattern" -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "Appender.File" diff --git a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh b/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh deleted file mode 100755 index 76d4380aff57e..0000000000000 --- a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libos.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -if [[ -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - export KAFKA_OPTS="${KAFKA_OPTS:-} -Djava.security.auth.login.config=${KAFKA_CONF_DIR}/kafka_jaas.conf" -fi - -cmd="$KAFKA_HOME/bin/kafka-server-start.sh" -args=("$KAFKA_CONF_FILE") -! is_empty_value "${KAFKA_EXTRA_FLAGS:-}" && args=("${args[@]}" "${KAFKA_EXTRA_FLAGS[@]}") - -info "** Starting Kafka **" -if am_i_root; then - exec_as_user "$KAFKA_DAEMON_USER" "$cmd" "${args[@]}" "$@" -else - exec "$cmd" "${args[@]}" "$@" -fi diff --git a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh b/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh deleted file mode 100755 index 5195f71910176..0000000000000 --- a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Map Kafka environment variables -kafka_create_alias_environment_variables - -# Dinamically set node.id/broker.id/controller.quorum.voters if the _COMMAND environment variable is set -kafka_dynamic_environment_variables - -# Set the default tuststore locations before validation -kafka_configure_default_truststore_locations -# Ensure Kafka user and group exist when running as 'root' -am_i_root && ensure_user_exists "$KAFKA_DAEMON_USER" --group "$KAFKA_DAEMON_GROUP" -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR"; do - if am_i_root; then - ensure_dir_exists "$dir" "$KAFKA_DAEMON_USER" "$KAFKA_DAEMON_GROUP" - else - ensure_dir_exists "$dir" - fi -done - -# Kafka validation, skipped if server.properties was mounted at either $KAFKA_MOUNTED_CONF_DIR or $KAFKA_CONF_DIR -[[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" && ! -f "$KAFKA_CONF_FILE" ]] && kafka_validate -# Kafka initialization, skipped if server.properties was mounted at $KAFKA_CONF_DIR -[[ ! -f "$KAFKA_CONF_FILE" ]] && kafka_initialize - -# Initialise KRaft metadata storage if process.roles configured -if grep -q "^process.roles=" "$KAFKA_CONF_FILE" && ! is_boolean_yes "$KAFKA_SKIP_KRAFT_STORAGE_INIT" ; then - kafka_kraft_storage_initialize -fi -# Configure Zookeeper SCRAM users -if is_boolean_yes "${KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS:-}"; then - kafka_zookeeper_create_sasl_scram_users -fi -# KRaft controllers may get stuck starting when the controller quorum voters are changed. -# Workaround: Remove quorum-state file when scaling up/down controllers (Waiting proposal KIP-853) -# https://cwiki.apache.org/confluence/display/KAFKA/KIP-853%3A+KRaft+Voter+Changes -if [[ -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" ]] && grep -q "^controller.quorum.voters=" "$KAFKA_CONF_FILE" && kafka_kraft_quorum_voters_changed; then - warn "Detected inconsitences between controller.quorum.voters and quorum-state, removing it..." - rm -f "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" -fi -# Ensure custom initialization scripts are executed -kafka_custom_init_scripts diff --git a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh b/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh deleted file mode 100644 index b36e8c48b05bc..0000000000000 --- a/bitnami/kafka/3.7/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh +++ /dev/null @@ -1,1180 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Kafka library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -# Functions - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -kafka_common_conf_set() { - local file="${1:?missing file}" - local key="${2:?missing key}" - shift - shift - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Returns true if at least one listener is configured using SSL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_ssl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SSL: || "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using SASL -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_sasl_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then - if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - if [[ "$KAFKA_CFG_LISTENERS" =~ SASL_PLAINTEXT: ]] || [[ "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then - return - fi - else - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - fi - fi - return 1 -} - -######################## -# Returns true if at least one listener is configured using plaintext -# Globals: -# KAFKA_CFG_LISTENERS -# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP -# Arguments: -# None -# Returns: -# true/false -######################### -kafka_has_plaintext_listener(){ - if ! is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - if [[ "$protocol" = "PLAINTEXT" ]]; then - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then - return - fi - fi - done - else - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ PLAINTEXT: ]]; then - return - fi - fi - return 1 -} - -######################## -# Backwards compatibility measure to configure the TLS truststore locations -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_default_truststore_locations() { - # Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt - # the UX that the previous version of the containers and the helm chart have. - # Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks. - # Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom - # locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need - # use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set - - # Kafka truststore - if kafka_has_ssl_listener && is_empty_value "${KAFKA_TLS_TRUSTSTORE_FILE:-}"; then - local kafka_truststore_filename="kafka.truststore.jks" - [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}" - fi - fi - # Zookeeper truststore - if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"; then - local zk_truststore_filename="zookeeper.truststore.jks" - [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}" - fi - fi -} - -######################## -# Set a configuration setting value to server.properties -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_server_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_FILE" "$@" -} - -######################## -# Set a configuration setting value to producer.properties and consumer.properties -# Globals: -# KAFKA_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_producer_consumer_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@" - kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@" -} - -######################## -# Create alias for environment variable, so both can be used -# Globals: -# None -# Arguments: -# $1 - Alias environment variable name -# $2 - Original environment variable name -# Returns: -# None -######################### -kafka_declare_alias_env() { - local -r alias="${1:?missing environment variable alias}" - local -r original="${2:?missing original environment variable}" - if printenv "${original}" >/dev/null; then - export "$alias"="${!original:-}" - fi -} - -######################## -# Map Kafka legacy environment variables to the new names -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_create_alias_environment_variables() { - suffixes=( - "ADVERTISED_LISTENERS" - "BROKER_ID" - "NODE_ID" - "CONTROLLER_QUORUM_VOTERS" - "PROCESS_ROLES" - "DEFAULT_REPLICATION_FACTOR" - "DELETE_TOPIC_ENABLE" - "INTER_BROKER_LISTENER_NAME" - "LISTENERS" - "LISTENER_SECURITY_PROTOCOL_MAP" - "LOG_DIRS" - "LOG_FLUSH_INTERVAL_MESSAGES" - "LOG_FLUSH_INTERVAL_MS" - "LOG_MESSAGE_FORMAT_VERSION" - "LOG_RETENTION_BYTES" - "LOG_RETENTION_CHECK_INTERVALS_MS" - "LOG_RETENTION_HOURS" - "LOG_SEGMENT_BYTES" - "MESSAGE_MAX_BYTES" - "NUM_IO_THREADS" - "NUM_NETWORK_THREADS" - "NUM_PARTITIONS" - "NUM_RECOVERY_THREADS_PER_DATA_DIR" - "OFFSETS_TOPIC_REPLICATION_FACTOR" - "SOCKET_RECEIVE_BUFFER_BYTES" - "SOCKET_REQUEST_MAX_BYTES" - "SOCKET_SEND_BUFFER_BYTES" - "SSL_ENDPOINT_IDENTIFICATION_ALGORITHM" - "TRANSACTION_STATE_LOG_MIN_ISR" - "TRANSACTION_STATE_LOG_REPLICATION_FACTOR" - "ZOOKEEPER_CONNECT" - "ZOOKEEPER_CONNECTION_TIMEOUT_MS" - ) - kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS" - kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES" - kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES" - kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS" - kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE" - kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER" - kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD" - kafka_declare_alias_env "KAFKA_CLIENT_LISTENER_NAME" "KAFKA_CLIENT_LISTENER" - for s in "${suffixes[@]}"; do - kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}" - done -} - -######################## -# Validate settings in KAFKA_* env vars -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_validate() { - debug "Validating settings in KAFKA_* env vars..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - # If process.roles configured, check its values are valid and perform additional checks for each - check_kraft_process_roles() { - read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$KAFKA_CFG_PROCESS_ROLES")" - for role in "${roles_list[@]}"; do - case "$role" in - broker) ;; - controller) - if is_empty_value "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-}"; then - print_validation_error "Role 'controller' enabled but environment variable KAFKA_CFG_CONTROLLER_LISTENER_NAMES was not provided." - fi - if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ ! "$KAFKA_CFG_LISTENERS" =~ ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} ]]; then - print_validation_error "Role 'controller' enabled but listener ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} not found in KAFKA_CFG_LISTENERS." - fi - ;; - *) - print_validation_error "Invalid KRaft process role '$role'. Supported roles are 'broker,controller'" - ;; - esac - done - } - # Check all listeners are using a unique and valid port - check_listener_ports(){ - check_allowed_port() { - local port="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("$port") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port ${port} was specified in the environment variable KAFKA_CFG_LISTENERS: ${err}." - fi - } - - read -r -a listeners <<<"$(tr ',' ' ' <<<"${KAFKA_CFG_LISTENERS:-}")" - local -a ports=() - for listener in "${listeners[@]}"; do - read -r -a arr <<<"$(tr ':' ' ' <<<"$listener")" - # Obtain the port from listener string, e.g. PLAINTEXT://:9092 - port="${arr[2]}" - check_allowed_port "$port" - ports+=("$port") - done - # Check each listener is using an unique port - local -a unique_ports=() - read -r -a unique_ports <<< "$(echo "${ports[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" - if [[ "${#ports[@]}" != "${#unique_ports[@]}" ]]; then - print_validation_error "There are listeners bound to the same port" - fi - } - check_listener_protocols(){ - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - # Check protocol in allowed list - if [[ ! "${allowed_protocols[*]}" =~ $protocol ]]; then - print_validation_error "Authentication protocol ${protocol} is not supported!" - fi - # If inter-broker listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL is set - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}"; then - print_validation_error "When using SASL for inter broker comunication the mechanism should be provided using KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - fi - if is_empty_value "${KAFKA_INTER_BROKER_USER:-}" || is_empty_value "${KAFKA_INTER_BROKER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka inter-broker communications, you must provide the SASL credentials. Set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD to configure the credentials for SASL authentication with between brokers." - fi - fi - # If controller listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL is set - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL:-}"; then - print_validation_error "When using SASL for controller comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - warn "KRaft controller listener may not support SCRAM-SHA-256/SCRAM-SHA-512 mechanisms. If facing any issues, we recommend switching to PLAIN mechanism. More information at: https://issues.apache.org/jira/browse/KAFKA-15513" - fi - if is_empty_value "${KAFKA_CONTROLLER_USER:-}" || is_empty_value "${KAFKA_CONTROLLER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka control plane communications, you must provide the SASL credentials. Set the environment variables KAFKA_CONTROLLER_USER and KAFKA_CONTROLLER_PASSWORD to configure the credentials for SASL authentication with between controllers." - fi - fi - else - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - if is_empty_value "${KAFKA_CLIENT_USERS:-}" || is_empty_value "${KAFKA_CLIENT_PASSWORDS:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS to configure the credentials for SASL authentication with clients." - fi - fi - - fi - done - } - - if is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}" && is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - print_validation_error "Kafka haven't been configured to work in either Raft or Zookeper mode. Please make sure at least one of the modes is configured." - fi - # Check KRaft mode - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - # Raft - if [[ "$(kafka_get_version)" =~ ^3\.2\. ]]; then - warn "KRaft mode is not production-ready in Kafka 3.2, for production environments, we recommend upgrading " - fi - # Only allow Zookeeper configuration if migration mode is enabled - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}" && - { is_empty_value "${KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE:-}" || ! is_boolean_yes "$KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE"; }; then - print_validation_error "Both KRaft mode and Zookeeper modes are configured, but KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE is not enabled" - fi - if is_empty_value "${KAFKA_CFG_NODE_ID:-}"; then - print_validation_error "KRaft mode requires an unique node.id, please set the environment variable KAFKA_CFG_NODE_ID" - fi - if is_empty_value "${KAFKA_CFG_CONTROLLER_QUORUM_VOTERS:-}"; then - print_validation_error "KRaft mode requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set" - fi - check_kraft_process_roles - fi - # Check Zookeeper mode - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - # If SSL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]]; then - # Fail if truststore is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if keystore is not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then - warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]]; then - # Fail if CA / validation cert is not provided - if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - # Warn if node key or cert are not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) - if { [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then - warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - fi - # If SASL/SASL_SSL protocol configured, check certificates are provided - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - if is_empty_value "${KAFKA_ZOOKEEPER_USER:-}" || is_empty_value "${KAFKA_ZOOKEEPER_PASSWORD:-}"; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper." - fi - fi - # If using plaintext protocol, check it is explicitly allowed - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" = "PLAINTEXT" ]]; then - warn "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure SASL and/or SSL, this setting is not recommended for production environments." - fi - fi - # Check listener ports are unique and allowed - check_listener_ports - # Check listeners are mapped to a valid security protocol - check_listener_protocols - # Warn users if plaintext listeners are configured - if kafka_has_plaintext_listener; then - warn "Kafka has been configured with a PLAINTEXT listener, this setting is not recommended for production environments." - fi - # If SSL/SASL_SSL listeners configured, check certificates are provided - if kafka_has_ssl_listener; then - if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - fi - # If SASL/SASL_SSL listeners configured, check passwords are provided - if kafka_has_sasl_listener; then - if is_empty_value "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}"; then - print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - fi - # Check users and passwords lists are the same size - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" - if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then - print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!" - fi - check_multi_value "KAFKA_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_PROTOCOL" "PLAINTEXT SASL SSL SASL_SSL" - check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required" - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Get kafka version -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# version -######################### -kafka_get_version() { - local -a cmd=("kafka-topics.sh" "--version") - am_i_root && cmd=("run_as_user" "$KAFKA_DAEMON_USER" "${cmd[@]}") - - read -r -a ver_split <<< "$("${cmd[@]}")" - echo "${ver_split[0]}" -} - -######################### -# Configure JAAS for a given listener and SASL mechanisms -# Globals: -# KAFKA_* -# Arguments: -# $1 - Name of the listener JAAS will be configured for -# $2 - Comma-separated list of SASL mechanisms to configure -# $3 - Comma-separated list of usernames -# $4 - Comma-separated list of passwords -# Returns: -# None -######################### -kafka_configure_server_jaas() { - local listener="${1:?missing listener name}" - local role="${2:-}" - - if [[ "$role" = "controller" ]]; then - local jaas_content=() - if [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" = "PLAIN" ]]; then - jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\"" - "user_${KAFKA_CONTROLLER_USER}=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_CONTROLLER_USER}\"" - "password=\"${KAFKA_CONTROLLER_PASSWORD}\";" - ) - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - else - read -r -a sasl_mechanisms_arr <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_SASL_ENABLED_MECHANISMS")" - read -r -a users <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_USERS")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_PASSWORDS")" - # Configure JAAS for each SASL mechanism - # ref: https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html - for sasl_mechanism in "${sasl_mechanisms_arr[@]}"; do - local jaas_content=() - # For PLAIN mechanism, only the first username will be used - if [[ "$sasl_mechanism" = "PLAIN" ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - if [[ "$role" = "inter-broker" ]]; then - jaas_content+=( - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\"" - ) - users+=("$KAFKA_INTER_BROKER_USER") - passwords+=("$KAFKA_INTER_BROKER_PASSWORD") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - jaas_content+=("user_${users[i]}=\"${passwords[i]}\"") - done - # Add semi-colon to the last element of the array - jaas_content[${#jaas_content[@]} - 1]="${jaas_content[${#jaas_content[@]} - 1]};" - elif [[ "$sasl_mechanism" =~ SCRAM ]]; then - if [[ "$role" = "inter-broker" ]]; then - jaas_content=( - "org.apache.kafka.common.security.scram.ScramLoginModule required" - "username=\"${KAFKA_INTER_BROKER_USER}\"" - "password=\"${KAFKA_INTER_BROKER_PASSWORD}\";" - ) - else - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required;") - fi - fi - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - sasl_mechanism_lower="$(echo "$sasl_mechanism" | tr '[:upper:]' '[:lower:]')" - kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" - done - fi -} - -######################## -# Configure Zookeeper JAAS authentication -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_configure_jaas(){ - local jaas_content=( - "org.apache.kafka.common.security.plain.PlainLoginModule required" - "username=\"${KAFKA_ZOOKEEPER_USER}\"" - "password=\"${KAFKA_ZOOKEEPER_PASSWORD}\";" - ) - - kafka_server_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Generate JAAS authentication file for local producer/consumer to use -# Globals: -# KAFKA_* -# Arguments: -# $1 - Authentication protocol to use for the internal listener -# $2 - Authentication protocol to use for the client listener -# Returns: -# None -######################### -kafka_configure_consumer_producer_jaas(){ - local jaas_content=() - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - - if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ SCRAM ]]; then - jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required") - elif [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ PLAIN ]]; then - jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") - else - error "Couldn't configure a supported SASL mechanism for Kafka consumer/producer properties" - exit 1 - fi - - jaas_content+=( - "username=\"${users[0]}\"" - "password=\"${passwords[0]}\";" - ) - - kafka_producer_consumer_conf_set "sasl.jaas.config" "${jaas_content[*]}" -} - -######################## -# Create users in zookeper when using SASL/SCRAM mechanism -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_zookeeper_create_sasl_scram_users() { - info "Creating users in Zookeeper" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - local zookeeper_connect - zookeeper_connect=$(grep "^zookeeper.connect=" "$KAFKA_CONF_FILE" | sed -E 's/^zookeeper\.connect=(\S+)$/\1/') - read -r -a zookeeper_hosts <<<"$(tr ',;' ' ' <<<"${zookeeper_connect}")" - - if [[ "${#zookeeper_hosts[@]}" -eq 0 ]]; then - error "Couldn't obtain zookeeper.connect from $KAFKA_CONF_FILE" - exit 1 - fi - # Wait for Zookeeper to be reachable - read -r -a aux <<<"$(tr ':' ' ' <<<"${zookeeper_hosts[0]}")" - local host="${aux[0]:?missing host}" - local port="${aux[1]:-2181}" - wait-for-port --host "$host" "$port" - - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM" "$KAFKA_CONF_FILE"; then - users+=("${KAFKA_INTER_BROKER_USER}") - passwords+=("${KAFKA_INTER_BROKER_PASSWORD}") - fi - for ((i = 0; i < ${#users[@]}; i++)); do - debug "Creating user ${users[i]} in zookeeper" - # Ref: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#sasl-scram-overview - debug_execute kafka-configs.sh --zookeeper "$zookeeper_connect" --alter --add-config "SCRAM-SHA-256=[iterations=8192,password=${passwords[i]}],SCRAM-SHA-512=[password=${passwords[i]}]" --entity-type users --entity-name "${users[i]}" - done -} - -######################## -# Configure Kafka SSL settings -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_ssl() { - # Configures both Kafka server and producers/consumers - configure_both() { - kafka_server_conf_set "${1:?missing key}" "${2:?missing value}" - kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}" - } - kafka_server_conf_set "ssl.client.auth" "${KAFKA_TLS_CLIENT_AUTH}" - configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}" - configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}" - local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.key.password "$KAFKA_CERTIFICATE_PASSWORD" - if [[ "$KAFKA_TLS_TYPE" = "PEM" ]]; then - file_to_multiline_property() { - awk 'NR > 1{print line"\\n\\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" - } - remove_previous_cert_value() { - local key="${1:?missing key}" - files=( - "${KAFKA_CONF_FILE}" - "${KAFKA_CONF_DIR}/producer.properties" - "${KAFKA_CONF_DIR}/consumer.properties" - ) - for file in "${files[@]}"; do - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Delete all lines from the certificate beginning to its end - sed -i "/^[#\\s]*$key\s*=.*-----BEGIN/,/-----END/d" "$file" - fi - done - } - # We need to remove the previous cert value - # kafka_common_conf_set uses replace_in_file, which can't match multiple lines - remove_previous_cert_value ssl.keystore.key - remove_previous_cert_value ssl.keystore.certificate.chain - remove_previous_cert_value ssl.truststore.certificates - configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")" - configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")" - configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")" - elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then - configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks - configure_both ssl.truststore.location "$kafka_truststore_location" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD" - ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD" - fi - true # Avoid the function to fail due to the check above -} - -######################## -# Get Zookeeper TLS settings -# Globals: -# KAFKA_ZOOKEEPER_TLS_* -# Arguments: -# None -# Returns: -# String -######################### -kafka_zookeeper_configure_tls() { - # Note that ZooKeeper does not support a key password different from the keystore password, - # so be sure to set the key password in the keystore to be identical to the keystore password; - # otherwise the connection attempt to Zookeeper will fail. - local keystore_location="" - local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")" - - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]]; then - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; then - # Concatenating private key into public certificate file - # This is needed to load keystore from location using PEM - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keypair.pem" - cat "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" > "$keystore_location" - fi - - kafka_server_conf_set "zookeeper.clientCnxnSocket" "org.apache.zookeeper.ClientCnxnSocketNetty" - kafka_server_conf_set "zookeeper.ssl.client.enable" "true" - is_boolean_yes "${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-}" && kafka_server_conf_set "zookeeper.ssl.endpoint.identification.algorithm" "HTTPS" - ! is_empty_value "${keystore_location:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.location" "${keystore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.password" "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD}" - ! is_empty_value "${kafka_zk_truststore_location:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.location" "${kafka_zk_truststore_location}" - ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.password" "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD}" - true # Avoid the function to fail due to the check above -} - -######################## -# Configure Kafka configuration files from environment variables -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_from_environment_variables() { - # List of special cases to apply to the variables - local -r exception_regexps=( - "s/sasl\.ssl/sasl_ssl/g" - "s/sasl\.plaintext/sasl_plaintext/g" - ) - # Map environment variables to config properties - for var in "${!KAFKA_CFG_@}"; do - key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" - - # Exception for the camel case in this environment variable - [[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket" - - # Apply exception regexps - for regex in "${exception_regexps[@]}"; do - key="$(echo "$key" | sed "$regex")" - done - - value="${!var}" - kafka_server_conf_set "$key" "$value" - done -} - -######################## -# Initialize KRaft storage -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_storage_initialize() { - local args=("--config" "$KAFKA_CONF_FILE" "--ignore-formatted") - info "Initializing KRaft storage metadata" - - # If cluster.id found in meta.properties, use it - if [[ -f "${KAFKA_DATA_DIR}/meta.properties" ]]; then - KAFKA_KRAFT_CLUSTER_ID=$(grep "^cluster.id=" "${KAFKA_DATA_DIR}/meta.properties" | sed -E 's/^cluster\.id=(\S+)$/\1/') - fi - - if is_empty_value "${KAFKA_KRAFT_CLUSTER_ID:-}"; then - warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one" - KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)" - info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'" - fi - args+=("--cluster-id" "$KAFKA_KRAFT_CLUSTER_ID") - - # SCRAM users are configured during the cluster bootstrapping process and can later be manually updated using kafka-config.sh - if is_boolean_yes "${KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS:-}"; then - info "Adding KRaft SCRAM users at storage bootstrap" - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - # Configure SCRAM-SHA-256 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-256=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Configure SCRAM-SHA-512 if enabled - if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - for ((i = 0; i < ${#users[@]}; i++)); do - args+=("--add-scram" "SCRAM-SHA-512=[name=${users[i]},password=${passwords[i]}]") - done - fi - # Add interbroker credentials - if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") - fi - # Add controller credentials - if grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - elif grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then - args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") - fi - fi - info "Formatting storage directories to add metadata..." - "${KAFKA_HOME}/bin/kafka-storage.sh" format "${args[@]}" -} - -######################## -# Detects inconsitences between the configuration at KAFKA_CONF_FILE and cluster-state file -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_kraft_quorum_voters_changed(){ - read -r -a quorum_voters_conf_ids <<<"$(grep "^controller.quorum.voters=" "$KAFKA_CONF_FILE" | sed "s/^controller.quorum.voters=//" | tr "," " " | sed -E "s/\@\S+//g")" - read -r -a quorum_voters_state_ids <<< "$(grep -Eo "\{\"voterId\":[0-9]+\}" "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" | grep -Eo "[0-9]+" | tr "\n" " ")" - - if [[ "${#quorum_voters_conf_ids[@]}" != "${#quorum_voters_state_ids[@]}" ]]; then - true - else - read -r -a sorted_state <<< "$(echo "${quorum_voters_conf_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - read -r -a sorted_conf <<< "$(echo "${quorum_voters_state_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" - if [[ "${sorted_state[*]}" = "${sorted_conf[*]}" ]]; then - false - else - true - fi - fi -} - -######################## -# Initialize Kafka -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_initialize() { - info "Initializing Kafka..." - # Check for mounted configuration files - if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then - cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR" - fi - # Copy truststore to cert directory - for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do - # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location) - if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then - info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}" - cp -L "${!cert_var}" "$KAFKA_CERTS_DIR" - fi - done - - if [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" ]]; then - info "No injected configuration files found, creating default config files" - # Restore original server.properties but remove Zookeeper/KRaft specific settings for compatibility with both architectures - cp "${KAFKA_CONF_DIR}/server.properties.original" "$KAFKA_CONF_FILE" - kafka_server_unify_conf - # Configure Kafka settings - kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR" - kafka_configure_from_environment_variables - # Configure Kafka producer/consumer to set up message sizes - ! is_empty_value "${KAFKA_CFG_MAX_REQUEST_SIZE:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE" - ! is_empty_value "${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" - # Zookeeper mode additional settings - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then - kafka_zookeeper_configure_tls - fi - if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then - kafka_zookeeper_configure_jaas - fi - fi - # If at least one listener uses SSL or SASL_SSL, ensure SSL is configured - if kafka_has_ssl_listener; then - kafka_configure_ssl - fi - # If at least one listener uses SASL_PLAINTEXT or SASL_SSL, ensure SASL is configured - if kafka_has_sasl_listener; then - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM ]]; then - if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then - if [[ "$(kafka_get_version)" =~ ^3\.2\.|^3\.3\.|^3\.4\. ]]; then - # NOTE: This will depend on Kafka version when support for SCRAM is added - warn "KRaft mode requires Kafka version 3.5 or higher for SCRAM to be supported. SCRAM SASL mechanisms will now be disabled." - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN - else - export KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then - export KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS="true" - fi - fi - kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - # Settings for each Kafka Listener are configured individually - read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" - for protocol_map in "${protocol_maps[@]}"; do - read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" - # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT - listener="${map[0]}" - protocol="${map[1]}" - listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" - - if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then - listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')" - env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH" - [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}" - fi - if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then - local role="" - if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then - kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - role="inter-broker" - elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then - kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" - role="controller" - fi - # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly - if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then - kafka_configure_consumer_producer_jaas - kafka_producer_consumer_conf_set security.protocol "$protocol" - kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}" - fi - # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected - if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - kafka_configure_server_jaas "$listener_lower" "${role:-}" - fi - fi - done - # Configure Kafka using environment variables - # This is executed at the end, to allow users to override properties set by the initialization logic - kafka_configure_from_environment_variables - else - info "Detected mounted server.properties file at ${KAFKA_MOUNTED_CONF_DIR}/server.properties. Skipping configuration based on env variables" - fi - true -} - -######################## -# Returns the most secure SASL mechanism available for Kafka clients -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_client_sasl_mechanism() { - local sasl_mechanism="" - - if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-512 ]]; then - sasl_mechanism="SCRAM-SHA-512" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-256 ]]; then - sasl_mechanism="SCRAM-SHA-256" - elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ PLAIN ]]; then - sasl_mechanism="PLAIN" - fi - echo "$sasl_mechanism" -} - -######################## -# Removes default settings referencing Zookeeper mode or KRaft mode -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################## -kafka_server_unify_conf() { - local -r remove_regexps=( - #Zookeeper - "s/^zookeeper\./#zookeeper./g" - "s/^group\.initial/#group.initial/g" - "s/^broker\./#broker./g" - "s/^node\./#node./g" - "s/^process\./#process./g" - "s/^listeners=/#listeners=/g" - "s/^listener\./#listener./g" - "s/^controller\./#controller./g" - "s/^inter\.broker/#inter.broker/g" - "s/^advertised\.listeners/#advertised.listeners/g" - ) - - # Map environment variables to config properties - for regex in "${remove_regexps[@]}"; do - sed -i "${regex}" "$KAFKA_CONF_FILE" - done -} - -######################## -# Dinamically set node.id/broker.id/controller.quorum.voters if their alternative environment variable _COMMAND is set -# Globals: -# KAFKA_*_COMMAND -# Arguments: -# None -# Returns: -# None -######################### -kafka_dynamic_environment_variables() { - # KRaft mode - if ! is_empty_value "${KAFKA_NODE_ID_COMMAND:-}"; then - KAFKA_CFG_NODE_ID="$(eval "${KAFKA_NODE_ID_COMMAND}")" - export KAFKA_CFG_NODE_ID - fi - if ! is_empty_value "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND:-}"; then - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS="$(eval "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND}")" - export KAFKA_CFG_CONTROLLER_QUORUM_VOTERS - fi - # Zookeeper mode - # DEPRECATED - BROKER_ID_COMMAND has been deprecated, please use KAFKA_BROKER_ID_COMMAND instead - if ! is_empty_value "${KAFKA_BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${KAFKA_BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - elif ! is_empty_value "${BROKER_ID_COMMAND:-}"; then - KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND}")" - export KAFKA_CFG_BROKER_ID - fi -} - -######################## -# Run custom initialization scripts -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_custom_init_scripts() { - if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR" - for f in /docker-entrypoint-initdb.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is running -######################## -is_kafka_running() { - local pid - pid="$(get_pid_from_file "$KAFKA_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is not running -######################## -is_kafka_not_running() { - ! is_kafka_running -} - -######################## -# Stop Kafka -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_stop() { - ! is_kafka_running && return - stop_service_using_pid "$KAFKA_PID_FILE" TERM -} diff --git a/bitnami/kafka/3.7/debian-12/tags-info.yaml b/bitnami/kafka/3.7/debian-12/tags-info.yaml deleted file mode 100644 index 0c77a9c9f91b2..0000000000000 --- a/bitnami/kafka/3.7/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "3.7" -- 3.7-debian-12 -- 3.7.0 -- latest diff --git a/bitnami/kafka/3.8/README.md b/bitnami/kafka/3.8/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/kafka/3.8/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/kafka/3.9/debian-12/Dockerfile b/bitnami/kafka/3.9/debian-12/Dockerfile new file mode 100644 index 0000000000000..b43a2206a6104 --- /dev/null +++ b/bitnami/kafka/3.9/debian-12/Dockerfile @@ -0,0 +1,66 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-12T10:04:47Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="3.9.0-debian-12-r5" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \ + org.opencontainers.image.title="kafka" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="3.9.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "kafka-3.9.0-1-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh +RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh + +COPY rootfs / +RUN /opt/bitnami/scripts/java/postunpack.sh +RUN /opt/bitnami/scripts/kafka/postunpack.sh +ENV APP_VERSION="3.9.0" \ + BITNAMI_APP_NAME="kafka" \ + JAVA_HOME="/opt/bitnami/java" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH" + +EXPOSE 9092 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/bitnami/kafka/3.9/debian-12/docker-compose.yml b/bitnami/kafka/3.9/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..3cb537c151d14 --- /dev/null +++ b/bitnami/kafka/3.9/debian-12/docker-compose.yml @@ -0,0 +1,24 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + kafka: + image: docker.io/bitnami/kafka:3.9 + ports: + - "9092:9092" + volumes: + - "kafka_data:/bitnami" + environment: + # KRaft settings + - KAFKA_CFG_NODE_ID=0 + - KAFKA_CFG_PROCESS_ROLES=controller,broker + - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093 + # Listeners + - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093 + - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://:9092 + - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT + - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER + - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT +volumes: + kafka_data: + driver: local diff --git a/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..220bffdd0c91b --- /dev/null +++ b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,26 @@ +{ + "java": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "17.0.13-12-1" + }, + "kafka": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "3.9.0-1" + }, + "render-template": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.7-8" + }, + "wait-for-port": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.8-8" + } +} \ No newline at end of file diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/openldap/2.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/openldap/2.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/etcd/3.4/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/kafka/3.9/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/kafka/3.9/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/kafka/3.9/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/express/4/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/kafka/3.9/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/kafka/3.9/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh new file mode 100755 index 0000000000000..38802fc0bfe91 --- /dev/null +++ b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + +print_welcome_page + +echo "" +exec "$@" diff --git a/bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh similarity index 100% rename from bitnami/elasticsearch/7/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh rename to bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh diff --git a/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh new file mode 100644 index 0000000000000..e1621b93e8083 --- /dev/null +++ b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for kafka + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-kafka}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +kafka_env_vars=( + KAFKA_MOUNTED_CONF_DIR + KAFKA_INTER_BROKER_USER + KAFKA_INTER_BROKER_PASSWORD + KAFKA_CONTROLLER_USER + KAFKA_CONTROLLER_PASSWORD + KAFKA_CERTIFICATE_PASSWORD + KAFKA_TLS_TRUSTSTORE_FILE + KAFKA_TLS_TYPE + KAFKA_TLS_CLIENT_AUTH + KAFKA_OPTS + KAFKA_CFG_SASL_ENABLED_MECHANISMS + KAFKA_KRAFT_CLUSTER_ID + KAFKA_SKIP_KRAFT_STORAGE_INIT + KAFKA_CLIENT_LISTENER_NAME + KAFKA_ZOOKEEPER_PROTOCOL + KAFKA_ZOOKEEPER_PASSWORD + KAFKA_ZOOKEEPER_USER + KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD + KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD + KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE + KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME + KAFKA_ZOOKEEPER_TLS_TYPE + KAFKA_CLIENT_USERS + KAFKA_CLIENT_PASSWORDS + KAFKA_HEAP_OPTS + JAVA_TOOL_OPTIONS +) +for env_var in "${kafka_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset kafka_env_vars + +# Paths +export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka" +export KAFKA_VOLUME_DIR="/bitnami/kafka" +export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data" +export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config" +export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties" +export KAFKA_MOUNTED_CONF_DIR="${KAFKA_MOUNTED_CONF_DIR:-${KAFKA_VOLUME_DIR}/config}" +export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs" +export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" +export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs" +export KAFKA_HOME="$KAFKA_BASE_DIR" +export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}" + +# System users (when running with a privileged user) +export KAFKA_DAEMON_USER="kafka" +export KAFKA_DAEMON_GROUP="kafka" + +# Kafka runtime settings +export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}" +export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}" +export KAFKA_CONTROLLER_USER="${KAFKA_CONTROLLER_USER:-controller_user}" +export KAFKA_CONTROLLER_PASSWORD="${KAFKA_CONTROLLER_PASSWORD:-bitnami}" +export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}" +export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}" +export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}" +export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}" +export KAFKA_OPTS="${KAFKA_OPTS:-}" + +# Kafka configuration overrides +export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}" +export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}" +export KAFKA_SKIP_KRAFT_STORAGE_INIT="${KAFKA_SKIP_KRAFT_STORAGE_INIT:-false}" +export KAFKA_CLIENT_LISTENER_NAME="${KAFKA_CLIENT_LISTENER_NAME:-}" + +# ZooKeeper connection settings +export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}" +export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}" +export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}" +export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" +export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" +export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}" +export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}" +export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}" + +# Authentication +export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}" +export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}" + +# Java settings +export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}" + +# Java settings +export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS:-}" + +# Custom environment variables may be defined below diff --git a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh similarity index 100% rename from bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh rename to bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh diff --git a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh similarity index 100% rename from bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh rename to bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka/postunpack.sh diff --git a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh similarity index 100% rename from bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh rename to bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka/run.sh diff --git a/bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh similarity index 100% rename from bitnami/kafka/3.2/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh rename to bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/kafka/setup.sh diff --git a/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh new file mode 100644 index 0000000000000..df2459b035778 --- /dev/null +++ b/bitnami/kafka/3.9/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh @@ -0,0 +1,1176 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami Kafka library + +# shellcheck disable=SC1090,SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libservice.sh + +# Functions + +######################## +# Set a configuration setting value to a file +# Globals: +# None +# Arguments: +# $1 - file +# $2 - key +# $3 - values (array) +# Returns: +# None +######################### +kafka_common_conf_set() { + local file="${1:?missing file}" + local key="${2:?missing key}" + shift + shift + local values=("$@") + + if [[ "${#values[@]}" -eq 0 ]]; then + stderr_print "missing value" + return 1 + elif [[ "${#values[@]}" -ne 1 ]]; then + for i in "${!values[@]}"; do + kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}" + done + else + value="${values[0]}" + # Check if the value was set before + if grep -q "^[#\\s]*$key\s*=.*" "$file"; then + # Update the existing key + replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false + else + # Add a new key + printf '\n%s=%s' "$key" "$value" >>"$file" + fi + fi +} + +######################## +# Returns true if at least one listener is configured using SSL +# Globals: +# KAFKA_CFG_LISTENERS +# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP +# Arguments: +# None +# Returns: +# true/false +######################### +kafka_has_ssl_listener(){ + if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then + if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then + if [[ "$KAFKA_CFG_LISTENERS" =~ SSL: || "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then + return + fi + else + read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" + for protocol_map in "${protocol_maps[@]}"; do + read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" + # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT + listener="${map[0]}" + protocol="${map[1]}" + if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then + if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then + return + fi + fi + done + fi + fi + return 1 +} + +######################## +# Returns true if at least one listener is configured using SASL +# Globals: +# KAFKA_CFG_LISTENERS +# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP +# Arguments: +# None +# Returns: +# true/false +######################### +kafka_has_sasl_listener(){ + if ! is_empty_value "${KAFKA_CFG_LISTENERS:-}"; then + if is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then + if [[ "$KAFKA_CFG_LISTENERS" =~ SASL_PLAINTEXT: ]] || [[ "$KAFKA_CFG_LISTENERS" =~ SASL_SSL: ]]; then + return + fi + else + read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" + for protocol_map in "${protocol_maps[@]}"; do + read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" + # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT + listener="${map[0]}" + protocol="${map[1]}" + if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then + if [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then + return + fi + fi + done + fi + fi + return 1 +} + +######################## +# Returns true if at least one listener is configured using plaintext +# Globals: +# KAFKA_CFG_LISTENERS +# KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP +# Arguments: +# None +# Returns: +# true/false +######################### +kafka_has_plaintext_listener(){ + if ! is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then + read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" + for protocol_map in "${protocol_maps[@]}"; do + read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" + # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT + listener="${map[0]}" + protocol="${map[1]}" + if [[ "$protocol" = "PLAINTEXT" ]]; then + if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ $listener ]]; then + return + fi + fi + done + else + if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ "$KAFKA_CFG_LISTENERS" =~ PLAINTEXT: ]]; then + return + fi + fi + return 1 +} + +######################## +# Backwards compatibility measure to configure the TLS truststore locations +# Globals: +# KAFKA_CONF_FILE +# Arguments: +# None +# Returns: +# None +######################### +kafka_configure_default_truststore_locations() { + # Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt + # the UX that the previous version of the containers and the helm chart have. + # Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks. + # Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom + # locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need + # use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set + + # Kafka truststore + if kafka_has_ssl_listener && is_empty_value "${KAFKA_TLS_TRUSTSTORE_FILE:-}"; then + local kafka_truststore_filename="kafka.truststore.jks" + [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem" + if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then + # Mounted in /opt/bitnami/kafka/conf/certs + export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" + else + # Mounted in /bitnami/kafka/conf/certs + export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}" + fi + fi + # Zookeeper truststore + if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"; then + local zk_truststore_filename="zookeeper.truststore.jks" + [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem" + if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then + # Mounted in /opt/bitnami/kafka/conf/certs + export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}" + else + # Mounted in /bitnami/kafka/conf/certs + export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}" + fi + fi +} + +######################## +# Set a configuration setting value to server.properties +# Globals: +# KAFKA_CONF_FILE +# Arguments: +# $1 - key +# $2 - values (array) +# Returns: +# None +######################### +kafka_server_conf_set() { + kafka_common_conf_set "$KAFKA_CONF_FILE" "$@" +} + +######################## +# Set a configuration setting value to producer.properties and consumer.properties +# Globals: +# KAFKA_CONF_DIR +# Arguments: +# $1 - key +# $2 - values (array) +# Returns: +# None +######################### +kafka_producer_consumer_conf_set() { + kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@" + kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@" +} + +######################## +# Create alias for environment variable, so both can be used +# Globals: +# None +# Arguments: +# $1 - Alias environment variable name +# $2 - Original environment variable name +# Returns: +# None +######################### +kafka_declare_alias_env() { + local -r alias="${1:?missing environment variable alias}" + local -r original="${2:?missing original environment variable}" + if printenv "${original}" >/dev/null; then + export "$alias"="${!original:-}" + fi +} + +######################## +# Map Kafka legacy environment variables to the new names +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_create_alias_environment_variables() { + suffixes=( + "ADVERTISED_LISTENERS" + "BROKER_ID" + "NODE_ID" + "CONTROLLER_QUORUM_VOTERS" + "PROCESS_ROLES" + "DEFAULT_REPLICATION_FACTOR" + "DELETE_TOPIC_ENABLE" + "INTER_BROKER_LISTENER_NAME" + "LISTENERS" + "LISTENER_SECURITY_PROTOCOL_MAP" + "LOG_DIRS" + "LOG_FLUSH_INTERVAL_MESSAGES" + "LOG_FLUSH_INTERVAL_MS" + "LOG_MESSAGE_FORMAT_VERSION" + "LOG_RETENTION_BYTES" + "LOG_RETENTION_CHECK_INTERVALS_MS" + "LOG_RETENTION_HOURS" + "LOG_SEGMENT_BYTES" + "MESSAGE_MAX_BYTES" + "NUM_IO_THREADS" + "NUM_NETWORK_THREADS" + "NUM_PARTITIONS" + "NUM_RECOVERY_THREADS_PER_DATA_DIR" + "OFFSETS_TOPIC_REPLICATION_FACTOR" + "SOCKET_RECEIVE_BUFFER_BYTES" + "SOCKET_REQUEST_MAX_BYTES" + "SOCKET_SEND_BUFFER_BYTES" + "SSL_ENDPOINT_IDENTIFICATION_ALGORITHM" + "TRANSACTION_STATE_LOG_MIN_ISR" + "TRANSACTION_STATE_LOG_REPLICATION_FACTOR" + "ZOOKEEPER_CONNECT" + "ZOOKEEPER_CONNECTION_TIMEOUT_MS" + ) + kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS" + kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES" + kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES" + kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS" + kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE" + kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER" + kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD" + kafka_declare_alias_env "KAFKA_CLIENT_LISTENER_NAME" "KAFKA_CLIENT_LISTENER" + for s in "${suffixes[@]}"; do + kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}" + done +} + +######################## +# Validate settings in KAFKA_* env vars +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_validate() { + debug "Validating settings in KAFKA_* env vars..." + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + check_multi_value() { + if [[ " ${2} " != *" ${!1} "* ]]; then + print_validation_error "The allowed values for ${1} are: ${2}" + fi + } + # If process.roles configured, check its values are valid and perform additional checks for each + check_kraft_process_roles() { + read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$KAFKA_CFG_PROCESS_ROLES")" + for role in "${roles_list[@]}"; do + case "$role" in + broker) ;; + controller) + if is_empty_value "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-}"; then + print_validation_error "Role 'controller' enabled but environment variable KAFKA_CFG_CONTROLLER_LISTENER_NAMES was not provided." + fi + if is_empty_value "${KAFKA_CFG_LISTENERS:-}" || [[ ! "$KAFKA_CFG_LISTENERS" =~ ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} ]]; then + print_validation_error "Role 'controller' enabled but listener ${KAFKA_CFG_CONTROLLER_LISTENER_NAMES} not found in KAFKA_CFG_LISTENERS." + fi + ;; + *) + print_validation_error "Invalid KRaft process role '$role'. Supported roles are 'broker,controller'" + ;; + esac + done + } + # Check all listeners are using a unique and valid port + check_listener_ports(){ + check_allowed_port() { + local port="${1:?missing port variable}" + local -a validate_port_args=() + ! am_i_root && validate_port_args+=("-unprivileged") + validate_port_args+=("$port") + if ! err=$(validate_port "${validate_port_args[@]}"); then + print_validation_error "An invalid port ${port} was specified in the environment variable KAFKA_CFG_LISTENERS: ${err}." + fi + } + + read -r -a listeners <<<"$(tr ',' ' ' <<<"${KAFKA_CFG_LISTENERS:-}")" + local -a ports=() + for listener in "${listeners[@]}"; do + read -r -a arr <<<"$(tr ':' ' ' <<<"$listener")" + # Obtain the port from listener string, e.g. PLAINTEXT://:9092 + port="${arr[2]}" + check_allowed_port "$port" + ports+=("$port") + done + # Check each listener is using an unique port + local -a unique_ports=() + read -r -a unique_ports <<< "$(echo "${ports[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" + if [[ "${#ports[@]}" != "${#unique_ports[@]}" ]]; then + print_validation_error "There are listeners bound to the same port" + fi + } + check_listener_protocols(){ + local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") + read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" + for protocol_map in "${protocol_maps[@]}"; do + read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" + # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT + listener="${map[0]}" + protocol="${map[1]}" + # Check protocol in allowed list + if [[ ! "${allowed_protocols[*]}" =~ $protocol ]]; then + print_validation_error "Authentication protocol ${protocol} is not supported!" + fi + # If inter-broker listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL is set + if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then + if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then + if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}"; then + print_validation_error "When using SASL for inter broker comunication the mechanism should be provided using KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" + fi + if is_empty_value "${KAFKA_INTER_BROKER_USER:-}" || is_empty_value "${KAFKA_INTER_BROKER_PASSWORD:-}"; then + print_validation_error "In order to configure SASL authentication for Kafka inter-broker communications, you must provide the SASL credentials. Set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD to configure the credentials for SASL authentication with between brokers." + fi + fi + # If controller listener configured with SASL, ensure KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL is set + elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then + if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then + if is_empty_value "${KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL:-}"; then + print_validation_error "When using SASL for controller comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" + elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then + warn "KRaft controller listener may not support SCRAM-SHA-256/SCRAM-SHA-512 mechanisms. If facing any issues, we recommend switching to PLAIN mechanism. More information at: https://issues.apache.org/jira/browse/KAFKA-15513" + fi + if is_empty_value "${KAFKA_CONTROLLER_USER:-}" || is_empty_value "${KAFKA_CONTROLLER_PASSWORD:-}"; then + print_validation_error "In order to configure SASL authentication for Kafka control plane communications, you must provide the SASL credentials. Set the environment variables KAFKA_CONTROLLER_USER and KAFKA_CONTROLLER_PASSWORD to configure the credentials for SASL authentication with between controllers." + fi + fi + else + if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then + if is_empty_value "${KAFKA_CLIENT_USERS:-}" || is_empty_value "${KAFKA_CLIENT_PASSWORDS:-}"; then + print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS to configure the credentials for SASL authentication with clients." + fi + fi + + fi + done + } + + if is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}" && is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then + print_validation_error "Kafka haven't been configured to work in either Raft or Zookeper mode. Please make sure at least one of the modes is configured." + fi + # Check KRaft mode + if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then + # Only allow Zookeeper configuration if migration mode is enabled + if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}" && + { is_empty_value "${KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE:-}" || ! is_boolean_yes "$KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE"; }; then + print_validation_error "Both KRaft mode and Zookeeper modes are configured, but KAFKA_CFG_ZOOKEEPER_METADATA_MIGRATION_ENABLE is not enabled" + fi + if is_empty_value "${KAFKA_CFG_NODE_ID:-}"; then + print_validation_error "KRaft mode requires an unique node.id, please set the environment variable KAFKA_CFG_NODE_ID" + fi + if is_empty_value "${KAFKA_CFG_CONTROLLER_QUORUM_VOTERS:-}"; then + print_validation_error "KRaft mode requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set" + fi + check_kraft_process_roles + fi + # Check Zookeeper mode + if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then + # If SSL/SASL_SSL protocol configured, check certificates are provided + if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then + if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]]; then + # Fail if truststore is not provided + if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then + print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." + fi + # Warn if keystore is not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) + if [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then + warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." + fi + elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]]; then + # Fail if CA / validation cert is not provided + if [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then + print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." + fi + # Warn if node key or cert are not provided, only required if Zookeper mTLS is enabled (ZOO_TLS_CLIENT_AUTH) + if { [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } && + { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then + warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." + fi + fi + fi + # If SASL/SASL_SSL protocol configured, check certificates are provided + if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then + if is_empty_value "${KAFKA_ZOOKEEPER_USER:-}" || is_empty_value "${KAFKA_ZOOKEEPER_PASSWORD:-}"; then + print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper." + fi + fi + # If using plaintext protocol, check it is explicitly allowed + if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" = "PLAINTEXT" ]]; then + warn "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure SASL and/or SSL, this setting is not recommended for production environments." + fi + fi + # Check listener ports are unique and allowed + check_listener_ports + # Check listeners are mapped to a valid security protocol + check_listener_protocols + # Warn users if plaintext listeners are configured + if kafka_has_plaintext_listener; then + warn "Kafka has been configured with a PLAINTEXT listener, this setting is not recommended for production environments." + fi + # If SSL/SASL_SSL listeners configured, check certificates are provided + if kafka_has_ssl_listener; then + if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] && + { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && + { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then + print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." + elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && + { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && + { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then + print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." + fi + fi + # If SASL/SASL_SSL listeners configured, check passwords are provided + if kafka_has_sasl_listener; then + if is_empty_value "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}"; then + print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS" + fi + fi + # Check users and passwords lists are the same size + read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")" + read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" + if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then + print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!" + fi + check_multi_value "KAFKA_TLS_TYPE" "JKS PEM" + check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM" + check_multi_value "KAFKA_ZOOKEEPER_PROTOCOL" "PLAINTEXT SASL SSL SASL_SSL" + check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required" + [[ "$error_code" -eq 0 ]] || return "$error_code" +} + +######################## +# Get kafka version +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# version +######################### +kafka_get_version() { + local -a cmd=("kafka-topics.sh" "--version") + am_i_root && cmd=("run_as_user" "$KAFKA_DAEMON_USER" "${cmd[@]}") + + read -r -a ver_split <<< "$("${cmd[@]}")" + echo "${ver_split[0]}" +} + +######################### +# Configure JAAS for a given listener and SASL mechanisms +# Globals: +# KAFKA_* +# Arguments: +# $1 - Name of the listener JAAS will be configured for +# $2 - Comma-separated list of SASL mechanisms to configure +# $3 - Comma-separated list of usernames +# $4 - Comma-separated list of passwords +# Returns: +# None +######################### +kafka_configure_server_jaas() { + local listener="${1:?missing listener name}" + local role="${2:-}" + + if [[ "$role" = "controller" ]]; then + local jaas_content=() + if [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" = "PLAIN" ]]; then + jaas_content=( + "org.apache.kafka.common.security.plain.PlainLoginModule required" + "username=\"${KAFKA_CONTROLLER_USER}\"" + "password=\"${KAFKA_CONTROLLER_PASSWORD}\"" + "user_${KAFKA_CONTROLLER_USER}=\"${KAFKA_CONTROLLER_PASSWORD}\";" + ) + elif [[ "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" =~ SCRAM ]]; then + jaas_content=( + "org.apache.kafka.common.security.scram.ScramLoginModule required" + "username=\"${KAFKA_CONTROLLER_USER}\"" + "password=\"${KAFKA_CONTROLLER_PASSWORD}\";" + ) + fi + listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" + sasl_mechanism_lower="$(echo "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" | tr '[:upper:]' '[:lower:]')" + kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" + else + read -r -a sasl_mechanisms_arr <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_SASL_ENABLED_MECHANISMS")" + read -r -a users <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_USERS")" + read -r -a passwords <<<"$(tr ',;' ' ' <<<"$KAFKA_CLIENT_PASSWORDS")" + # Configure JAAS for each SASL mechanism + # ref: https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html + for sasl_mechanism in "${sasl_mechanisms_arr[@]}"; do + local jaas_content=() + # For PLAIN mechanism, only the first username will be used + if [[ "$sasl_mechanism" = "PLAIN" ]]; then + jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") + if [[ "$role" = "inter-broker" ]]; then + jaas_content+=( + "username=\"${KAFKA_INTER_BROKER_USER}\"" + "password=\"${KAFKA_INTER_BROKER_PASSWORD}\"" + ) + users+=("$KAFKA_INTER_BROKER_USER") + passwords+=("$KAFKA_INTER_BROKER_PASSWORD") + fi + for ((i = 0; i < ${#users[@]}; i++)); do + jaas_content+=("user_${users[i]}=\"${passwords[i]}\"") + done + # Add semi-colon to the last element of the array + jaas_content[${#jaas_content[@]} - 1]="${jaas_content[${#jaas_content[@]} - 1]};" + elif [[ "$sasl_mechanism" =~ SCRAM ]]; then + if [[ "$role" = "inter-broker" ]]; then + jaas_content=( + "org.apache.kafka.common.security.scram.ScramLoginModule required" + "username=\"${KAFKA_INTER_BROKER_USER}\"" + "password=\"${KAFKA_INTER_BROKER_PASSWORD}\";" + ) + else + jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required;") + fi + fi + listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" + sasl_mechanism_lower="$(echo "$sasl_mechanism" | tr '[:upper:]' '[:lower:]')" + kafka_server_conf_set "listener.name.${listener_lower}.${sasl_mechanism_lower}.sasl.jaas.config" "${jaas_content[*]}" + done + fi +} + +######################## +# Configure Zookeeper JAAS authentication +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_zookeeper_configure_jaas(){ + local jaas_content=( + "org.apache.kafka.common.security.plain.PlainLoginModule required" + "username=\"${KAFKA_ZOOKEEPER_USER}\"" + "password=\"${KAFKA_ZOOKEEPER_PASSWORD}\";" + ) + + kafka_server_conf_set "sasl.jaas.config" "${jaas_content[*]}" +} + +######################## +# Generate JAAS authentication file for local producer/consumer to use +# Globals: +# KAFKA_* +# Arguments: +# $1 - Authentication protocol to use for the internal listener +# $2 - Authentication protocol to use for the client listener +# Returns: +# None +######################### +kafka_configure_consumer_producer_jaas(){ + local jaas_content=() + read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" + read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" + + if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ SCRAM ]]; then + jaas_content=("org.apache.kafka.common.security.scram.ScramLoginModule required") + elif [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS}" =~ PLAIN ]]; then + jaas_content=("org.apache.kafka.common.security.plain.PlainLoginModule required") + else + error "Couldn't configure a supported SASL mechanism for Kafka consumer/producer properties" + exit 1 + fi + + jaas_content+=( + "username=\"${users[0]}\"" + "password=\"${passwords[0]}\";" + ) + + kafka_producer_consumer_conf_set "sasl.jaas.config" "${jaas_content[*]}" +} + +######################## +# Create users in zookeper when using SASL/SCRAM mechanism +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_zookeeper_create_sasl_scram_users() { + info "Creating users in Zookeeper" + read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" + read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" + local zookeeper_connect + zookeeper_connect=$(grep "^zookeeper.connect=" "$KAFKA_CONF_FILE" | sed -E 's/^zookeeper\.connect=(\S+)$/\1/') + read -r -a zookeeper_hosts <<<"$(tr ',;' ' ' <<<"${zookeeper_connect}")" + + if [[ "${#zookeeper_hosts[@]}" -eq 0 ]]; then + error "Couldn't obtain zookeeper.connect from $KAFKA_CONF_FILE" + exit 1 + fi + # Wait for Zookeeper to be reachable + read -r -a aux <<<"$(tr ':' ' ' <<<"${zookeeper_hosts[0]}")" + local host="${aux[0]:?missing host}" + local port="${aux[1]:-2181}" + wait-for-port --host "$host" "$port" + + # Add interbroker credentials + if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM" "$KAFKA_CONF_FILE"; then + users+=("${KAFKA_INTER_BROKER_USER}") + passwords+=("${KAFKA_INTER_BROKER_PASSWORD}") + fi + for ((i = 0; i < ${#users[@]}; i++)); do + debug "Creating user ${users[i]} in zookeeper" + # Ref: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#sasl-scram-overview + debug_execute kafka-configs.sh --zookeeper "$zookeeper_connect" --alter --add-config "SCRAM-SHA-256=[iterations=8192,password=${passwords[i]}],SCRAM-SHA-512=[password=${passwords[i]}]" --entity-type users --entity-name "${users[i]}" + done +} + +######################## +# Configure Kafka SSL settings +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_configure_ssl() { + # Configures both Kafka server and producers/consumers + configure_both() { + kafka_server_conf_set "${1:?missing key}" "${2:?missing value}" + kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}" + } + kafka_server_conf_set "ssl.client.auth" "${KAFKA_TLS_CLIENT_AUTH}" + configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}" + configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}" + local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")" + ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.key.password "$KAFKA_CERTIFICATE_PASSWORD" + if [[ "$KAFKA_TLS_TYPE" = "PEM" ]]; then + file_to_multiline_property() { + awk 'NR > 1{print line"\\n\\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" + } + remove_previous_cert_value() { + local key="${1:?missing key}" + files=( + "${KAFKA_CONF_FILE}" + "${KAFKA_CONF_DIR}/producer.properties" + "${KAFKA_CONF_DIR}/consumer.properties" + ) + for file in "${files[@]}"; do + if grep -q "^[#\\s]*$key\s*=.*" "$file"; then + # Delete all lines from the certificate beginning to its end + sed -i "/^[#\\s]*$key\s*=.*-----BEGIN/,/-----END/d" "$file" + fi + done + } + # We need to remove the previous cert value + # kafka_common_conf_set uses replace_in_file, which can't match multiple lines + remove_previous_cert_value ssl.keystore.key + remove_previous_cert_value ssl.keystore.certificate.chain + remove_previous_cert_value ssl.truststore.certificates + configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")" + configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")" + configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")" + elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then + configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks + configure_both ssl.truststore.location "$kafka_truststore_location" + ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD" + ! is_empty_value "${KAFKA_CERTIFICATE_PASSWORD:-}" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD" + fi + true # Avoid the function to fail due to the check above +} + +######################## +# Get Zookeeper TLS settings +# Globals: +# KAFKA_ZOOKEEPER_TLS_* +# Arguments: +# None +# Returns: +# String +######################### +kafka_zookeeper_configure_tls() { + # Note that ZooKeeper does not support a key password different from the keystore password, + # so be sure to set the key password in the keystore to be identical to the keystore password; + # otherwise the connection attempt to Zookeeper will fail. + local keystore_location="" + local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")" + + if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]]; then + keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" + elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] && [[ -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; then + # Concatenating private key into public certificate file + # This is needed to load keystore from location using PEM + keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keypair.pem" + cat "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" > "$keystore_location" + fi + + kafka_server_conf_set "zookeeper.clientCnxnSocket" "org.apache.zookeeper.ClientCnxnSocketNetty" + kafka_server_conf_set "zookeeper.ssl.client.enable" "true" + is_boolean_yes "${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-}" && kafka_server_conf_set "zookeeper.ssl.endpoint.identification.algorithm" "HTTPS" + ! is_empty_value "${keystore_location:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.location" "${keystore_location}" + ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.keystore.password" "${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD}" + ! is_empty_value "${kafka_zk_truststore_location:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.location" "${kafka_zk_truststore_location}" + ! is_empty_value "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" && kafka_server_conf_set "zookeeper.ssl.truststore.password" "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD}" + true # Avoid the function to fail due to the check above +} + +######################## +# Configure Kafka configuration files from environment variables +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_configure_from_environment_variables() { + # List of special cases to apply to the variables + local -r exception_regexps=( + "s/sasl\.ssl/sasl_ssl/g" + "s/sasl\.plaintext/sasl_plaintext/g" + ) + # Map environment variables to config properties + for var in "${!KAFKA_CFG_@}"; do + key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" + + # Exception for the camel case in this environment variable + [[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket" + + # Apply exception regexps + for regex in "${exception_regexps[@]}"; do + key="$(echo "$key" | sed "$regex")" + done + + value="${!var}" + kafka_server_conf_set "$key" "$value" + done +} + +######################## +# Initialize KRaft storage +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_kraft_storage_initialize() { + local args=("--config" "$KAFKA_CONF_FILE" "--ignore-formatted") + info "Initializing KRaft storage metadata" + + # If cluster.id found in meta.properties, use it + if [[ -f "${KAFKA_DATA_DIR}/meta.properties" ]]; then + KAFKA_KRAFT_CLUSTER_ID=$(grep "^cluster.id=" "${KAFKA_DATA_DIR}/meta.properties" | sed -E 's/^cluster\.id=(\S+)$/\1/') + fi + + if is_empty_value "${KAFKA_KRAFT_CLUSTER_ID:-}"; then + warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one" + KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)" + info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'" + fi + args+=("--cluster-id=$KAFKA_KRAFT_CLUSTER_ID") + + # SCRAM users are configured during the cluster bootstrapping process and can later be manually updated using kafka-config.sh + if is_boolean_yes "${KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS:-}"; then + info "Adding KRaft SCRAM users at storage bootstrap" + read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" + read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" + # Configure SCRAM-SHA-256 if enabled + if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then + for ((i = 0; i < ${#users[@]}; i++)); do + args+=("--add-scram" "SCRAM-SHA-256=[name=${users[i]},password=${passwords[i]}]") + done + fi + # Configure SCRAM-SHA-512 if enabled + if grep -Eq "^sasl.enabled.mechanisms=.*SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then + for ((i = 0; i < ${#users[@]}; i++)); do + args+=("--add-scram" "SCRAM-SHA-512=[name=${users[i]},password=${passwords[i]}]") + done + fi + # Add interbroker credentials + if grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then + args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") + elif grep -Eq "^sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then + args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_INTER_BROKER_USER},password=${KAFKA_INTER_BROKER_PASSWORD}]") + fi + # Add controller credentials + if grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-256" "$KAFKA_CONF_FILE"; then + args+=("--add-scram" "SCRAM-SHA-256=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") + elif grep -Eq "^sasl.mechanism.controller.protocol=SCRAM-SHA-512" "$KAFKA_CONF_FILE"; then + args+=("--add-scram" "SCRAM-SHA-512=[name=${KAFKA_CONTROLLER_USER},password=${KAFKA_CONTROLLER_PASSWORD}]") + fi + fi + info "Formatting storage directories to add metadata..." + "${KAFKA_HOME}/bin/kafka-storage.sh" format "${args[@]}" +} + +######################## +# Detects inconsitences between the configuration at KAFKA_CONF_FILE and cluster-state file +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_kraft_quorum_voters_changed(){ + read -r -a quorum_voters_conf_ids <<<"$(grep "^controller.quorum.voters=" "$KAFKA_CONF_FILE" | sed "s/^controller.quorum.voters=//" | tr "," " " | sed -E "s/\@\S+//g")" + read -r -a quorum_voters_state_ids <<< "$(grep -Eo "\{\"voterId\":[0-9]+\}" "${KAFKA_DATA_DIR}/__cluster_metadata-0/quorum-state" | grep -Eo "[0-9]+" | tr "\n" " ")" + + if [[ "${#quorum_voters_conf_ids[@]}" != "${#quorum_voters_state_ids[@]}" ]]; then + true + else + read -r -a sorted_state <<< "$(echo "${quorum_voters_conf_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" + read -r -a sorted_conf <<< "$(echo "${quorum_voters_state_ids[@]}" | tr ' ' '\n' | sort | tr '\n' ' ')" + if [[ "${sorted_state[*]}" = "${sorted_conf[*]}" ]]; then + false + else + true + fi + fi +} + +######################## +# Initialize Kafka +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_initialize() { + info "Initializing Kafka..." + # Check for mounted configuration files + if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then + cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR" + fi + # Copy truststore to cert directory + for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do + # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location) + if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then + info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}" + cp -L "${!cert_var}" "$KAFKA_CERTS_DIR" + fi + done + + if [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/server.properties" ]]; then + info "No injected configuration files found, creating default config files" + # Restore original server.properties but remove Zookeeper/KRaft specific settings for compatibility with both architectures + cp "${KAFKA_CONF_DIR}/server.properties.original" "$KAFKA_CONF_FILE" + kafka_server_unify_conf + # Configure Kafka settings + kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR" + kafka_configure_from_environment_variables + # Configure Kafka producer/consumer to set up message sizes + ! is_empty_value "${KAFKA_CFG_MAX_REQUEST_SIZE:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE" + ! is_empty_value "${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-}" && kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" + # Zookeeper mode additional settings + if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then + if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SSL ]]; then + kafka_zookeeper_configure_tls + fi + if [[ "$KAFKA_ZOOKEEPER_PROTOCOL" =~ SASL ]]; then + kafka_zookeeper_configure_jaas + fi + fi + # If at least one listener uses SSL or SASL_SSL, ensure SSL is configured + if kafka_has_ssl_listener; then + kafka_configure_ssl + fi + # If at least one listener uses SASL_PLAINTEXT or SASL_SSL, ensure SASL is configured + if kafka_has_sasl_listener; then + if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM ]]; then + if ! is_empty_value "${KAFKA_CFG_PROCESS_ROLES:-}"; then + if [[ "$(kafka_get_version)" =~ ^3\.2\.|^3\.3\.|^3\.4\. ]]; then + # NOTE: This will depend on Kafka version when support for SCRAM is added + warn "KRaft mode requires Kafka version 3.5 or higher for SCRAM to be supported. SCRAM SASL mechanisms will now be disabled." + KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN + else + export KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS="true" + fi + fi + if ! is_empty_value "${KAFKA_CFG_ZOOKEEPER_CONNECT:-}"; then + export KAFKA_ZOOKEEPER_BOOTSTRAP_SCRAM_USERS="true" + fi + fi + kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" + fi + # Settings for each Kafka Listener are configured individually + read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")" + for protocol_map in "${protocol_maps[@]}"; do + read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")" + # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT + listener="${map[0]}" + protocol="${map[1]}" + listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')" + + if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then + listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')" + env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH" + [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}" + fi + if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then + local role="" + if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then + kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" + role="inter-broker" + elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then + kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" + kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL" + role="controller" + fi + # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly + if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then + kafka_configure_consumer_producer_jaas + kafka_producer_consumer_conf_set security.protocol "$protocol" + kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}" + fi + # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected + if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then + kafka_configure_server_jaas "$listener_lower" "${role:-}" + fi + fi + done + # Configure Kafka using environment variables + # This is executed at the end, to allow users to override properties set by the initialization logic + kafka_configure_from_environment_variables + else + info "Detected mounted server.properties file at ${KAFKA_MOUNTED_CONF_DIR}/server.properties. Skipping configuration based on env variables" + fi + true +} + +######################## +# Returns the most secure SASL mechanism available for Kafka clients +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################## +kafka_client_sasl_mechanism() { + local sasl_mechanism="" + + if [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-512 ]]; then + sasl_mechanism="SCRAM-SHA-512" + elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ SCRAM-SHA-256 ]]; then + sasl_mechanism="SCRAM-SHA-256" + elif [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ PLAIN ]]; then + sasl_mechanism="PLAIN" + fi + echo "$sasl_mechanism" +} + +######################## +# Removes default settings referencing Zookeeper mode or KRaft mode +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################## +kafka_server_unify_conf() { + local -r remove_regexps=( + #Zookeeper + "s/^zookeeper\./#zookeeper./g" + "s/^group\.initial/#group.initial/g" + "s/^broker\./#broker./g" + "s/^node\./#node./g" + "s/^process\./#process./g" + "s/^listeners=/#listeners=/g" + "s/^listener\./#listener./g" + "s/^controller\./#controller./g" + "s/^inter\.broker/#inter.broker/g" + "s/^advertised\.listeners/#advertised.listeners/g" + ) + + # Map environment variables to config properties + for regex in "${remove_regexps[@]}"; do + sed -i "${regex}" "$KAFKA_CONF_FILE" + done +} + +######################## +# Dinamically set node.id/broker.id/controller.quorum.voters if their alternative environment variable _COMMAND is set +# Globals: +# KAFKA_*_COMMAND +# Arguments: +# None +# Returns: +# None +######################### +kafka_dynamic_environment_variables() { + # KRaft mode + if ! is_empty_value "${KAFKA_NODE_ID_COMMAND:-}"; then + KAFKA_CFG_NODE_ID="$(eval "${KAFKA_NODE_ID_COMMAND}")" + export KAFKA_CFG_NODE_ID + fi + if ! is_empty_value "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND:-}"; then + KAFKA_CFG_CONTROLLER_QUORUM_VOTERS="$(eval "${KAFKA_CONTROLLER_QUORUM_VOTERS_COMMAND}")" + export KAFKA_CFG_CONTROLLER_QUORUM_VOTERS + fi + # Zookeeper mode + # DEPRECATED - BROKER_ID_COMMAND has been deprecated, please use KAFKA_BROKER_ID_COMMAND instead + if ! is_empty_value "${KAFKA_BROKER_ID_COMMAND:-}"; then + KAFKA_CFG_BROKER_ID="$(eval "${KAFKA_BROKER_ID_COMMAND}")" + export KAFKA_CFG_BROKER_ID + elif ! is_empty_value "${BROKER_ID_COMMAND:-}"; then + KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND}")" + export KAFKA_CFG_BROKER_ID + fi +} + +######################## +# Run custom initialization scripts +# Globals: +# KAFKA_* +# Arguments: +# None +# Returns: +# None +######################### +kafka_custom_init_scripts() { + if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then + info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR" + for f in /docker-entrypoint-initdb.d/*; do + debug "Executing $f" + case "$f" in + *.sh) + if [[ -x "$f" ]]; then + if ! "$f"; then + error "Failed executing $f" + return 1 + fi + else + warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" + . "$f" + fi + ;; + *) + warn "Skipping $f, supported formats are: .sh" + ;; + esac + done + touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized + fi +} + +######################## +# Check if Kafka is running +# Globals: +# KAFKA_PID_FILE +# Arguments: +# None +# Returns: +# Whether Kafka is running +######################## +is_kafka_running() { + local pid + pid="$(get_pid_from_file "$KAFKA_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if Kafka is running +# Globals: +# KAFKA_PID_FILE +# Arguments: +# None +# Returns: +# Whether Kafka is not running +######################## +is_kafka_not_running() { + ! is_kafka_running +} + +######################## +# Stop Kafka +# Globals: +# KAFKA_PID_FILE +# Arguments: +# None +# Returns: +# None +######################### +kafka_stop() { + ! is_kafka_running && return + stop_service_using_pid "$KAFKA_PID_FILE" TERM +} diff --git a/bitnami/kafka/3.9/debian-12/tags-info.yaml b/bitnami/kafka/3.9/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..7f7db72ac13a6 --- /dev/null +++ b/bitnami/kafka/3.9/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "3.9" +- 3.9-debian-12 +- 3.9.0 +- latest diff --git a/bitnami/kafka/README.md b/bitnami/kafka/README.md index f9ae350065774..2abe0ae58bb2b 100644 --- a/bitnami/kafka/README.md +++ b/bitnami/kafka/README.md @@ -22,7 +22,7 @@ docker run --name kafka bitnami/kafka:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Apache Kafka in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Apache Kafka in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Apache Kafka in Kubernetes? @@ -32,11 +32,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -203,6 +209,7 @@ docker-compose up -d | `KAFKA_CLIENT_USERS` | List of additional users to `KAFKA_CLIENT_USER` that will be created into Zookeeper when using `SASL_SCRAM` for client communications. Separated by commas, semicolons or whitespaces. | `user` | | `KAFKA_CLIENT_PASSWORDS` | Passwords for the users specified at `KAFKA_CLIENT_USERS`. Separated by commas, semicolons or whitespaces. | `bitnami` | | `KAFKA_HEAP_OPTS` | Kafka heap options for Java. | `-Xmx1024m -Xms1024m` | +| `JAVA_TOOL_OPTIONS` | Java tool options. | `nil` | #### Read-only environment variables @@ -403,24 +410,29 @@ services: ports: - '9092' environment: + # KRaft - KAFKA_CFG_NODE_ID=0 - KAFKA_CFG_PROCESS_ROLES=controller,broker - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093 + # Listeners - KAFKA_CFG_LISTENERS=SASL_SSL://:9092,CONTROLLER://:9093 - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:SASL_PLAINTEXT,SASL_SSL:SASL_SSL - KAFKA_CFG_ADVERTISED_LISTENERS=SASL_SSL://:9092 - - KAFKA_CLIENT_USERS=user - - KAFKA_CLIENT_PASSWORDS=password - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER + - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=SASL_SSL + - KAFKA_CLIENT_LISTENER_NAME=SASL_SSL # Remove this line if consumer/producer.properties are not required + # SASL - KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL=PLAIN + - KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL=PLAIN - KAFKA_CONTROLLER_USER=controller_user - KAFKA_CONTROLLER_PASSWORD=controller_password - - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=SASL_SSL - - KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL=PLAIN - - KAFKA_INTER_BROKER_USER=controller_user - - KAFKA_INTER_BROKER_PASSWORD=controller_password - - KAFKA_CERTIFICATE_PASSWORD=certificatePassword123 + - KAFKA_INTER_BROKER_USER=interbroker_user + - KAFKA_INTER_BROKER_PASSWORD=interbroker_password + - KAFKA_CLIENT_USERS=user + - KAFKA_CLIENT_PASSWORDS=password + # SSL - KAFKA_TLS_TYPE=JKS # or PEM + - KAFKA_CERTIFICATE_PASSWORD=certificatePassword123 volumes: # Both .jks and .pem files are supported # - './kafka.keystore.pem:/opt/bitnami/kafka/config/certs/kafka.keystore.pem:ro' @@ -1055,7 +1067,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/kafka/docker-compose-cluster.yml b/bitnami/kafka/docker-compose-cluster.yml index e70b5c1b3a9da..194afb792470c 100644 --- a/bitnami/kafka/docker-compose-cluster.yml +++ b/bitnami/kafka/docker-compose-cluster.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: "2" - services: kafka-0: - image: docker.io/bitnami/kafka:3.7 + image: docker.io/bitnami/kafka:3.9 ports: - "9092" environment: @@ -27,7 +25,7 @@ services: volumes: - kafka_0_data:/bitnami/kafka kafka-1: - image: docker.io/bitnami/kafka:3.7 + image: docker.io/bitnami/kafka:3.9 ports: - "9092" environment: @@ -49,7 +47,7 @@ services: volumes: - kafka_1_data:/bitnami/kafka kafka-2: - image: docker.io/bitnami/kafka:3.7 + image: docker.io/bitnami/kafka:3.9 ports: - "9092" environment: diff --git a/bitnami/kafka/docker-compose.yml b/bitnami/kafka/docker-compose.yml index 64235b74230bf..3cb537c151d14 100644 --- a/bitnami/kafka/docker-compose.yml +++ b/bitnami/kafka/docker-compose.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: "2" - services: kafka: - image: docker.io/bitnami/kafka:3.7 + image: docker.io/bitnami/kafka:3.9 ports: - "9092:9092" volumes: diff --git a/bitnami/kaniko/1/debian-12/Dockerfile b/bitnami/kaniko/1/debian-12/Dockerfile index 5751145a8749c..6b2594c9e3447 100644 --- a/bitnami/kaniko/1/debian-12/Dockerfile +++ b/bitnami/kaniko/1/debian-12/Dockerfile @@ -3,6 +3,7 @@ FROM docker.io/bitnami/minideb:bookworm as builder +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH ENV HOME="/root" \ @@ -15,12 +16,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "kaniko-1.23.0-1-linux-${OS_ARCH}-debian-12" \ + "kaniko-1.23.2-10-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -33,6 +34,7 @@ RUN mkdir -p /out/kaniko/.docker /out/etc && cp /opt/bitnami/kaniko/bin/* /out/k FROM scratch +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH ENV HOME="/root" \ @@ -40,13 +42,13 @@ ENV HOME="/root" \ LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="scratch" \ - org.opencontainers.image.created="2024-05-14T22:59:54Z" \ + org.opencontainers.image.created="2025-01-03T01:25:18Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.23.0-debian-12-r1" \ + org.opencontainers.image.ref.name="1.23.2-debian-12-r13" \ org.opencontainers.image.title="kaniko" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.23.0" + org.opencontainers.image.version="1.23.2" COPY prebuildfs / COPY rootfs / @@ -54,7 +56,7 @@ COPY --from=builder /out / COPY --from=builder /opt/bitnami/kaniko/.spdx-kaniko.spdx /opt/bitnami/kaniko/.spdx-kaniko.spdx COPY --from=builder /opt/bitnami/kaniko/licenses /opt/bitnami/kaniko/licenses -ENV APP_VERSION="1.23.0" \ +ENV APP_VERSION="1.23.2" \ BITNAMI_APP_NAME="kaniko" \ DOCKER_CONFIG="/kaniko/.docker" \ DOCKER_CREDENTIAL_GCR_CONFIG="/kaniko/.config/gcloud/docker_credential_gcr_config.json" \ diff --git a/bitnami/kaniko/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kaniko/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 111ee9a68c885..7c6caca56424c 100644 --- a/bitnami/kaniko/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kaniko/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.23.0-1" + "version": "1.23.2-10" } } \ No newline at end of file diff --git a/bitnami/kaniko/1/debian-12/tags-info.yaml b/bitnami/kaniko/1/debian-12/tags-info.yaml index 6668c2ba9347c..0050dd0671747 100644 --- a/bitnami/kaniko/1/debian-12/tags-info.yaml +++ b/bitnami/kaniko/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.23.0 +- 1.23.2 - latest diff --git a/bitnami/kaniko/README.md b/bitnami/kaniko/README.md index 2acdaa20930c3..af393296a2957 100644 --- a/bitnami/kaniko/README.md +++ b/bitnami/kaniko/README.md @@ -22,11 +22,17 @@ docker run -it --name kaniko bitnami/kaniko * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kaniko in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kaniko in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/keycloak-config-cli/5/debian-12/Dockerfile b/bitnami/keycloak-config-cli/5/debian-12/Dockerfile deleted file mode 100644 index 27d93995cc41e..0000000000000 --- a/bitnami/keycloak-config-cli/5/debian-12/Dockerfile +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-06-03T08:25:12Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/keycloak-config-cli/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="5.12.0-debian-12-r5" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/keycloak-config-cli" \ - org.opencontainers.image.title="keycloak-config-cli" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="5.12.0" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-17.0.11-12-0-linux-${OS_ARCH}-debian-12" \ - "keycloak-config-cli-5.12.0-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -sf /opt/bitnami/keycloak-config-cli/keycloak-config-cli.jar /opt/keycloak-config-cli.jar - -ENV APP_VERSION="5.12.0" \ - BITNAMI_APP_NAME="keycloak-config-cli" \ - PATH="/opt/bitnami/java/bin:$PATH" - -WORKDIR /opt/bitnami/keycloak-config-cli -USER 1001 -ENTRYPOINT [ "java", "-jar", "./keycloak-config-cli.jar" ] diff --git a/bitnami/keycloak-config-cli/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/keycloak-config-cli/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 79c1068b679e5..0000000000000 --- a/bitnami/keycloak-config-cli/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-12-0" - }, - "keycloak-config-cli": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "5.12.0-1" - } -} \ No newline at end of file diff --git a/bitnami/keycloak-config-cli/5/debian-12/tags-info.yaml b/bitnami/keycloak-config-cli/5/debian-12/tags-info.yaml deleted file mode 100644 index 97db1ac061031..0000000000000 --- a/bitnami/keycloak-config-cli/5/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "5" -- 5-debian-12 -- 5.12.0 -- latest diff --git a/bitnami/keycloak-config-cli/6/debian-12/Dockerfile b/bitnami/keycloak-config-cli/6/debian-12/Dockerfile new file mode 100644 index 0000000000000..6329a4548e487 --- /dev/null +++ b/bitnami/keycloak-config-cli/6/debian-12/Dockerfile @@ -0,0 +1,57 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-04T15:17:29Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/keycloak-config-cli/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="6.2.1-debian-12-r1" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/keycloak-config-cli" \ + org.opencontainers.image.title="keycloak-config-cli" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="6.2.1" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "java-21.0.5-11-1-linux-${OS_ARCH}-debian-12" \ + "keycloak-config-cli-6.2.1-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN ln -sf /opt/bitnami/keycloak-config-cli/keycloak-config-cli.jar /opt/keycloak-config-cli.jar + +ENV APP_VERSION="6.2.1" \ + BITNAMI_APP_NAME="keycloak-config-cli" \ + PATH="/opt/bitnami/java/bin:$PATH" + +WORKDIR /opt/bitnami/keycloak-config-cli +USER 1001 +ENTRYPOINT [ "java", "-jar", "./keycloak-config-cli.jar" ] diff --git a/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..ada9801b2dbd2 --- /dev/null +++ b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "java": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "21.0.5-11-1" + }, + "keycloak-config-cli": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "6.2.1-0" + } +} \ No newline at end of file diff --git a/bitnami/fluent-bit/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/fluent-bit/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/phpbb/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/phpbb/3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/express/4/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/fluent-bit/2/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/fluent-bit/2/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/fluent-bit/2/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/keycloak-config-cli/6/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/fluent-bit/2/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/keycloak-config-cli/6/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/keycloak-config-cli/6/debian-12/tags-info.yaml b/bitnami/keycloak-config-cli/6/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..b6cb7dc377c6c --- /dev/null +++ b/bitnami/keycloak-config-cli/6/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "6" +- 6-debian-12 +- 6.2.1 +- latest diff --git a/bitnami/keycloak-config-cli/README.md b/bitnami/keycloak-config-cli/README.md index a6b784de21007..7f7ee7b45c4b4 100644 --- a/bitnami/keycloak-config-cli/README.md +++ b/bitnami/keycloak-config-cli/README.md @@ -22,7 +22,7 @@ docker run --rm --name keycloak-config-cli bitnami/keycloak-config-cli:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Keycloak Config CLI in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Keycloak Config CLI in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Keycloak Config CLI in Kubernetes? @@ -30,11 +30,17 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -82,7 +88,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/keycloak/24/debian-12/Dockerfile b/bitnami/keycloak/24/debian-12/Dockerfile deleted file mode 100644 index 6bdd70c7d0b16..0000000000000 --- a/bitnami/keycloak/24/debian-12/Dockerfile +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-06-03T08:27:39Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/keycloak/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="24.0.4-debian-12-r2" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/keycloak" \ - org.opencontainers.image.title="keycloak" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="24.0.4" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl krb5-user libaio1 procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-12-0-linux-${OS_ARCH}-debian-12" \ - "keycloak-24.0.4-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/keycloak/postunpack.sh -ENV APP_VERSION="24.0.4" \ - BITNAMI_APP_NAME="keycloak" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/keycloak/bin:$PATH" - -EXPOSE 8080 8443 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/keycloak/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ] diff --git a/bitnami/keycloak/24/debian-12/docker-compose.yml b/bitnami/keycloak/24/debian-12/docker-compose.yml deleted file mode 100644 index 33147155ceef1..0000000000000 --- a/bitnami/keycloak/24/debian-12/docker-compose.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - postgresql: - image: docker.io/bitnami/postgresql:15 - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - POSTGRESQL_USERNAME=bn_keycloak - - POSTGRESQL_DATABASE=bitnami_keycloak - volumes: - - 'postgresql_data:/bitnami/postgresql' - - keycloak: - image: docker.io/bitnami/keycloak:24 - depends_on: - - postgresql - ports: - - "80:8080" - -volumes: - postgresql_data: - driver: local diff --git a/bitnami/keycloak/24/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/keycloak/24/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index bf21c504f9d86..0000000000000 --- a/bitnami/keycloak/24/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-12-0" - }, - "keycloak": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "24.0.4-1" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-13" - } -} \ No newline at end of file diff --git a/bitnami/keycloak/24/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/keycloak/24/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/keycloak/24/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/keycloak/24/debian-12/tags-info.yaml b/bitnami/keycloak/24/debian-12/tags-info.yaml deleted file mode 100644 index f6c01425250de..0000000000000 --- a/bitnami/keycloak/24/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "24" -- 24-debian-12 -- 24.0.4 -- latest diff --git a/bitnami/keycloak/25/README.md b/bitnami/keycloak/25/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/keycloak/25/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/keycloak/26/debian-12/Dockerfile b/bitnami/keycloak/26/debian-12/Dockerfile new file mode 100644 index 0000000000000..8f6e1450944ee --- /dev/null +++ b/bitnami/keycloak/26/debian-12/Dockerfile @@ -0,0 +1,63 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-02T09:17:42Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/keycloak/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="26.0.7-debian-12-r1" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/keycloak" \ + org.opencontainers.image.title="keycloak" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="26.0.7" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl krb5-user libaio1 procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "java-21.0.5-11-1-linux-${OS_ARCH}-debian-12" \ + "keycloak-26.0.7-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN /opt/bitnami/scripts/java/postunpack.sh +RUN /opt/bitnami/scripts/keycloak/postunpack.sh +ENV APP_VERSION="26.0.7" \ + BITNAMI_APP_NAME="keycloak" \ + JAVA_HOME="/opt/bitnami/java" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/keycloak/bin:$PATH" + +EXPOSE 8080 8443 9000 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/keycloak/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ] diff --git a/bitnami/keycloak/26/debian-12/docker-compose.yml b/bitnami/keycloak/26/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..e773585b030f0 --- /dev/null +++ b/bitnami/keycloak/26/debian-12/docker-compose.yml @@ -0,0 +1,24 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + postgresql: + image: docker.io/bitnami/postgresql:latest + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - POSTGRESQL_USERNAME=bn_keycloak + - POSTGRESQL_DATABASE=bitnami_keycloak + volumes: + - 'postgresql_data:/bitnami/postgresql' + + keycloak: + image: docker.io/bitnami/keycloak:26 + depends_on: + - postgresql + ports: + - "80:8080" + +volumes: + postgresql_data: + driver: local diff --git a/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..b26b757df9f9e --- /dev/null +++ b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,20 @@ +{ + "java": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "21.0.5-11-1" + }, + "keycloak": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "26.0.7-0" + }, + "wait-for-port": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.8-8" + } +} \ No newline at end of file diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/postgresql-repmgr/12/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/postgresql-repmgr/12/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/keycloak/26/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/keycloak/26/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/keycloak/26/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/keycloak/26/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/gitlab-runner-helper/16/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/keycloak/26/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh new file mode 100755 index 0000000000000..38802fc0bfe91 --- /dev/null +++ b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + +print_welcome_page + +echo "" +exec "$@" diff --git a/bitnami/java/1.8/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh similarity index 100% rename from bitnami/java/1.8/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh rename to bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh similarity index 93% rename from bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh rename to bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh index 7e80001544895..36852c78ea856 100644 --- a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh +++ b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh @@ -33,6 +33,8 @@ keycloak_env_vars=( KEYCLOAK_HTTPS_PORT KEYCLOAK_BIND_ADDRESS KEYCLOAK_HOSTNAME + KEYCLOAK_HOSTNAME_ADMIN + KEYCLOAK_HOSTNAME_STRICT KEYCLOAK_INIT_MAX_RETRIES KEYCLOAK_CACHE_TYPE KEYCLOAK_CACHE_STACK @@ -54,7 +56,7 @@ keycloak_env_vars=( KEYCLOAK_LOG_LEVEL KEYCLOAK_LOG_OUTPUT KEYCLOAK_ROOT_LOG_LEVEL - KEYCLOAK_PROXY + KEYCLOAK_PROXY_HEADERS KEYCLOAK_PRODUCTION KEYCLOAK_EXTRA_ARGS_PREPENDED KEYCLOAK_DATABASE_VENDOR @@ -70,6 +72,9 @@ keycloak_env_vars=( KEYCLOAK_DAEMON_GROUP KEYCLOAK_ADMIN_USER KC_HOSTNAME + KC_HOSTNAME_ADMIN + KC_HOSTNAME_STRICT + KC_HEALTH_ENABLED KC_HTTPS_TRUST_STORE_FILE KC_HTTPS_TRUST_STORE_PASSWORD KC_HTTPS_KEY_STORE_FILE @@ -131,12 +136,17 @@ export KEYCLOAK_HTTPS_PORT="${KEYCLOAK_HTTPS_PORT:-8443}" export KEYCLOAK_BIND_ADDRESS="${KEYCLOAK_BIND_ADDRESS:-$(hostname --fqdn)}" KEYCLOAK_HOSTNAME="${KEYCLOAK_HOSTNAME:-"${KC_HOSTNAME:-}"}" export KEYCLOAK_HOSTNAME="${KEYCLOAK_HOSTNAME:-}" +KEYCLOAK_HOSTNAME_ADMIN="${KEYCLOAK_HOSTNAME_ADMIN:-"${KC_HOSTNAME_ADMIN:-}"}" +export KEYCLOAK_HOSTNAME_ADMIN="${KEYCLOAK_HOSTNAME_ADMIN:-}" +KEYCLOAK_HOSTNAME_STRICT="${KEYCLOAK_HOSTNAME_STRICT:-"${KC_HOSTNAME_STRICT:-}"}" +export KEYCLOAK_HOSTNAME_STRICT="${KEYCLOAK_HOSTNAME_STRICT:-false}" export KEYCLOAK_INIT_MAX_RETRIES="${KEYCLOAK_INIT_MAX_RETRIES:-10}" export KEYCLOAK_CACHE_TYPE="${KEYCLOAK_CACHE_TYPE:-ispn}" export KEYCLOAK_CACHE_STACK="${KEYCLOAK_CACHE_STACK:-}" export KEYCLOAK_CACHE_CONFIG_FILE="${KEYCLOAK_CACHE_CONFIG_FILE:-}" export KEYCLOAK_EXTRA_ARGS="${KEYCLOAK_EXTRA_ARGS:-}" export KEYCLOAK_ENABLE_STATISTICS="${KEYCLOAK_ENABLE_STATISTICS:-false}" +KEYCLOAK_ENABLE_HEALTH_ENDPOINTS="${KEYCLOAK_ENABLE_HEALTH_ENDPOINTS:-"${KC_HEALTH_ENABLED:-}"}" export KEYCLOAK_ENABLE_HEALTH_ENDPOINTS="${KEYCLOAK_ENABLE_HEALTH_ENDPOINTS:-false}" export KEYCLOAK_ENABLE_HTTPS="${KEYCLOAK_ENABLE_HTTPS:-false}" KEYCLOAK_HTTPS_TRUST_STORE_FILE="${KEYCLOAK_HTTPS_TRUST_STORE_FILE:-"${KC_HTTPS_TRUST_STORE_FILE:-}"}" @@ -161,7 +171,7 @@ export KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI export KEYCLOAK_LOG_LEVEL="${KEYCLOAK_LOG_LEVEL:-info}" export KEYCLOAK_LOG_OUTPUT="${KEYCLOAK_LOG_OUTPUT:-default}" export KEYCLOAK_ROOT_LOG_LEVEL="${KEYCLOAK_ROOT_LOG_LEVEL:-INFO}" -export KEYCLOAK_PROXY="${KEYCLOAK_PROXY:-passthrough}" +export KEYCLOAK_PROXY_HEADERS="${KEYCLOAK_PROXY_HEADERS:-}" export KEYCLOAK_PRODUCTION="${KEYCLOAK_PRODUCTION:-false}" export KEYCLOAK_EXTRA_ARGS_PREPENDED="${KEYCLOAK_EXTRA_ARGS_PREPENDED:-}" export KEYCLOAK_DATABASE_VENDOR="${KEYCLOAK_DATABASE_VENDOR:-postgresql}" diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak/entrypoint.sh b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak/entrypoint.sh similarity index 100% rename from bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak/entrypoint.sh rename to bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak/entrypoint.sh diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak/postunpack.sh b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak/postunpack.sh similarity index 100% rename from bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak/postunpack.sh rename to bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak/postunpack.sh diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak/run.sh b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak/run.sh similarity index 100% rename from bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak/run.sh rename to bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak/run.sh diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak/setup.sh b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak/setup.sh similarity index 100% rename from bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak/setup.sh rename to bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/keycloak/setup.sh diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh similarity index 92% rename from bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh rename to bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh index ebf3a06309b53..413921f3c5c63 100644 --- a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh +++ b/bitnami/keycloak/26/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh @@ -42,16 +42,9 @@ keycloak_validate() { print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." fi } - if is_boolean_yes "$KEYCLOAK_PRODUCTION"; then - if [[ "$KEYCLOAK_PROXY" == "edge" ]]; then - # https://www.keycloak.org/server/reverseproxy - if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then - print_validation_error "TLS and proxy=edge are not compatible. Please set the KEYCLOAK_ENABLE_HTTPS variable to false when using KEYCLOAK_PROXY=edge. Review # https://www.keycloak.org/server/reverseproxy for more information about proxy settings." - fi - elif ! is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then - # keycloak proxy passthrough/reencrypt requires tls - print_validation_error "You need to have TLS enabled. Please set the KEYCLOAK_ENABLE_HTTPS variable to true" - fi + + if ! is_empty_value "$KEYCLOAK_PROXY_HEADERS" && ! [[ "$KEYCLOAK_PROXY_HEADERS" =~ ^(forwarded|xforwarded)$ ]]; then + print_validation_error "The value of KEYCLOAK_PROXY_HEADERS should be either empty, 'forwarded' or 'xforwarded'" fi if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then @@ -205,7 +198,8 @@ keycloak_configure_health_endpoints() { keycloak_configure_hostname() { info "Configuring hostname settings" ! is_empty_value "$KEYCLOAK_HOSTNAME" && keycloak_conf_set "hostname" "${KEYCLOAK_HOSTNAME}" - keycloak_conf_set "hostname-strict" "false" + ! is_empty_value "$KEYCLOAK_HOSTNAME_ADMIN" && keycloak_conf_set "hostname-admin" "${KEYCLOAK_HOSTNAME_ADMIN}" + keycloak_conf_set "hostname-strict" "${KEYCLOAK_HOSTNAME_STRICT}" } ######################## @@ -251,7 +245,7 @@ keycloak_configure_loglevel() { ######################### keycloak_configure_proxy() { info "Configuring proxy" - keycloak_conf_set "proxy" "${KEYCLOAK_PROXY}" + keycloak_conf_set "proxy-headers" "${KEYCLOAK_PROXY_HEADERS}" } ######################## @@ -323,7 +317,7 @@ keycloak_initialize() { keycloak_configure_hostname keycloak_configure_cache keycloak_configure_loglevel - keycloak_configure_proxy + ! is_empty_value "$KEYCLOAK_PROXY_HEADERS" && keycloak_configure_proxy is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS" && keycloak_configure_https ! is_empty_value "$KEYCLOAK_SPI_TRUSTSTORE_FILE" && keycloak_configure_spi_tls true diff --git a/bitnami/keycloak/26/debian-12/tags-info.yaml b/bitnami/keycloak/26/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..f8e6fa669ef41 --- /dev/null +++ b/bitnami/keycloak/26/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "26" +- 26-debian-12 +- 26.0.7 +- latest diff --git a/bitnami/keycloak/README.md b/bitnami/keycloak/README.md index 1b868a9728bd9..35c5fc99cde44 100644 --- a/bitnami/keycloak/README.md +++ b/bitnami/keycloak/README.md @@ -24,7 +24,7 @@ docker run --name keycloak bitnami/keycloak:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Keycloak in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Keycloak in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Keycloak in Kubernetes? @@ -32,11 +32,17 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -81,6 +87,8 @@ docker build -t bitnami/APP:latest . | `KEYCLOAK_HTTPS_PORT` | HTTPS port | `8443` | | `KEYCLOAK_BIND_ADDRESS` | Bind address | `$(hostname --fqdn)` | | `KEYCLOAK_HOSTNAME` | Keycloak hostname | `nil` | +| `KEYCLOAK_HOSTNAME_ADMIN` | Keycloak admin hostname | `nil` | +| `KEYCLOAK_HOSTNAME_STRICT` | Disables dynamically resolving the hostname from request headers | `false` | | `KEYCLOAK_INIT_MAX_RETRIES` | Maximum retries for checking that the database works | `10` | | `KEYCLOAK_CACHE_TYPE` | Defines the cache mechanism for high-availability. | `ispn` | | `KEYCLOAK_CACHE_STACK` | Apply a specific cache stack | `nil` | @@ -102,7 +110,7 @@ docker build -t bitnami/APP:latest . | `KEYCLOAK_LOG_LEVEL` | Keycloak log level | `info` | | `KEYCLOAK_LOG_OUTPUT` | Keycloak log output | `default` | | `KEYCLOAK_ROOT_LOG_LEVEL` | Keycloak root log level | `INFO` | -| `KEYCLOAK_PROXY` | Keycloak type proxy | `passthrough` | +| `KEYCLOAK_PROXY_HEADERS` | Keycloak reverse proxy headers | `nil` | | `KEYCLOAK_PRODUCTION` | Run in production mode | `false` | | `KEYCLOAK_EXTRA_ARGS_PREPENDED` | Run with flags which are applied directly to keycloak executable | `nil` | | `KEYCLOAK_DATABASE_VENDOR` | Database vendor | `postgresql` | @@ -298,7 +306,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/keycloak/docker-compose.yml b/bitnami/keycloak/docker-compose.yml index 33147155ceef1..e773585b030f0 100644 --- a/bitnami/keycloak/docker-compose.yml +++ b/bitnami/keycloak/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:15 + image: docker.io/bitnami/postgresql:latest environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes @@ -14,7 +13,7 @@ services: - 'postgresql_data:/bitnami/postgresql' keycloak: - image: docker.io/bitnami/keycloak:24 + image: docker.io/bitnami/keycloak:26 depends_on: - postgresql ports: diff --git a/bitnami/keydb/6/debian-12/Dockerfile b/bitnami/keydb/6/debian-12/Dockerfile new file mode 100644 index 0000000000000..e542b9da692f6 --- /dev/null +++ b/bitnami/keydb/6/debian-12/Dockerfile @@ -0,0 +1,60 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-08T18:49:44Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/keydb/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="6.3.4-debian-12-r8" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/keydb" \ + org.opencontainers.image.title="keydb" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="6.3.4" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl libbrotli1 libcom-err2 libcurl4 libffi8 libgcc-s1 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.5-0 libnettle8 libnghttp2-14 libp11-kit0 libpsl5 librtmp1 libsasl2-2 libssh2-1 libssl3 libstdc++6 libtasn1-6 libunistring2 libuuid1 libzstd1 procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "keydb-6.3.4-1-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN /opt/bitnami/scripts/keydb/postunpack.sh +ENV APP_VERSION="6.3.4" \ + BITNAMI_APP_NAME="keydb" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/keydb/bin:$PATH" + +EXPOSE 6379 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/keydb/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/keydb/run.sh" ] diff --git a/bitnami/keydb/6/debian-12/docker-compose.yml b/bitnami/keydb/6/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..42265a4285493 --- /dev/null +++ b/bitnami/keydb/6/debian-12/docker-compose.yml @@ -0,0 +1,18 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + keydb: + image: docker.io/bitnami/keydb:6 + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - KEYDB_DISABLE_COMMANDS=FLUSHDB,FLUSHALL + ports: + - '6379:6379' + volumes: + - 'keydb_data:/bitnami/keydb/data' + +volumes: + keydb_data: + driver: local diff --git a/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..8ad540f802ebb --- /dev/null +++ b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "keydb": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "6.3.4-1" + }, + "wait-for-port": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.8-8" + } +} \ No newline at end of file diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/postgresql-repmgr/13/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/postgresql-repmgr/13/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/keydb/6/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/keydb/6/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/keydb/6/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/gitlab-runner/16/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/keydb/6/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/gitlab-runner/16/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/keydb/6/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb-env.sh b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb-env.sh new file mode 100644 index 0000000000000..7ed3c1513c6d1 --- /dev/null +++ b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb-env.sh @@ -0,0 +1,125 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for keydb + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-keydb}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +keydb_env_vars=( + KEYDB_DATA_DIR + KEYDB_OVERRIDES_FILE + KEYDB_DISABLE_COMMANDS + KEYDB_DATABASE + KEYDB_AOF_ENABLED + KEYDB_RDB_POLICY + KEYDB_RDB_POLICY_DISABLED + KEYDB_PORT_NUMBER + KEYDB_ALLOW_REMOTE_CONNECTIONS + KEYDB_EXTRA_FLAGS + ALLOW_EMPTY_PASSWORD + KEYDB_PASSWORD + KEYDB_ACL_FILE + KEYDB_IO_THREADS_DO_READS + KEYDB_IO_THREADS + KEYDB_REPLICATION_MODE + KEYDB_ACTIVE_REPLICA + KEYDB_MASTER_HOSTS + KEYDB_MASTER_PORT_NUMBER + KEYDB_MASTER_PASSWORD + KEYDB_REPLICA_IP + KEYDB_REPLICA_PORT + KEYDB_TLS_ENABLED + KEYDB_TLS_PORT_NUMBER + KEYDB_TLS_CERT_FILE + KEYDB_TLS_CA_DIR + KEYDB_TLS_KEY_FILE + KEYDB_TLS_KEY_FILE_PASS + KEYDB_TLS_CA_FILE + KEYDB_TLS_DH_PARAMS_FILE + KEYDB_TLS_AUTH_CLIENTS +) +for env_var in "${keydb_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset keydb_env_vars + +# Paths +export KEYDB_VOLUME_DIR="/bitnami/keydb" +export KEYDB_BASE_DIR="${BITNAMI_ROOT_DIR}/keydb" +export KEYDB_CONF_DIR="${KEYDB_BASE_DIR}/etc" +export KEYDB_DEFAULT_CONF_DIR="${KEYDB_BASE_DIR}/etc.default" +export KEYDB_DATA_DIR="${KEYDB_DATA_DIR:-${KEYDB_VOLUME_DIR}/data}" +export KEYDB_MOUNTED_CONF_DIR="${KEYDB_BASE_DIR}/mounted-etc" +export KEYDB_OVERRIDES_FILE="${KEYDB_OVERRIDES_FILE:-${KEYDB_MOUNTED_CONF_DIR}/overrides.conf}" +export KEYDB_CONF_FILE="${KEYDB_CONF_DIR}/keydb.conf" +export KEYDB_TMP_DIR="${KEYDB_BASE_DIR}/tmp" +export KEYDB_PID_FILE="${KEYDB_TMP_DIR}/keydb.pid" +export KEYDB_BIN_DIR="${KEYDB_BASE_DIR}/bin" + +# System users (when running with a privileged user) +export KEYDB_DAEMON_USER="keydb" +export KEYDB_DAEMON_GROUP="keydb" + +# KeyDB settings. +export KEYDB_DISABLE_COMMANDS="${KEYDB_DISABLE_COMMANDS:-}" +export KEYDB_DATABASE="${KEYDB_DATABASE:-keydb}" +export KEYDB_AOF_ENABLED="${KEYDB_AOF_ENABLED:-yes}" +export KEYDB_RDB_POLICY="${KEYDB_RDB_POLICY:-}" +export KEYDB_RDB_POLICY_DISABLED="${KEYDB_RDB_POLICY_DISABLED:-no}" +export KEYDB_DEFAULT_PORT_NUMBER="6379" # only used at build time +export KEYDB_PORT_NUMBER="${KEYDB_PORT_NUMBER:-$KEYDB_DEFAULT_PORT_NUMBER}" +export KEYDB_ALLOW_REMOTE_CONNECTIONS="${KEYDB_ALLOW_REMOTE_CONNECTIONS:-yes}" +export KEYDB_EXTRA_FLAGS="${KEYDB_EXTRA_FLAGS:-}" +export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" +export KEYDB_PASSWORD="${KEYDB_PASSWORD:-}" +export KEYDB_ACL_FILE="${KEYDB_ACL_FILE:-}" +export KEYDB_IO_THREADS_DO_READS="${KEYDB_IO_THREADS_DO_READS:-}" +export KEYDB_IO_THREADS="${KEYDB_IO_THREADS:-}" + +# Replication settings. +export KEYDB_REPLICATION_MODE="${KEYDB_REPLICATION_MODE:-}" +export KEYDB_ACTIVE_REPLICA="${KEYDB_ACTIVE_REPLICA:-no}" +export KEYDB_MASTER_HOSTS="${KEYDB_MASTER_HOSTS:-}" +export KEYDB_MASTER_PORT_NUMBER="${KEYDB_MASTER_PORT_NUMBER:-6379}" +export KEYDB_MASTER_PASSWORD="${KEYDB_MASTER_PASSWORD:-}" +export KEYDB_REPLICA_IP="${KEYDB_REPLICA_IP:-}" +export KEYDB_REPLICA_PORT="${KEYDB_REPLICA_PORT:-}" + +# TLS settings. +export KEYDB_TLS_ENABLED="${KEYDB_TLS_ENABLED:-no}" +export KEYDB_TLS_PORT_NUMBER="${KEYDB_TLS_PORT_NUMBER:-6379}" +export KEYDB_TLS_CERT_FILE="${KEYDB_TLS_CERT_FILE:-}" +export KEYDB_TLS_CA_DIR="${KEYDB_TLS_CA_DIR:-}" +export KEYDB_TLS_KEY_FILE="${KEYDB_TLS_KEY_FILE:-}" +export KEYDB_TLS_KEY_FILE_PASS="${KEYDB_TLS_KEY_FILE_PASS:-}" +export KEYDB_TLS_CA_FILE="${KEYDB_TLS_CA_FILE:-}" +export KEYDB_TLS_DH_PARAMS_FILE="${KEYDB_TLS_DH_PARAMS_FILE:-}" +export KEYDB_TLS_AUTH_CLIENTS="${KEYDB_TLS_AUTH_CLIENTS:-yes}" + +# Custom environment variables may be defined below diff --git a/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/entrypoint.sh b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/entrypoint.sh new file mode 100755 index 0000000000000..04114fda2c72d --- /dev/null +++ b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/entrypoint.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load KeyDB environment variables +. /opt/bitnami/scripts/keydb-env.sh + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/libkeydb.sh + +print_welcome_page + +# We add the copy from default config in the entrypoint to not break users +# bypassing the setup.sh logic. If the file already exists do not overwrite (in +# case someone mounts a configuration file in /opt/bitnami/keydb/etc) +debug "Copying files from $KEYDB_DEFAULT_CONF_DIR to $KEYDB_CONF_DIR" +cp -nr "$KEYDB_DEFAULT_CONF_DIR"/. "$KEYDB_CONF_DIR" + +if [[ "$*" = *"/opt/bitnami/scripts/keydb/run.sh"* || "$*" = *"/run.sh"* ]]; then + info "** Starting KeyDB setup **" + /opt/bitnami/scripts/keydb/setup.sh + info "** KeyDB setup finished! **" +fi + +echo "" +exec "$@" diff --git a/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/postunpack.sh b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/postunpack.sh new file mode 100755 index 0000000000000..cf2ff8f2f6785 --- /dev/null +++ b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/postunpack.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load KeyDB environment variables +. /opt/bitnami/scripts/keydb-env.sh + +# Load libraries +. /opt/bitnami/scripts/libkeydb.sh +. /opt/bitnami/scripts/libfs.sh + +for dir in "$KEYDB_DATA_DIR" "$KEYDB_CONF_DIR" "$KEYDB_DEFAULT_CONF_DIR" "$KEYDB_TMP_DIR"; do + ensure_dir_exists "$dir" +done +chmod -R g+rwX /bitnami "$KEYDB_VOLUME_DIR" "$KEYDB_BASE_DIR" + +# Prepare default KeyDB configuration +keydb_default_config diff --git a/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/run.sh b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/run.sh new file mode 100755 index 0000000000000..f290766cc0454 --- /dev/null +++ b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/run.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load KeyDB environment variables +. /opt/bitnami/scripts/keydb-env.sh + +# Load libraries +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libkeydb.sh + +# Parse CLI flags to pass to the 'keydb-server' call +args=("$KEYDB_CONF_FILE" "--daemonize" "no") +# Add flags specified via the 'KEYDB_EXTRA_FLAGS' environment variable +read -r -a extra_flags <<< "$KEYDB_EXTRA_FLAGS" +[[ "${#extra_flags[@]}" -gt 0 ]] && args+=("${extra_flags[@]}") +# Add flags passed to this script +args+=("$@") + +info "** Starting KeyDB **" +if am_i_root; then + exec_as_user "$KEYDB_DAEMON_USER" keydb-server "${args[@]}" +else + exec keydb-server "${args[@]}" +fi diff --git a/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/setup.sh b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/setup.sh new file mode 100755 index 0000000000000..ce409ba5cc219 --- /dev/null +++ b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/keydb/setup.sh @@ -0,0 +1,27 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load KeyDB environment variables +. /opt/bitnami/scripts/keydb-env.sh + +# Load libraries +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libkeydb.sh + +# Ensure KeyDB environment variables settings are valid +keydb_validate +# Ensure KeyDB daemon user exists when running as root +am_i_root && ensure_user_exists "$KEYDB_DAEMON_USER" --group "$KEYDB_DAEMON_GROUP" +# Ensure KeyDB is stopped when this script ends +trap "keydb_stop" EXIT +# Ensure KeyDB is initialized +keydb_initialize diff --git a/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/libkeydb.sh b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/libkeydb.sh new file mode 100644 index 0000000000000..a2398a6d12a7d --- /dev/null +++ b/bitnami/keydb/6/debian-12/rootfs/opt/bitnami/scripts/libkeydb.sh @@ -0,0 +1,466 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami KeyDB library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libnet.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libvalidations.sh + +# Functions + +######################## +# Retrieve a configuration setting value +# Globals: +# KEYDB_CONF_FILE +# Arguments: +# $1 - key +# Returns: +# None +######################### +keydb_conf_get() { + local -r key="${1:?missing key}" + + if grep -q -E "^\s*$key " "$KEYDB_CONF_FILE"; then + grep -E "^\s*$key " "$KEYDB_CONF_FILE" | awk '{print $2}' + fi +} + +######################## +# Set a configuration setting value +# Globals: +# KEYDB_CONF_FILE +# Arguments: +# $1 - key +# $2 - value +# Returns: +# None +######################### +keydb_conf_set() { + local -r key="${1:?missing key}" + local value="${2:-}" + + # Sanitize inputs + value="${value//\\/\\\\}" + value="${value//&/\\&}" + value="${value//\?/\\?}" + value="${value//[$'\t\n\r']}" + [[ "$value" = "" ]] && value="\"$value\"" + + # Determine whether to enable the configuration for RDB persistence, if yes, do not enable the replacement operation + if [ "${key}" == "save" ]; then + echo "${key} ${value}" >> "$KEYDB_CONF_FILE" + else + replace_in_file "$KEYDB_CONF_FILE" "^#*\s*${key} .*" "${key} ${value}" false + fi +} + +######################## +# Unset a configuration setting value +# Globals: +# KEYDB_CONF_FILE +# Arguments: +# $1 - key +# Returns: +# None +######################### +keydb_conf_unset() { + local -r key="${1:?missing key}" + remove_in_file "$KEYDB_CONF_FILE" "^\s*$key .*" false +} + +######################## +# Check if KeyDB is running +# Globals: +# KEYDB_PID_FILE +# Arguments: +# None +# Returns: +# Boolean +######################### +is_keydb_running() { + local pid + pid="$(get_pid_from_file "$KEYDB_PID_FILE")" + + if [[ -z "$pid" ]]; then + false + else + is_service_running "$pid" + fi +} + +######################## +# Check if KeyDB is not running +# Globals: +# KEYDB_BASE_DIR +# Arguments: +# None +# Returns: +# Boolean +######################### +is_keydb_not_running() { + ! is_keydb_running +} + +######################## +# Stop KeyDB +# Globals: +# KEYDB_* +# Arguments: +# None +# Returns: +# None +######################### +keydb_stop() { + local pass + local port + local args + + ! is_keydb_running && return + pass="$(keydb_conf_get "requirepass")" + is_boolean_yes "$KEYDB_TLS_ENABLED" && port="$(keydb_conf_get "tls-port")" || port="$(keydb_conf_get "port")" + + [[ -n "$pass" ]] && args+=("-a" "$pass") + [[ "$port" != "0" ]] && args+=("-p" "$port") + + debug "Stopping KeyDB" + if am_i_root; then + run_as_user "$KEYDB_DAEMON_USER" "${KEYDB_BIN_DIR}/keydb-cli" "${args[@]}" shutdown + else + "${KEYDB_BIN_DIR}/keydb-cli" "${args[@]}" shutdown + fi +} + +######################## +# Prepare default KeyDB configuration +# Globals: +# KEYDB_* +# Arguments: +# None +# Returns: +# None +######################## +keydb_default_config() { + mv "${KEYDB_CONF_DIR}/keydb-default.conf" "$KEYDB_CONF_FILE" + chmod g+rw "$KEYDB_CONF_FILE" + + info "Setting KeyDB config file..." + keydb_conf_set port "$KEYDB_DEFAULT_PORT_NUMBER" + keydb_conf_set dir "$KEYDB_DATA_DIR" + keydb_conf_set pidfile "$KEYDB_PID_FILE" + keydb_conf_set daemonize yes + # Log to stdout + keydb_conf_set logfile "" + # Disable RDB persistence, AOF persistence already enabled. + # Ref: https://docs.keydb.dev/docs/persistence/#rdb-disadvantages + keydb_conf_set save "" + + # Copy all initially generated configuration files to the default directory + # (this is to avoid breaking when entrypoint is being overridden) + cp -r "${KEYDB_CONF_DIR}/"* "$KEYDB_DEFAULT_CONF_DIR" +} + +######################## +# Validate settings in KEYDB_* env vars. +# Globals: +# KEYDB_* +# Arguments: +# None +# Returns: +# None +######################### +keydb_validate() { + debug "Validating settings in KEYDB_* env vars.." + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + check_yes_no_value() { + if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then + print_validation_error "The allowed values for ${1} are: yes no" + fi + } + + check_yes_no_value "KEYDB_AOF_ENABLED" + check_yes_no_value "KEYDB_ALLOW_REMOTE_CONNECTIONS" + check_yes_no_value "KEYDB_ACTIVE_REPLICA" + check_yes_no_value "KEYDB_TLS_ENABLED" + check_yes_no_value "KEYDB_TLS_AUTH_CLIENTS" + + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + else + [[ -z "$KEYDB_PASSWORD" ]] && empty_password_error KEYDB_PASSWORD + fi + if [[ -n "$KEYDB_REPLICATION_MODE" ]]; then + if [[ "$KEYDB_REPLICATION_MODE" = "replica" ]]; then + read -r -a hosts_list <<< "$(tr ',;' ' ' <<< "$KEYDB_MASTER_HOSTS")" + if [[ "${#hosts_list[@]}" -eq 0 ]]; then + print_validation_error "You need to provide at least one host to replicate from in the environment variable KEYDB_MASTER_HOSTS" + fi + if [[ "${#hosts_list[@]}" -gt 1 ]] && ! is_boolean_yes "$KEYDB_ACTIVE_REPLICA"; then + print_validation_error "You can only specify more than one host in KEYDB_MASTER_HOSTS if KEYDB_ACTIVE_REPLICA is set to 'yes'" + fi + if [[ -n "$KEYDB_MASTER_PORT_NUMBER" ]]; then + if ! err=$(validate_port "$KEYDB_MASTER_PORT_NUMBER"); then + print_validation_error "An invalid port was specified in the environment variable KEYDB_MASTER_PORT_NUMBER: $err" + fi + fi + if ! is_boolean_yes "$ALLOW_EMPTY_PASSWORD" && [[ -z "$KEYDB_MASTER_PASSWORD" ]]; then + empty_password_error KEYDB_MASTER_PASSWORD + fi + elif [[ "$KEYDB_REPLICATION_MODE" != "master" ]]; then + print_validation_error "Invalid replication mode. Available options are 'master/replica'" + fi + fi + if is_boolean_yes "$KEYDB_TLS_ENABLED"; then + if [[ "$KEYDB_PORT_NUMBER" == "$KEYDB_TLS_PORT_NUMBER" ]] && [[ "$KEYDB_PORT_NUMBER" != "6379" ]]; then + # If both ports are assigned the same numbers and they are different to the default settings + print_validation_error "Environment variables KEYDB_PORT_NUMBER and KEYDB_TLS_PORT_NUMBER point to the same port number (${KEYDB_PORT_NUMBER}). Change one of them or disable non-TLS traffic by setting KEYDB_PORT_NUMBER=0" + fi + if [[ -z "$KEYDB_TLS_CERT_FILE" ]]; then + print_validation_error "You must provide a X.509 certificate in order to use TLS" + elif [[ ! -f "$KEYDB_TLS_CERT_FILE" ]]; then + print_validation_error "The X.509 certificate file in the specified path ${KEYDB_TLS_CERT_FILE} does not exist" + fi + if [[ -z "$KEYDB_TLS_KEY_FILE" ]]; then + print_validation_error "You must provide a private key in order to use TLS" + elif [[ ! -f "$KEYDB_TLS_KEY_FILE" ]]; then + print_validation_error "The private key file in the specified path ${KEYDB_TLS_KEY_FILE} does not exist" + fi + if [[ -z "$KEYDB_TLS_CA_FILE" ]]; then + if [[ -z "$KEYDB_TLS_CA_DIR" ]]; then + print_validation_error "You must provide either a CA X.509 certificate or a CA certificates directory in order to use TLS" + elif [[ ! -d "$KEYDB_TLS_CA_DIR" ]]; then + print_validation_error "The CA certificates directory specified by path ${KEYDB_TLS_CA_DIR} does not exist" + fi + elif [[ ! -f "$KEYDB_TLS_CA_FILE" ]]; then + print_validation_error "The CA X.509 certificate file in the specified path ${KEYDB_TLS_CA_FILE} does not exist" + fi + if [[ -n "$KEYDB_TLS_DH_PARAMS_FILE" ]] && [[ ! -f "$KEYDB_TLS_DH_PARAMS_FILE" ]]; then + print_validation_error "The DH param file in the specified path ${KEYDB_TLS_DH_PARAMS_FILE} does not exist" + fi + fi + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Configure KeyDB replication +# Globals: +# KEYDB_BASE_DIR +# Arguments: +# $1 - Replication mode +# Returns: +# None +######################### +keydb_configure_replication() { + info "Configuring replication mode" + + keydb_conf_set replica-announce-ip "${KEYDB_REPLICA_IP:-$(get_machine_ip)}" + keydb_conf_set replica-announce-port "${KEYDB_REPLICA_PORT:-$KEYDB_MASTER_PORT_NUMBER}" + # Use TLS in the replication connections + if is_boolean_yes "$KEYDB_TLS_ENABLED"; then + keydb_conf_set tls-replication yes + fi + + if [[ "$KEYDB_REPLICATION_MODE" = "master" ]]; then + if [[ -n "$KEYDB_PASSWORD" ]]; then + keydb_conf_set masterauth "$KEYDB_PASSWORD" + fi + elif [[ "$KEYDB_REPLICATION_MODE" = "replica" ]]; then + [[ -n "$KEYDB_MASTER_PASSWORD" ]] && keydb_conf_set masterauth "$KEYDB_MASTER_PASSWORD" + read -r -a hosts_list <<< "$(tr ',;' ' ' <<< "$KEYDB_MASTER_HOSTS")" + if is_boolean_yes "$KEYDB_ACTIVE_REPLICA"; then + keydb_conf_set active-replica yes + [[ "${#hosts_list[@]}" -gt 1 ]] && keydb_conf_set multi-master yes + fi + # Wait for master replicas to be ready + for host in "${hosts_list[@]}"; do + wait-for-port --host "$host" "$KEYDB_MASTER_PORT_NUMBER" + done + # We can't use keydb_conf_set here given we must ensure 'active-replica' + # is set before any 'replicaof' directive + for host in "${hosts_list[@]}"; do + echo "replicaof ${host} ${KEYDB_MASTER_PORT_NUMBER}" >> "$KEYDB_CONF_FILE" + done + fi +} + +######################## +# Disable KeyDB command(s) +# Globals: +# KEYDB_BASE_DIR +# Arguments: +# $1 - Array of commands to disable +# Returns: +# None +######################### +keydb_disable_unsafe_commands() { + # The current syntax gets a comma separated list of commands, we split them + # before passing to keydb_disable_unsafe_commands + read -r -a disabledCommands <<< "$(tr ',' ' ' <<< "$KEYDB_DISABLE_COMMANDS")" + debug "Disabling commands: ${disabledCommands[*]}" + for cmd in "${disabledCommands[@]}"; do + if grep -E -q "^\s*rename-command\s+$cmd\s+\"\"\s*$" "$KEYDB_CONF_FILE"; then + debug "$cmd was already disabled" + continue + fi + echo "rename-command $cmd \"\"" >> "$KEYDB_CONF_FILE" + done +} + +######################## +# KeyDB configure permissions +# Globals: +# KEYDB_* +# Arguments: +# None +# Returns: +# None +######################### +keydb_configure_permissions() { + debug "Ensuring expected directories/files exist" + for dir in "$KEYDB_BASE_DIR" "$KEYDB_DATA_DIR" "$KEYDB_TMP_DIR"; do + ensure_dir_exists "$dir" + if am_i_root; then + chown "$KEYDB_DAEMON_USER:$KEYDB_DAEMON_GROUP" "$dir" + fi + done +} + +######################### +# Append include directives to keydb.conf +# Globals: +# KEYDB_* +# Arguments: +# None +# Returns: +# None +######################### +keydb_append_include_conf() { + if [[ -f "$KEYDB_OVERRIDES_FILE" ]]; then + # Remove all include statements including commented ones + keydb_conf_set include "$KEYDB_OVERRIDES_FILE" + keydb_conf_unset "include" + echo "include $KEYDB_OVERRIDES_FILE" >> "${KEYDB_BASE_DIR}/etc/keydb.conf" + fi +} + +######################## +# Configures KeyDB +# Globals: +# KEYDB_* +# Arguments: +# None +# Returns: +# None +######################### +keydb_configure() { + # User injected custom configuration + if [[ -e "${KEYDB_MOUNTED_CONF_DIR}/keydb.conf" ]]; then + cp "${KEYDB_MOUNTED_CONF_DIR}/keydb.conf" "$KEYDB_CONF_FILE" + else + info "Setting KeyDB config file" + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + # Allow remote connections without password + keydb_conf_set protected-mode no + fi + + keydb_conf_set port "$KEYDB_PORT_NUMBER" + # Allow remote connections + is_boolean_yes "$KEYDB_ALLOW_REMOTE_CONNECTIONS" && keydb_conf_set bind "0.0.0.0 ::" + # Enable AOF https://docs.keydb.dev/docs/persistence/#append-only-file + # Leave default fsync (every second) + keydb_conf_set appendonly "$KEYDB_AOF_ENABLED" + + if is_empty_value "$KEYDB_RDB_POLICY"; then + if is_boolean_yes "$KEYDB_RDB_POLICY_DISABLED"; then + keydb_conf_set save "" + fi + else + # The value stored in $i here is the number of seconds and times of save rules in keydb rdb mode + for i in ${KEYDB_RDB_POLICY}; do + keydb_conf_set save "${i//#/ }" + done + fi + + # TLS configuration + if is_boolean_yes "$KEYDB_TLS_ENABLED"; then + if [[ "$KEYDB_PORT_NUMBER" == "6379" ]] && [[ "$KEYDB_TLS_PORT_NUMBER" == "6379" ]]; then + # If both ports are set to default values, enable TLS traffic only + keydb_conf_set port 0 + keydb_conf_set tls-port "$KEYDB_TLS_PORT_NUMBER" + else + # Different ports were specified + keydb_conf_set tls-port "$KEYDB_TLS_PORT_NUMBER" + fi + keydb_conf_set tls-cert-file "$KEYDB_TLS_CERT_FILE" + keydb_conf_set tls-key-file "$KEYDB_TLS_KEY_FILE" + # shellcheck disable=SC2015 + is_empty_value "$KEYDB_TLS_CA_FILE" && keydb_conf_set tls-ca-cert-dir "$KEYDB_TLS_CA_DIR" || keydb_conf_set tls-ca-cert-file "$KEYDB_TLS_CA_FILE" + ! is_empty_value "$KEYDB_TLS_KEY_FILE_PASS" && keydb_conf_set tls-key-file-pass "$KEYDB_TLS_KEY_FILE_PASS" + [[ -n "$KEYDB_TLS_DH_PARAMS_FILE" ]] && keydb_conf_set tls-dh-params-file "$KEYDB_TLS_DH_PARAMS_FILE" + keydb_conf_set tls-auth-clients "$KEYDB_TLS_AUTH_CLIENTS" + fi + # Multithreading configuration + ! is_empty_value "$KEYDB_IO_THREADS_DO_READS" && keydb_conf_set "io-threads-do-reads" "$KEYDB_IO_THREADS_DO_READS" + ! is_empty_value "$KEYDB_IO_THREADS" && keydb_conf_set "io-threads" "$KEYDB_IO_THREADS" + + if [[ -n "$KEYDB_PASSWORD" ]]; then + keydb_conf_set requirepass "$KEYDB_PASSWORD" + else + keydb_conf_unset requirepass + fi + if [[ -n "$KEYDB_DISABLE_COMMANDS" ]]; then + keydb_disable_unsafe_commands + fi + if [[ -n "$KEYDB_ACL_FILE" ]]; then + keydb_conf_set aclfile "$KEYDB_ACL_FILE" + fi + keydb_append_include_conf + + # Configure Replication mode + if [[ -n "$KEYDB_REPLICATION_MODE" ]]; then + keydb_configure_replication + fi + fi + + # Avoid exit code from previous conditions to affect the result of this function + true +} + +######################## +# Ensure KeyDB is initialized +# Globals: +# KEYDB_* +# Arguments: +# None +# Returns: +# None +######################### +keydb_initialize() { + info "Initializing KeyDB" + + # This fixes an issue where the trap would kill the entrypoint.sh, if a PID was left over from a previous run + # Exec replaces the process without creating a new one, and when the container is restarted it may have the same PID + rm -f "$KEYDB_BASE_DIR/tmp/keydb.pid" + + # Ensure the KeyDB directories have proper permissions + keydb_configure_permissions + # Configure KeyDB + keydb_configure +} diff --git a/bitnami/keydb/6/debian-12/tags-info.yaml b/bitnami/keydb/6/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..86ad35a5ec8b9 --- /dev/null +++ b/bitnami/keydb/6/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "6" +- 6-debian-12 +- 6.3.4 +- latest diff --git a/bitnami/keydb/README.md b/bitnami/keydb/README.md new file mode 100644 index 0000000000000..d23f8f2fb0169 --- /dev/null +++ b/bitnami/keydb/README.md @@ -0,0 +1,710 @@ +# Bitnami package for KeyDB + +## What is KeyDB? + +> KeyDB is a high performance fork of Redis with a focus on multithreading, memory efficiency, and high throughput. + +[Overview of KeyDB](https://github.com/Snapchat/KeyDB) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name keydb -e ALLOW_EMPTY_PASSWORD=yes bitnami/keydb:latest +``` + +**Warning**: These quick setups are only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Configuration](#configuration) section for a more secure deployment. + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use KeyDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Why use a non-root container? + +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami KeyDB Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/keydb). + +```console +docker pull bitnami/keydb:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/keydb/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/keydb:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## Persisting your database + +KeyDB provides a different range of [persistence options](https://keydb.io/docs/topics/persistence.html). This contanier uses *AOF persistence by default* but it is easy to overwrite that configuration in a `docker-compose.yaml` file with this entry `command: /opt/bitnami/scripts/keydb/run.sh --appendonly no`. Alternatively, you may use the `KEYDB_AOF_ENABLED` env variable as explained in [Disabling AOF persistence](https://github.com/bitnami/containers/blob/main/bitnami/keydb#disabling-aof-persistence). + +If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed. + +For persistence you should mount a directory at the `/bitnami` path. If the mounted directory is empty, it will be initialized on the first run. + +```console +docker run \ + -e ALLOW_EMPTY_PASSWORD=yes \ + -v /path/to/keydb-persistence:/bitnami/keydb/data \ + bitnami/keydb:latest +``` + +You can also do this by modifying the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + volumes: + - /path/to/keydb-persistence:/bitnami/keydb/data + ... +``` + +> NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID `1001`. + +## Connecting to other containers + +Using [Docker container networking](https://docs.docker.com/engine/userguide/networking/), a KeyDB server running inside a container can easily be accessed by your application containers. + +Containers attached to the same network can communicate with each other using the container name as the hostname. + +### Using the Command Line + +In this example, we will create a KeyDB client instance that will connect to the server instance that is running on the same docker network as the client. + +#### Step 1: Create a network + +```console +docker network create app-tier --driver bridge +``` + +#### Step 2: Launch the KeyDB server instance + +Use the `--network app-tier` argument to the `docker run` command to attach the KeyDB container to the `app-tier` network. + +```console +docker run -d --name keydb-server \ + -e ALLOW_EMPTY_PASSWORD=yes \ + --network app-tier \ + bitnami/keydb:latest +``` + +#### Step 3: Launch your KeyDB client instance + +Finally we create a new container instance to launch the KeyDB client and connect to the server created in the previous step: + +```console +docker run -it --rm \ + --network app-tier \ + bitnami/keydb:latest keydb-cli -h keydb-server +``` + +### Using a Docker Compose file + +When not specified, Docker Compose automatically sets up a new network and attaches all deployed services to that network. However, we will explicitly define a new `bridge` network named `app-tier`. In this example we assume that you want to connect to the KeyDB server from your own custom application image which is identified in the following snippet by the service name `myapp`. + +```yaml +version: '2' + +networks: + app-tier: + driver: bridge + +services: + keydb: + image: 'bitnami/keydb:latest' + environment: + - ALLOW_EMPTY_PASSWORD=yes + networks: + - app-tier + myapp: + image: 'YOUR_APPLICATION_IMAGE' + networks: + - app-tier +``` + +> **IMPORTANT**: +> +> 1. Please update the **YOUR_APPLICATION_IMAGE_** placeholder in the above snippet with your application image +> 2. In your application container, use the hostname `keydb` to connect to the KeyDB server + +Launch the containers using: + +```console +docker-compose up -d +``` + +## Configuration + +### Environment variables + +#### Customizable environment variables + +| Name | Description | Default Value | +|----------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------| +| `KEYDB_DATA_DIR` | KeyDB data directory. | `${KEYDB_VOLUME_DIR}/data` | +| `KEYDB_OVERRIDES_FILE` | KeyDB config overrides file. | `${KEYDB_MOUNTED_CONF_DIR}/overrides.conf` | +| `KEYDB_DISABLE_COMMANDS` | Commands to disable. | `nil` | +| `KEYDB_DATABASE` | Default database. | `keydb` | +| `KEYDB_AOF_ENABLED` | Enable AOF. | `yes` | +| `KEYDB_RDB_POLICY` | Enable RDB policy persistence. | `nil` | +| `KEYDB_RDB_POLICY_DISABLED` | Allows to enable RDB policy persistence. | `no` | +| `KEYDB_PORT_NUMBER` | KeyDB port number. | `$KEYDB_DEFAULT_PORT_NUMBER` | +| `KEYDB_ALLOW_REMOTE_CONNECTIONS` | Allow remote connection to the service. | `yes` | +| `KEYDB_EXTRA_FLAGS` | Additional flags pass to 'keydb-server' command. | `nil` | +| `ALLOW_EMPTY_PASSWORD` | Allow password-less access. | `no` | +| `KEYDB_PASSWORD` | KeyDB password. | `nil` | +| `KEYDB_ACL_FILE` | KeyDB ACL file. | `nil` | +| `KEYDB_IO_THREADS_DO_READS` | Enable multithreading when reading socket. | `nil` | +| `KEYDB_IO_THREADS` | Number of threads. | `nil` | +| `KEYDB_REPLICATION_MODE` | Replication mode (values: master, replica). | `nil` | +| `KEYDB_ACTIVE_REPLICA` | Configure KeyDB node as active-replica. | `no` | +| `KEYDB_MASTER_HOSTS` | Comma separated list of hostnames of the KeyDB master instances to be a replica of. | `nil` | +| `KEYDB_MASTER_PORT_NUMBER` | Port number of the KeyDB master instances to be a replica of. | `6379` | +| `KEYDB_MASTER_PASSWORD` | Password to authenticate against the KeyDB master instance to be a replica of. | `nil` | +| `KEYDB_REPLICA_IP` | The replication announce ip. | `nil` | +| `KEYDB_REPLICA_PORT` | The replication announce port. | `nil` | +| `KEYDB_TLS_ENABLED` | Enable TLS | `no` | +| `KEYDB_TLS_PORT_NUMBER` | TLS port number. | `6379` | +| `KEYDB_TLS_CERT_FILE` | TLS certificate file. | `nil` | +| `KEYDB_TLS_CA_DIR` | Directory containing TLS CA certificates. | `nil` | +| `KEYDB_TLS_KEY_FILE` | TLS key file. | `nil` | +| `KEYDB_TLS_KEY_FILE_PASS` | TLS key file passphrase. | `nil` | +| `KEYDB_TLS_CA_FILE` | TLS CA file. | `nil` | +| `KEYDB_TLS_DH_PARAMS_FILE` | TLS DH parameter file. | `nil` | +| `KEYDB_TLS_AUTH_CLIENTS` | Enable TLS client authentication. | `yes` | + +#### Read-only environment variables + +| Name | Description | Value | +|-----------------------------|----------------------------------------|---------------------------------| +| `KEYDB_VOLUME_DIR` | KeyDB persistence base directory. | `/bitnami/keydb` | +| `KEYDB_BASE_DIR` | KeyDB installation directory. | `${BITNAMI_ROOT_DIR}/keydb` | +| `KEYDB_CONF_DIR` | KeyDB configuration directory. | `${KEYDB_BASE_DIR}/etc` | +| `KEYDB_DEFAULT_CONF_DIR` | KeyDB default configuration directory. | `${KEYDB_BASE_DIR}/etc.default` | +| `KEYDB_MOUNTED_CONF_DIR` | KeyDB mounted configuration directory. | `${KEYDB_BASE_DIR}/mounted-etc` | +| `KEYDB_CONF_FILE` | KeyDB configuration file. | `${KEYDB_CONF_DIR}/keydb.conf` | +| `KEYDB_TMP_DIR` | KeyDB temporary directory. | `${KEYDB_BASE_DIR}/tmp` | +| `KEYDB_PID_FILE` | KeyDB PID file. | `${KEYDB_TMP_DIR}/keydb.pid` | +| `KEYDB_BIN_DIR` | KeyDB executables directory. | `${KEYDB_BASE_DIR}/bin` | +| `KEYDB_DAEMON_USER` | KeyDB system user. | `keydb` | +| `KEYDB_DAEMON_GROUP` | KeyDB system group. | `keydb` | +| `KEYDB_DEFAULT_PORT_NUMBER` | KeyDB port number (Build time). | `6379` | + +### Disabling KeyDB commands + +For security reasons, you may want to disable some commands. You can specify them by using the following environment variable on the first run: + +* `KEYDB_DISABLE_COMMANDS`: Comma-separated list of KeyDB commands to disable. Defaults to empty. + +```console +docker run --name keydb -e KEYDB_DISABLE_COMMANDS=FLUSHDB,FLUSHALL,CONFIG bitnami/keydb:latest +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + environment: + - KEYDB_DISABLE_COMMANDS=FLUSHDB,FLUSHALL,CONFIG + ... +``` + +As specified in the docker-compose, `FLUSHDB` and `FLUSHALL` commands are disabled. Comment out or remove the +environment variable if you don't want to disable any commands: + +```yaml +services: + keydb: + ... + environment: + # - KEYDB_DISABLE_COMMANDS=FLUSHDB,FLUSHALL + ... +``` + +### Passing extra command-line flags to keydb-server startup + +Passing extra command-line flags to the keydb service command is possible by adding them as arguments to *run.sh* script: + +```console +docker run --name keydb -e ALLOW_EMPTY_PASSWORD=yes bitnami/keydb:latest /opt/bitnami/scripts/keydb/run.sh --maxmemory 100mb +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + environment: + - ALLOW_EMPTY_PASSWORD=yes + command: /opt/bitnami/scripts/keydb/run.sh --maxmemory 100mb + ... +``` + +### Setting the server password on first run + +Passing the `KEYDB_PASSWORD` environment variable when running the image for the first time will set the KeyDB server password to the value of `KEYDB_PASSWORD` (or the content of the file specified in `KEYDB_PASSWORD_FILE`). + +```console +docker run --name keydb -e KEYDB_PASSWORD=password123 bitnami/keydb:latest +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + environment: + - KEYDB_PASSWORD=password123 + ... +``` + +**NOTE**: The at sign (`@`) is not supported for `KEYDB_PASSWORD`. + +**Warning** The KeyDB database is always configured with remote access enabled. It's suggested that the `KEYDB_PASSWORD` env variable is always specified to set a password. In case you want to access the database without a password set the environment variable `ALLOW_EMPTY_PASSWORD=yes`. **This is recommended only for development**. + +### Allowing empty passwords + +By default the KeyDB image expects all the available passwords to be set. In order to allow empty passwords, it is necessary to set the `ALLOW_EMPTY_PASSWORD=yes` env variable. This env variable is only recommended for testing or development purposes. We strongly recommend specifying the `KEYDB_PASSWORD` for any other scenario. + +```console +docker run --name keydb -e ALLOW_EMPTY_PASSWORD=yes bitnami/keydb:latest +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + environment: + - ALLOW_EMPTY_PASSWORD=yes + ... +``` + +### Disabling AOF persistence + +KeyDB offers different [options](https://keydb.io/docs/topics/persistence.html) when it comes to persistence. By default, this image is set up to use the AOF (Append Only File) approach. Should you need to change this behaviour, setting the `KEYDB_AOF_ENABLED=no` env variable will disable this feature. + +```console +docker run --name keydb -e KEYDB_AOF_ENABLED=no bitnami/keydb:latest +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + environment: + - KEYDB_AOF_ENABLED=no + ... +``` + +### Enabling Access Control List + +KeyDB offers [ACL](https://keydb.io/docs/topics/acl.html) which allows certain connections to be limited in terms of the commands that can be executed and the keys that can be accessed. We strongly recommend enabling ACL in production by specifying the `KEYDB_ACL_FILE`. + +```console +docker run -name keydb -e KEYDB_ACL_FILE=/opt/bitnami/keydb/mounted-etc/users.acl -v /path/to/users.acl:/opt/bitnami/keydb/mounted-etc/users.acl bitnami/keydb:latest +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + environment: + - KEYDB_ACL_FILE=/opt/bitnami/keydb/mounted-etc/users.acl + volumes: + - /path/to/users.acl:/opt/bitnami/keydb/mounted-etc/users.acl + ... +``` + +### Setting up a standalone instance + +By default, this image is set up to launch KeyDB in standalone mode on port 6379. Should you need to change this behavior, setting the `KEYDB_PORT_NUMBER` environment variable will modify the port number. This is not to be confused with `KEYDB_MASTER_PORT_NUMBER` or `KEYDB_REPLICA_PORT` environment variables that are applicable in replication mode. + +```console +docker run --name keydb -e KEYDB_PORT_NUMBER=7000 -p 7000:7000 bitnami/keydb:latest +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + environment: + - KEYDB_PORT_NUMBER=7000 + ... + ports: + - '7000:7000' + .... +``` + +### Setting up replication + +A replication cluster can easily be setup with the Bitnami KeyDB Docker Image using the following environment variables: + +* `KEYDB_REPLICATION_MODE`: The replication mode. Possible values `master`/`replica`. No defaults. +* `KEYDB_ACTIVE_REPLICA`: Configure Replica node as active-replica. Defaults to `no`. +* `KEYDB_REPLICA_IP`: The replication announce ip. Defaults to `$(get_machine_ip)` which return the ip of the container. +* `KEYDB_REPLICA_PORT`: The replication announce port. Defaults to `KEYDB_MASTER_PORT_NUMBER`. +* `KEYDB_MASTER_HOSTS`: Comma separated list of Hostnames/IPs of KeyDB master instances to be a replica of (multiple hosts only supported if active-replica is enabled). No defaults. +* `KEYDB_MASTER_PORT_NUMBER`: Port number of the KeyDB master instances to be a replica of. Defaults to `6379`. +* `KEYDB_MASTER_PASSWORD`: Password to authenticate against the KeyDB master instances to be a replica of. No defaults. + +There are three main architectures for replication in KeyDB: + +* **Master/Replica**: In this architecture, a single KeyDB instance acts as the master, and one or more KeyDB instances act as replicas. The master is responsible for all write operations, while the replicas replicate the write operations from the master and serve read operations. +* **Active Replication**: In this architecture, a single KeyDB instance acts as the master, and one or more KeyDB instances act as active replicas. All instances can accept write operations and replicate them to the rest of the instances. +* **Multi Master Replication**: In this architecture, two or more KeyDB instances act as master, and replicas are configured to replicate from multiple masters. A replica with multiple masters will contain a superset of the data of all its masters. If two masters have a value with the same key it is undefined which key will be taken. If a master deletes a key that exists on another master the replica will no longer contain a copy of that key. + +#### Step 1: Create the replication master + +The first step is to start the KeyDB master. + +```console +docker run --name keydb-master \ + -e KEYDB_REPLICATION_MODE=master \ + -e KEYDB_PASSWORD=masterpassword123 \ + bitnami/keydb:latest +``` + +In the above command the container is configured as the `master` using the `KEYDB_REPLICATION_MODE` parameter. The `KEYDB_PASSWORD` parameter enables authentication on the KeyDB master. + +#### Step 2: Create the replica node + +Next we start a KeyDB replica container. + +```console +docker run --name keydb-replica \ + --link keydb-master:master \ + -e KEYDB_REPLICATION_MODE=replica \ + -e KEYDB_MASTER_HOSTS=master \ + -e KEYDB_MASTER_PORT_NUMBER=6379 \ + -e KEYDB_MASTER_PASSWORD=masterpassword123 \ + -e KEYDB_PASSWORD=password123 \ + bitnami/keydb:latest +``` + +In the above command the container is configured as a `replica` using the `KEYDB_REPLICATION_MODE` parameter. The `KEYDB_MASTER_HOSTS`, `KEYDB_MASTER_PORT_NUMBER` and `KEYDB_MASTER_PASSWORD` parameters are used connect and authenticate with the KeyDB master. The `KEYDB_PASSWORD` parameter enables authentication on the KeyDB replica. + +You now have a two node KeyDB master/replica replication cluster up and running which can be scaled by adding/removing replicas. + +If the KeyDB master goes down you can reconfigure a replica to become a master using: + +```console +docker exec keydb-replica keydb-cli -a password123 REPLICAOF NO ONE +``` + +> **Note**: The configuration of the other replicas in the cluster needs to be updated so that they are aware of the new master. In our example, this would involve restarting the other replicas with `--link keydb-replica:master`. + +With Docker Compose the master/replica mode can be setup using: + +```yaml +version: '2' + +services: + keydb-master: + image: 'bitnami/keydb:latest' + ports: + - '6379' + environment: + - KEYDB_REPLICATION_MODE=master + - KEYDB_PASSWORD=my_master_password + volumes: + - '/path/to/keydb-persistence:/bitnami' + + keydb-replica: + image: 'bitnami/keydb:latest' + ports: + - '6379' + depends_on: + - keydb-master + environment: + - KEYDB_REPLICATION_MODE=replica + - KEYDB_MASTER_HOSTS=keydb-master + - KEYDB_MASTER_PORT_NUMBER=6379 + - KEYDB_MASTER_PASSWORD=my_master_password + - KEYDB_PASSWORD=my_replica_password +``` + +Scale the number of replicas using: + +```console +docker-compose up --detach --scale keydb-master=1 --scale keydb-replica=3 +``` + +The above command scales up the number of replicas to `3`. You can scale down in the same way. + +> **Note**: You should not scale up/down the number of master nodes. Always have only one master node running. + +### Securing KeyDB traffic + +KeyDB adds the support for SSL/TLS connections. Should you desire to enable this optional feature, you may use the following environment variables to configure the application: + +* `KEYDB_TLS_ENABLED`: Whether to enable TLS for traffic or not. Defaults to `no`. +* `KEYDB_TLS_PORT_NUMBER`: Port used for TLS secure traffic. Defaults to `6379`. +* `KEYDB_TLS_CERT_FILE`: File containing the certificate file for the TLS traffic. No defaults. +* `KEYDB_TLS_KEY_FILE`: File containing the key for certificate. No defaults. +* `KEYDB_TLS_CA_FILE`: File containing the CA of the certificate (takes precedence over `KEYDB_TLS_CA_DIR`). No defaults. +* `KEYDB_TLS_CA_DIR`: Directory containing the CA certificates. No defaults. +* `KEYDB_TLS_DH_PARAMS_FILE`: File containing DH params (in order to support DH based ciphers). No defaults. +* `KEYDB_TLS_AUTH_CLIENTS`: Whether to require clients to authenticate or not. Defaults to `yes`. + +When enabling TLS, conventional standard traffic is disabled by default. However this new feature is not mutually exclusive, which means it is possible to listen to both TLS and non-TLS connection simultaneously. To enable non-TLS traffic, set `KEYDB_TLS_PORT_NUMBER` to another port different than `0`. + +1. Using `docker run` + + ```console + $ docker run --name keydb \ + -v /path/to/certs:/opt/bitnami/keydb/certs \ + -v /path/to/keydb-data-persistence:/bitnami/keydb/data \ + -e ALLOW_EMPTY_PASSWORD=yes \ + -e KEYDB_TLS_ENABLED=yes \ + -e KEYDB_TLS_CERT_FILE=/opt/bitnami/keydb/certs/keydb.crt \ + -e KEYDB_TLS_KEY_FILE=/opt/bitnami/keydb/certs/keydb.key \ + -e KEYDB_TLS_CA_FILE=/opt/bitnami/keydb/certs/keydbCA.crt \ + bitnami/keydb:latest + ``` + +2. Modifying the `docker-compose.yml` file present in this repository: + + ```yaml + services: + keydb: + ... + environment: + ... + - KEYDB_TLS_ENABLED=yes + - KEYDB_TLS_CERT_FILE=/opt/bitnami/keydb/certs/keydb.crt + - KEYDB_TLS_KEY_FILE=/opt/bitnami/keydb/certs/keydb.key + - KEYDB_TLS_CA_FILE=/opt/bitnami/keydb/certs/keydbCA.crt + ... + volumes: + - /path/to/certs:/opt/bitnami/keydb/certs + - /path/to/keydb-persistence:/bitnami/keydb/data + ... + ``` + +Alternatively, you may also provide with this configuration in your [custom](https://github.com/bitnami/containers/blob/main/bitnami/keydb#configuration-file) configuration file. + +### Configuration file + +The image looks for configurations in `/opt/bitnami/keydb/mounted-etc/keydb.conf`. You can overwrite the `keydb.conf` file using your own custom configuration file. + +```console +docker run --name keydb \ + -e ALLOW_EMPTY_PASSWORD=yes \ + -v /path/to/your_keydb.conf:/opt/bitnami/keydb/mounted-etc/keydb.conf \ + -v /path/to/keydb-data-persistence:/bitnami/keydb/data \ + bitnami/keydb:latest +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + volumes: + - /path/to/your_keydb.conf:/opt/bitnami/keydb/mounted-etc/keydb.conf + - /path/to/keydb-persistence:/bitnami/keydb/data + ... +``` + +### Overriding configuration + +Instead of providing a custom `keydb.conf`, you may also choose to provide only settings you wish to override. The image will look for `/opt/bitnami/keydb/mounted-etc/overrides.conf`. This will be ignored if custom `keydb.conf` is provided. + +```console +docker run --name keydb \ + -e ALLOW_EMPTY_PASSWORD=yes \ + -v /path/to/overrides.conf:/opt/bitnami/keydb/mounted-etc/overrides.conf \ + bitnami/keydb:latest +``` + +Alternatively, modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/keydb/docker-compose.yml) file present in this repository: + +```yaml +services: + keydb: + ... + volumes: + - /path/to/overrides.conf:/opt/bitnami/keydb/mounted-etc/overrides.conf + ... +``` + +### Enable KeyDB RDB persistence + +When the value of `KEYDB_RDB_POLICY_DISABLED` is `no` (default value) the KeyDB default persistence strategy will be used. If you want to modify the default strategy, you can configure it through the `KEYDB_RDB_POLICY` parameter. Here is a demonstration of modifying the default persistence strategy + +1. Using `docker run` + + ```console + $ docker run --name keydb \ + -v /path/to/keydb-data-persistence:/bitnami/keydb/data \ + -e ALLOW_EMPTY_PASSWORD=yes \ + -e KEYDB_RDB_POLICY_DISABLED=no + -e KEYDB_RDB_POLICY="900#1 600#5 300#10 120#50 60#1000 30#10000" + bitnami/keydb:latest + ``` + +2. Modifying the `docker-compose.yml` file present in this repository: + + ```yaml + keydb: + ... + environment: + ... + - KEYDB_RDB_POLICY_DISABLED=no + - KEYDB_RDB_POLICY="900#1 600#5 300#10 120#50 60#1000 30#10000" + ... + ... + ``` + +## Logging + +The Bitnami KeyDB Docker image sends the container logs to the `stdout`. To view the logs: + +```console +docker logs keydb +``` + +or using Docker Compose: + +```console +docker-compose logs keydb +``` + +You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver. + +## Maintenance + +### Upgrade this image + +Bitnami provides up-to-date versions of KeyDB, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container. + +#### Step 1: Get the updated image + +```console +docker pull bitnami/keydb:latest +``` + +or if you're using Docker Compose, update the value of the image property to +`bitnami/keydb:latest`. + +#### Step 2: Stop and backup the currently running container + +Stop the currently running container using the command + +```console +docker stop keydb +``` + +or using Docker Compose: + +```console +docker-compose stop keydb +``` + +Next, take a snapshot of the persistent volume `/path/to/keydb-persistence` using: + +```console +rsync -a /path/to/keydb-persistence /path/to/keydb-persistence.bkp.$(date +%Y%m%d-%H.%M.%S) +``` + +#### Step 3: Remove the currently running container + +```console +docker rm -v keydb +``` + +or using Docker Compose: + +```console +docker-compose rm -v keydb +``` + +#### Step 4: Run the new image + +Re-create your container from the new image. + +```console +docker run --name keydb bitnami/keydb:latest +``` + +or using Docker Compose: + +```console +docker-compose up keydb +``` + +## Using `docker-compose.yaml` + +Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/keydb). + +If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bitnami/keydb/docker-compose-replicaset.yml b/bitnami/keydb/docker-compose-replicaset.yml new file mode 100644 index 0000000000000..80096d2f0d113 --- /dev/null +++ b/bitnami/keydb/docker-compose-replicaset.yml @@ -0,0 +1,32 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + keydb-primary: + image: docker.io/bitnami/keydb:6 + ports: + - '6379' + environment: + - KEYDB_REPLICATION_MODE=master + - KEYDB_PASSWORD=my_password + - KEYDB_DISABLE_COMMANDS=FLUSHDB,FLUSHALL + volumes: + - 'keydb_data:/bitnami/keydb/data' + + keydb-secondary: + image: docker.io/bitnami/keydb:6 + ports: + - '6379' + depends_on: + - keydb-primary + environment: + - KEYDB_REPLICATION_MODE=replica + - KEYDB_MASTER_HOSTS=keydb-primary + - KEYDB_MASTER_PORT_NUMBER=6379 + - KEYDB_MASTER_PASSWORD=my_password + - KEYDB_PASSWORD=my_password + - KEYDB_DISABLE_COMMANDS=FLUSHDB,FLUSHALL + +volumes: + keydb_data: + driver: local diff --git a/bitnami/keydb/docker-compose.yml b/bitnami/keydb/docker-compose.yml new file mode 100644 index 0000000000000..42265a4285493 --- /dev/null +++ b/bitnami/keydb/docker-compose.yml @@ -0,0 +1,18 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + keydb: + image: docker.io/bitnami/keydb:6 + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - KEYDB_DISABLE_COMMANDS=FLUSHDB,FLUSHALL + ports: + - '6379:6379' + volumes: + - 'keydb_data:/bitnami/keydb/data' + +volumes: + keydb_data: + driver: local diff --git a/bitnami/kiam/4/debian-12/Dockerfile b/bitnami/kiam/4/debian-12/Dockerfile index 3890ca14257a6..aebaac5008d77 100644 --- a/bitnami/kiam/4/debian-12/Dockerfile +++ b/bitnami/kiam/4/debian-12/Dockerfile @@ -3,15 +3,16 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T21:51:29Z" \ + org.opencontainers.image.created="2025-01-03T01:38:03Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kiam/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="4.2.0-debian-12-r29" \ + org.opencontainers.image.ref.name="4.2.0-debian-12-r47" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kiam" \ org.opencontainers.image.title="kiam" \ org.opencontainers.image.vendor="Broadcom, Inc." \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl iptables procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "kiam-4.2.0-14-linux-${OS_ARCH}-debian-12" \ + "kiam-4.2.0-24-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ diff --git a/bitnami/kiam/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kiam/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 26801d938d221..c5ded6451d6a9 100644 --- a/bitnami/kiam/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kiam/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.2.0-14" + "version": "4.2.0-24" } } \ No newline at end of file diff --git a/bitnami/kiam/README.md b/bitnami/kiam/README.md index 8c568f8501f84..4d7ece48767fd 100644 --- a/bitnami/kiam/README.md +++ b/bitnami/kiam/README.md @@ -25,11 +25,17 @@ docker run --name kiam bitnami/kiam:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kiam in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kiam in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -85,7 +91,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/kibana/7/README.md b/bitnami/kibana/7/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/kibana/7/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/kibana/7/debian-12/Dockerfile b/bitnami/kibana/7/debian-12/Dockerfile deleted file mode 100644 index 2804da91294c8..0000000000000 --- a/bitnami/kibana/7/debian-12/Dockerfile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T21:51:29Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kibana/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.17.21-debian-12-r2" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kibana" \ - org.opencontainers.image.title="kibana" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.17.21" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/kibana/bin:$PATH" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libexpat1 libgcc-s1 libnss3 libstdc++6 procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "yq-4.44.1-0-linux-${OS_ARCH}-debian-12" \ - "kibana-7.17.21-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/kibana/postunpack.sh -ENV APP_VERSION="7.17.21" \ - BITNAMI_APP_NAME="kibana" - -EXPOSE 5601 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/kibana/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/kibana/run.sh" ] diff --git a/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 12191c7cebbf7..0000000000000 --- a/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "kibana": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.17.21-1" - }, - "yq": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "4.44.1-0" - } -} \ No newline at end of file diff --git a/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/kibana/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana-env.sh b/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana-env.sh deleted file mode 100644 index 413e3cf927a36..0000000000000 --- a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana-env.sh +++ /dev/null @@ -1,182 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for kibana - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-kibana}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -kibana_env_vars=( - KIBANA_ELASTICSEARCH_URL - KIBANA_ELASTICSEARCH_PORT_NUMBER - KIBANA_HOST - KIBANA_PORT_NUMBER - KIBANA_WAIT_READY_MAX_RETRIES - KIBANA_INITSCRIPTS_START_SERVER - KIBANA_FORCE_INITSCRIPTS - KIBANA_DISABLE_STRICT_CSP - KIBANA_CERTS_DIR - KIBANA_SERVER_ENABLE_TLS - KIBANA_SERVER_KEYSTORE_LOCATION - KIBANA_SERVER_KEYSTORE_PASSWORD - KIBANA_SERVER_TLS_USE_PEM - KIBANA_SERVER_CERT_LOCATION - KIBANA_SERVER_KEY_LOCATION - KIBANA_SERVER_KEY_PASSWORD - KIBANA_PASSWORD - KIBANA_ELASTICSEARCH_ENABLE_TLS - KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE - KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION - KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD - KIBANA_ELASTICSEARCH_TLS_USE_PEM - KIBANA_ELASTICSEARCH_CA_CERT_LOCATION - KIBANA_DISABLE_STRICT_CSP - KIBANA_CREATE_USER - KIBANA_ELASTICSEARCH_PASSWORD - KIBANA_SERVER_PUBLICBASEURL - KIBANA_XPACK_SECURITY_ENCRYPTIONKEY - KIBANA_XPACK_REPORTING_ENCRYPTIONKEY - KIBANA_NEWSFEED_ENABLED - KIBANA_ELASTICSEARCH_REQUESTTIMEOUT - ELASTICSEARCH_URL - KIBANA_ELASTICSEARCH_PORT_NUMBER - KIBANA_ELASTICSEARCH_PORT - KIBANA_PORT_NUMBER - KIBANA_INITSCRIPTS_MAX_RETRIES -) -for env_var in "${kibana_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset kibana_env_vars -export SERVER_FLAVOR="kibana" - -# Paths -export BITNAMI_VOLUME_DIR="/bitnami" -export KIBANA_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/kibana" -export SERVER_VOLUME_DIR="$KIBANA_VOLUME_DIR" -export KIBANA_BASE_DIR="${BITNAMI_ROOT_DIR}/kibana" -export SERVER_BASE_DIR="$KIBANA_BASE_DIR" -export KIBANA_CONF_DIR="${SERVER_BASE_DIR}/config" -export SERVER_CONF_DIR="$KIBANA_CONF_DIR" -export KIBANA_DEFAULT_CONF_DIR="${SERVER_BASE_DIR}/config.default" -export SERVER_DEFAULT_CONF_DIR="$KIBANA_DEFAULT_CONF_DIR" -export KIBANA_LOGS_DIR="${SERVER_BASE_DIR}/logs" -export SERVER_LOGS_DIR="$KIBANA_LOGS_DIR" -export KIBANA_TMP_DIR="${SERVER_BASE_DIR}/tmp" -export SERVER_TMP_DIR="$KIBANA_TMP_DIR" -export KIBANA_BIN_DIR="${SERVER_BASE_DIR}/bin" -export SERVER_BIN_DIR="$KIBANA_BIN_DIR" -export KIBANA_PLUGINS_DIR="${SERVER_BASE_DIR}/plugins" -export SERVER_PLUGINS_DIR="$KIBANA_PLUGINS_DIR" -export KIBANA_DEFAULT_PLUGINS_DIR="${SERVER_BASE_DIR}/plugins.default" -export SERVER_DEFAULT_PLUGINS_DIR="$KIBANA_DEFAULT_PLUGINS_DIR" -export KIBANA_DATA_DIR="${SERVER_VOLUME_DIR}/data" -export SERVER_DATA_DIR="$KIBANA_DATA_DIR" -export KIBANA_MOUNTED_CONF_DIR="${SERVER_VOLUME_DIR}/conf" -export SERVER_MOUNTED_CONF_DIR="$KIBANA_MOUNTED_CONF_DIR" -export KIBANA_CONF_FILE="${SERVER_CONF_DIR}/kibana.yml" -export SERVER_CONF_FILE="$KIBANA_CONF_FILE" -export KIBANA_LOG_FILE="${SERVER_LOGS_DIR}/kibana.log" -export SERVER_LOG_FILE="$KIBANA_LOG_FILE" -export KIBANA_PID_FILE="${SERVER_TMP_DIR}/kibana.pid" -export SERVER_PID_FILE="$KIBANA_PID_FILE" -export KIBANA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export SERVER_INITSCRIPTS_DIR="$KIBANA_INITSCRIPTS_DIR" - -# System users (when running with a privileged user) -export KIBANA_DAEMON_USER="kibana" -export SERVER_DAEMON_USER="$KIBANA_DAEMON_USER" -export KIBANA_DAEMON_GROUP="kibana" -export SERVER_DAEMON_GROUP="$KIBANA_DAEMON_GROUP" - -# Kibana configuration -KIBANA_ELASTICSEARCH_URL="${KIBANA_ELASTICSEARCH_URL:-"${ELASTICSEARCH_URL:-}"}" -export KIBANA_ELASTICSEARCH_URL="${KIBANA_ELASTICSEARCH_URL:-elasticsearch}" -export SERVER_DB_URL="$KIBANA_ELASTICSEARCH_URL" -KIBANA_ELASTICSEARCH_PORT_NUMBER="${KIBANA_ELASTICSEARCH_PORT_NUMBER:-"${KIBANA_ELASTICSEARCH_PORT_NUMBER:-}"}" -KIBANA_ELASTICSEARCH_PORT_NUMBER="${KIBANA_ELASTICSEARCH_PORT_NUMBER:-"${KIBANA_ELASTICSEARCH_PORT:-}"}" -KIBANA_ELASTICSEARCH_PORT_NUMBER="${KIBANA_ELASTICSEARCH_PORT_NUMBER:-"${KIBANA_PORT_NUMBER:-}"}" -export KIBANA_ELASTICSEARCH_PORT_NUMBER="${KIBANA_ELASTICSEARCH_PORT_NUMBER:-9200}" -export SERVER_DB_PORT_NUMBER="$KIBANA_ELASTICSEARCH_PORT_NUMBER" -export KIBANA_HOST="${KIBANA_HOST:-0.0.0.0}" -export SERVER_HOST="$KIBANA_HOST" -export KIBANA_PORT_NUMBER="${KIBANA_PORT_NUMBER:-5601}" -export SERVER_PORT_NUMBER="$KIBANA_PORT_NUMBER" -KIBANA_WAIT_READY_MAX_RETRIES="${KIBANA_WAIT_READY_MAX_RETRIES:-"${KIBANA_INITSCRIPTS_MAX_RETRIES:-}"}" -export KIBANA_WAIT_READY_MAX_RETRIES="${KIBANA_WAIT_READY_MAX_RETRIES:-30}" -export SERVER_WAIT_READY_MAX_RETRIES="$KIBANA_WAIT_READY_MAX_RETRIES" -export KIBANA_INITSCRIPTS_START_SERVER="${KIBANA_INITSCRIPTS_START_SERVER:-yes}" -export SERVER_INITSCRIPTS_START_SERVER="$KIBANA_INITSCRIPTS_START_SERVER" -export KIBANA_FORCE_INITSCRIPTS="${KIBANA_FORCE_INITSCRIPTS:-no}" -export SERVER_FORCE_INITSCRIPTS="$KIBANA_FORCE_INITSCRIPTS" -export KIBANA_DISABLE_STRICT_CSP="${KIBANA_DISABLE_STRICT_CSP:-no}" -export SERVER_DISABLE_STRICT_CSP="$KIBANA_DISABLE_STRICT_CSP" - -# Kibana server SSL/TLS configuration -export KIBANA_CERTS_DIR="${KIBANA_CERTS_DIR:-${SERVER_CONF_DIR}/certs}" -export SERVER_CERTS_DIR="$KIBANA_CERTS_DIR" -export KIBANA_SERVER_ENABLE_TLS="${KIBANA_SERVER_ENABLE_TLS:-false}" -export SERVER_ENABLE_TLS="$KIBANA_SERVER_ENABLE_TLS" -export KIBANA_SERVER_KEYSTORE_LOCATION="${KIBANA_SERVER_KEYSTORE_LOCATION:-${SERVER_CERTS_DIR}/server/kibana.keystore.p12}" -export SERVER_KEYSTORE_LOCATION="$KIBANA_SERVER_KEYSTORE_LOCATION" -export KIBANA_SERVER_KEYSTORE_PASSWORD="${KIBANA_SERVER_KEYSTORE_PASSWORD:-}" -export SERVER_KEYSTORE_PASSWORD="$KIBANA_SERVER_KEYSTORE_PASSWORD" -export KIBANA_SERVER_TLS_USE_PEM="${KIBANA_SERVER_TLS_USE_PEM:-false}" -export SERVER_TLS_USE_PEM="$KIBANA_SERVER_TLS_USE_PEM" -export KIBANA_SERVER_CERT_LOCATION="${KIBANA_SERVER_CERT_LOCATION:-${SERVER_CERTS_DIR}/server/tls.crt}" -export SERVER_CERT_LOCATION="$KIBANA_SERVER_CERT_LOCATION" -export KIBANA_SERVER_KEY_LOCATION="${KIBANA_SERVER_KEY_LOCATION:-${SERVER_CERTS_DIR}/server/tls.key}" -export SERVER_KEY_LOCATION="$KIBANA_SERVER_KEY_LOCATION" -export KIBANA_SERVER_KEY_PASSWORD="${KIBANA_SERVER_KEY_PASSWORD:-}" -export SERVER_KEY_PASSWORD="$KIBANA_SERVER_KEY_PASSWORD" - -# Elasticsearch Security configuration -export KIBANA_PASSWORD="${KIBANA_PASSWORD:-}" -export SERVER_PASSWORD="$KIBANA_PASSWORD" -export KIBANA_ELASTICSEARCH_ENABLE_TLS="${KIBANA_ELASTICSEARCH_ENABLE_TLS:-false}" -export SERVER_DB_ENABLE_TLS="$KIBANA_ELASTICSEARCH_ENABLE_TLS" -export KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE="${KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE:-full}" -export SERVER_DB_TLS_VERIFICATION_MODE="$KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE" -export KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION="${KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION:-${SERVER_CERTS_DIR}/elasticsearch/elasticsearch.truststore.p12}" -export SERVER_DB_TRUSTSTORE_LOCATION="$KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION" -export KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD="${KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD:-}" -export SERVER_DB_TRUSTSTORE_PASSWORD="$KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD" -export KIBANA_ELASTICSEARCH_TLS_USE_PEM="${KIBANA_ELASTICSEARCH_TLS_USE_PEM:-false}" -export SERVER_DB_TLS_USE_PEM="$KIBANA_ELASTICSEARCH_TLS_USE_PEM" -export KIBANA_ELASTICSEARCH_CA_CERT_LOCATION="${KIBANA_ELASTICSEARCH_CA_CERT_LOCATION:-${SERVER_CERTS_DIR}/elasticsearch/ca.crt}" -export SERVER_DB_CA_CERT_LOCATION="$KIBANA_ELASTICSEARCH_CA_CERT_LOCATION" -export KIBANA_DISABLE_STRICT_CSP="${KIBANA_DISABLE_STRICT_CSP:-no}" -export KIBANA_CREATE_USER="${KIBANA_CREATE_USER:-false}" -export KIBANA_ELASTICSEARCH_PASSWORD="${KIBANA_ELASTICSEARCH_PASSWORD:-}" -export KIBANA_SERVER_PUBLICBASEURL="${KIBANA_SERVER_PUBLICBASEURL:-}" -export KIBANA_XPACK_SECURITY_ENCRYPTIONKEY="${KIBANA_XPACK_SECURITY_ENCRYPTIONKEY:-}" -export KIBANA_XPACK_REPORTING_ENCRYPTIONKEY="${KIBANA_XPACK_REPORTING_ENCRYPTIONKEY:-}" -export KIBANA_NEWSFEED_ENABLED="${KIBANA_NEWSFEED_ENABLED:-true}" -export KIBANA_ELASTICSEARCH_REQUESTTIMEOUT="${KIBANA_ELASTICSEARCH_REQUESTTIMEOUT:-30000}" - -# Custom environment variables may be defined below diff --git a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/entrypoint.sh b/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/entrypoint.sh deleted file mode 100755 index 35bba0a43b0bc..0000000000000 --- a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/entrypoint.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libkibana.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load environment -. /opt/bitnami/scripts/kibana-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/elasticsearch/conf) -debug "Copying files from $SERVER_DEFAULT_CONF_DIR to $SERVER_CONF_DIR" -cp -nr "$SERVER_DEFAULT_CONF_DIR"/. "$SERVER_CONF_DIR" - -if ! is_dir_empty "$SERVER_DEFAULT_PLUGINS_DIR"; then - debug "Copying plugins from $SERVER_DEFAULT_PLUGINS_DIR to $SERVER_PLUGINS_DIR" - # Copy the plugins installed by default to the plugins directory - # If there is already a plugin with the same name in the plugins folder do nothing - for plugin_path in "${SERVER_DEFAULT_PLUGINS_DIR}"/*; do - plugin_name="$(basename "$plugin_path")" - plugin_moved_path="${SERVER_PLUGINS_DIR}/${plugin_name}" - if ! [[ -d "$plugin_moved_path" ]]; then - cp -r "$plugin_path" "$plugin_moved_path" - fi - done -fi - -if [[ "$1" = "/opt/bitnami/scripts/kibana/run.sh" ]]; then - info "** Starting Kibana setup **" - /opt/bitnami/scripts/kibana/setup.sh - info "** Kibana setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/postunpack.sh b/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/postunpack.sh deleted file mode 100755 index dd87b872df6d4..0000000000000 --- a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/postunpack.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libkibana.sh -. /opt/bitnami/scripts/libfs.sh - -# Load environment -. /opt/bitnami/scripts/kibana-env.sh - -for dir in "$SERVER_TMP_DIR" "$SERVER_LOGS_DIR" "$SERVER_CONF_DIR" "$SERVER_DEFAULT_CONF_DIR" "$SERVER_PLUGINS_DIR" "$SERVER_DEFAULT_PLUGINS_DIR" "$SERVER_VOLUME_DIR" "$SERVER_DATA_DIR" "$SERVER_INITSCRIPTS_DIR"; do - ensure_dir_exists "$dir" - chmod -R ug+rwX "$dir" -done - -kibana_conf_set "path.data" "$SERVER_DATA_DIR" -# For backwards compatibility, create a symlink to the default path -! is_dir_empty "${SERVER_BASE_DIR}/data" || rm -rf "${SERVER_BASE_DIR}/data" && ln -s "$SERVER_DATA_DIR" "${SERVER_BASE_DIR}/data" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${SERVER_CONF_DIR}/"* "$SERVER_DEFAULT_CONF_DIR" -chmod o+rX -R "$SERVER_DEFAULT_CONF_DIR" - -if ! is_dir_empty "$SERVER_PLUGINS_DIR"; then - # Move all initially installed plugins to the default plugins directory. - for plugin_path in "${SERVER_PLUGINS_DIR}"/*; do - plugin_name="$(basename "$plugin_path")" - plugin_moved_path="${SERVER_DEFAULT_PLUGINS_DIR}/${plugin_name}" - mv "$plugin_path" "$plugin_moved_path" - done - chmod o+rX -R "$SERVER_DEFAULT_PLUGINS_DIR" -fi diff --git a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/run.sh b/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/run.sh deleted file mode 100755 index 451f57ce508ed..0000000000000 --- a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/run.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libkibana.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load environment -. /opt/bitnami/scripts/kibana-env.sh - -info "** Starting Kibana **" -start_command=("${SERVER_BIN_DIR}/kibana" "serve") -if am_i_root; then - exec_as_user "$SERVER_DAEMON_USER" "${start_command[@]}" -else - exec "${start_command[@]}" -fi diff --git a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/setup.sh b/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/setup.sh deleted file mode 100755 index b5c745930f669..0000000000000 --- a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/kibana/setup.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libkibana.sh -. /opt/bitnami/scripts/libos.sh - -# Load environment -. /opt/bitnami/scripts/kibana-env.sh - -# Ensure kibana environment variables are valid -kibana_validate - -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$SERVER_DAEMON_USER" --group "$SERVER_DAEMON_GROUP" - -# Ensure kibana is initialized -kibana_initialize - -# Create kibana_system user, if necessary -is_boolean_yes "$KIBANA_CREATE_USER" && kibana_create_system_user - -# Ensure custom initialization scripts are executed -kibana_custom_init_scripts diff --git a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/libkibana.sh b/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/libkibana.sh deleted file mode 100644 index d5bb0bc8970a5..0000000000000 --- a/bitnami/kibana/7/debian-12/rootfs/opt/bitnami/scripts/libkibana.sh +++ /dev/null @@ -1,540 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Kibana library - -# shellcheck disable=SC1090 -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Set Elasticsearch keystore values -# Globals: -# ELASTICSEARCH_* -# Arguments: -# None -# Returns: -# None -######################### -kibana_set_key_value() { - local key="${1:?missing key}" - local value="${2:?missing value}" - - debug "Storing key: ${key}" - kibana-keystore add --stdin --force "$key" <<<"$value" -} - -######################## -# Waits for Elasticsearch to be available and creates the user 'kibana_user', if it doesn't exists -# Globals: -# KIBANA_* -# Arguments: -# None -# Returns: -# None -######################### -kibana_create_system_user() { - local -r retries="60" - local -r sleep_time="5" - local url - url=$(kibana_sanitize_elasticsearch_hosts "${KIBANA_ELASTICSEARCH_URL}" "${KIBANA_ELASTICSEARCH_PORT_NUMBER}") - check_elasticsearch() { - local status_code="000" - status_code=$(curl -L -s -k -o /dev/null "${url}" -w "%{http_code}") - debug "Attempted to connect with Elasticserach. Status code: $status_code" - # Any status code different to 000 will be considered valid - [[ "$status_code" != "000" ]] - } - - info "Waiting for Elasticsearch to be ready." - # Wait for elasticsearch to be available - if ! retry_while "check_elasticsearch" "$retries" "$sleep_time"; then - error "Timeout waiting for the Elasticsearch to respond" - return 1 - fi - - # Check kibana_system user doesn't exists - status_code=$(curl -L -s -k -o /dev/null -u "kibana_system:${KIBANA_PASSWORD}" "${url}" -w "%{http_code}") - if [[ "$status_code" == "401" ]]; then - info "Setting password for user 'kibana_system'" - curl -L -s -k -o /dev/null -X POST -u "elastic:${KIBANA_ELASTICSEARCH_PASSWORD}" -H "Content-Type: application/json" "${url}/_security/user/kibana_system/_password" -d "{\"password\":\"${KIBANA_PASSWORD}\"}" - status_code=$(curl -L -s -k -o /dev/null -u "kibana_system:${KIBANA_PASSWORD}" "${url}" -w "%{http_code}") - if [[ "$status_code" == "200" ]]; then - info "Password for kibana_system successfully configured" - else - error "An error occurred while configuring kibana_system user" - return 1 - fi - else - info "Skipping 'kibana_system' user creation. User already exists. Status code: ${status_code}" - fi -} - -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Kibana/Opensearch Dashboards common library - -# shellcheck disable=SC1090 -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Validate settings in SERVER_* env vars -# Globals: -# SERVER_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -kibana_validate() { - debug "Validating settings in SERVER_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - check_empty_value() { - if is_empty_value "${!1}"; then - print_validation_error "${1} must be set" - fi - } - # Warn users in case the configuration file is not writable - is_file_writable "$SERVER_CONF_FILE" || warn "The ${SERVER_FLAVOR^} configuration file '${SERVER_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied for this file." - - if [[ "$SERVER_FLAVOR" = "kibana" ]]; then - if is_boolean_yes "$KIBANA_CREATE_USER"; then - if is_empty_value "$KIBANA_PASSWORD"; then - print_validation_error "The variable KIBANA_CREATE_USER is set but no KIBANA_PASSWORD provided for the kibana_system user." - fi - if is_empty_value "$KIBANA_ELASTICSEARCH_PASSWORD"; then - print_validation_error "Password for the 'elastic' user is required in order to create the kibana_system user. Please provide it using the variable KIBANA_ELASTICSEARCH_PASSWORD." - fi - fi - fi - - # User inputs - check_empty_value "SERVER_DB_URL" - check_empty_value "SERVER_HOST" - for var in "SERVER_DB_PORT_NUMBER" "SERVER_PORT_NUMBER"; do - if ! err=$(validate_port "${!var}"); then - print_validation_error "An invalid port was specified in the environment variable $var: $err" - fi - done - - if is_boolean_yes "$SERVER_ENABLE_TLS"; then - if is_boolean_yes "$SERVER_TLS_USE_PEM"; then - if [[ ! -f "$SERVER_CERT_LOCATION" ]] || [[ ! -f "$SERVER_KEY_LOCATION" ]]; then - print_validation_error "In order to configure the TLS encryption for ${SERVER_FLAVOR^} server using PEM certs you must provide your a valid key and certificate." - fi - elif [[ ! -f "$SERVER_KEYSTORE_LOCATION" ]]; then - print_validation_error "In order to configure the TLS encryption for ${SERVER_FLAVOR^} server using PKCS12 certs you must mount a valid keystore." - fi - fi - - if is_boolean_yes "$SERVER_DB_ENABLE_TLS"; then - check_multi_value "SERVER_DB_TLS_VERIFICATION_MODE" "full certificate none" - if [[ "$SERVER_DB_TLS_VERIFICATION_MODE" != "none" ]];then - if is_boolean_yes "$SERVER_DB_TLS_USE_PEM"; then - if [[ ! -f "$SERVER_DB_CA_CERT_LOCATION" ]]; then - print_validation_error "In order to connect to Elasticsearch via HTTPS, a valid CA certificate is required." - fi - elif [[ ! -f "$SERVER_DB_TRUSTSTORE_LOCATION" ]]; then - print_validation_error "In order to connect to Elasticsearch via HTTPS, a valid PKCS12 truststore is required." - fi - fi - fi - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Configure/initialize Kibana/Dashboards -# Globals: -# SERVER_* -# Arguments: -# None -# Returns: -# None -######################### -kibana_initialize() { - info "Configuring/Initializing ${SERVER_FLAVOR^}..." - - debug "Ensuring expected directories/files exist..." - for dir in "$SERVER_TMP_DIR" "$SERVER_LOGS_DIR" "$SERVER_CONF_DIR" "$SERVER_DATA_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown -R "$SERVER_DAEMON_USER:$SERVER_DAEMON_GROUP" "$dir" - done - - if is_file_writable "$SERVER_CONF_FILE"; then - local dbFlavor="elasticsearch" - [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]] && dbFlavor="opensearch" - if is_mounted_dir_empty "$SERVER_MOUNTED_CONF_DIR"; then - info "Setting default configuration" - kibana_conf_set "pid.file" "$SERVER_PID_FILE" - kibana_conf_set "server.host" "$SERVER_HOST" - kibana_conf_set "server.port" "$SERVER_PORT_NUMBER" "int" - kibana_conf_set "${dbFlavor}.hosts" "$(kibana_sanitize_elasticsearch_hosts "${SERVER_DB_URL}" "${SERVER_DB_PORT_NUMBER}")" - - else - info "Found mounted configuration directory" - if ! cp -Lr "$SERVER_MOUNTED_CONF_DIR"/* "$SERVER_CONF_DIR"; then - error "Issue copying mounted configuration files from $SERVER_MOUNTED_CONF_DIR to $SERVER_CONF_DIR. Make sure you are not mounting configuration files in $SERVER_CONF_DIR and $SERVER_MOUNTED_CONF_DIR at the same time" - exit 1 - fi - fi - # Kibana override configuration - if [[ "$SERVER_FLAVOR" = "kibana" ]]; then - if is_boolean_yes "$KIBANA_DISABLE_STRICT_CSP"; then - kibana_conf_set "csp.strict" "false" "bool" - fi - if ! is_empty_value "$KIBANA_SERVER_PUBLICBASEURL"; then - kibana_conf_set "server.publicBaseUrl" "$KIBANA_SERVER_PUBLICBASEURL" - fi - if ! is_empty_value "$KIBANA_XPACK_SECURITY_ENCRYPTIONKEY"; then - kibana_conf_set "xpack.security.encryptionKey" "$KIBANA_XPACK_SECURITY_ENCRYPTIONKEY" - fi - if ! is_empty_value "$KIBANA_XPACK_REPORTING_ENCRYPTIONKEY"; then - kibana_conf_set "xpack.reporting.encryptionKey" "$KIBANA_XPACK_REPORTING_ENCRYPTIONKEY" - fi - if ! is_boolean_yes "$KIBANA_NEWSFEED_ENABLED"; then - kibana_conf_set "newsfeed.enabled" "false" "bool" - fi - if [[ "$KIBANA_ELASTICSEARCH_REQUESTTIMEOUT" != "30000" ]]; then - kibana_conf_set "elasticsearch.requestTimeout" "$KIBANA_ELASTICSEARCH_REQUESTTIMEOUT" - fi - fi - - # Configure Elasticsearch/Opensearch authentication - if ! is_empty_value "$SERVER_PASSWORD"; then - local user="kibana_system" - [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]] && user="kibanaserver" - kibana_conf_set "${dbFlavor}.username" "$user" - kibana_conf_set "${dbFlavor}.password" "$SERVER_PASSWORD" - elif [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]]; then - info "Security settings not provided, removing plugin" - opensearch-dashboards-plugin remove securityDashboards - replace_in_file "$SERVER_CONF_FILE" "^opensearch_security\." "#opensearch_security." - fi - - # Configure Webserver TLS settings (Client -> Kibana/Dashboards) - if is_boolean_yes "$SERVER_ENABLE_TLS"; then - kibana_conf_set "server.ssl.enabled" "true" "bool" - [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]] && kibana_conf_set "opensearch_security.cookie.secure" "true" "bool" - if is_boolean_yes "$SERVER_TLS_USE_PEM"; then - kibana_conf_set "server.ssl.certificate" "$SERVER_CERT_LOCATION" - kibana_conf_set "server.ssl.key" "$SERVER_KEY_LOCATION" - if ! is_empty_value "$SERVER_KEY_PASSWORD"; then - if [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]]; then - kibana_conf_set "server.ssl.keyPassphrase" "$SERVER_KEY_PASSWORD" - else - kibana_set_key_value "server.ssl.keyPassphrase" "$SERVER_KEY_PASSWORD" - fi - fi - else - kibana_conf_set "server.ssl.keystore.path" "$SERVER_KEYSTORE_LOCATION" - if ! is_empty_value "$SERVER_KEYSTORE_PASSWORD"; then - if [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]]; then - kibana_conf_set "server.ssl.keystore.password" "$SERVER_KEY_PASSWORD" - else - kibana_set_key_value "server.ssl.keystore.password" "$SERVER_KEY_PASSWORD" - fi - fi - fi - fi - - # Configure Database TLS settings (Kibana/Dashboards -> Elasticsearch/Opensearch) - if is_boolean_yes "$SERVER_DB_ENABLE_TLS"; then - kibana_conf_set "${dbFlavor}.ssl.verificationMode" "$SERVER_DB_TLS_VERIFICATION_MODE" - if [[ "$SERVER_DB_TLS_VERIFICATION_MODE" != "none" ]];then - if is_boolean_yes "$SERVER_DB_TLS_USE_PEM"; then - kibana_conf_set "${dbFlavor}.ssl.certificateAuthorities" "$SERVER_DB_CA_CERT_LOCATION" - else - kibana_conf_set "${dbFlavor}.ssl.truststore.path" "$SERVER_DB_TRUSTSTORE_LOCATION" - if ! is_empty_value "$SERVER_DB_TRUSTSTORE_PASSWORD"; then - if [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]]; then - kibana_conf_set "${dbFlavor}.ssl.truststore.password" "$SERVER_DB_TRUSTSTORE_PASSWORD" - else - kibana_set_key_value "${dbFlavor}.ssl.truststore.password" "$SERVER_DB_TRUSTSTORE_PASSWORD" - fi - fi - fi - fi - fi - fi -} - -######################## -# Write a configuration setting value -# Globals: -# SERVER_CONF_FILE -# Arguments: -# $1 - key -# $2 - value -# $3 - YAML type (string, int or bool) -# Returns: -# None -######################### -kibana_conf_set() { - local -r key="${1:?Missing key}" - local -r value="${2:-}" - local -r type="${3:-string}" - local -r tempfile=$(mktemp) - - case "$type" in - string) - yq eval "(.${key}) |= \"${value}\"" "$SERVER_CONF_FILE" >"$tempfile" - ;; - int) - yq eval "(.${key}) |= ${value}" "$SERVER_CONF_FILE" >"$tempfile" - ;; - bool) - yq eval "(.${key}) |= (\"${value}\" | test(\"true\"))" "$SERVER_CONF_FILE" >"$tempfile" - ;; - *) - error "Type unknown: ${type}" - return 1 - ;; - esac - cp "$tempfile" "$SERVER_CONF_FILE" -} - -######################## -# Read a configuration setting value -# Globals: -# SERVER_CONF_FILE -# Arguments: -# $1 - key -# Returns: -# Outputs the key to stdout (Empty response if key is not set) -######################### -kibana_conf_get() { - local key="${1:?missing key}" - - if [[ -r "$SERVER_CONF_FILE" ]]; then - local -r res="$(yq eval ".${key}" "$SERVER_CONF_FILE")" - if [[ ! "$res" = "null" ]]; then - echo "$res" - fi - fi -} - -######################## -# Configure/initialize Kibana/Dashboards -# For backwards compatibility, it is allowed to specify the host and port in -# different env-vars and this function will build the correct url. -# Globals: -# SERVER_* -# Arguments: -# $1 - hostUrl -# $2 - port -# Returns: -# None -######################### -kibana_sanitize_elasticsearch_hosts() { - local -r hostUrl="${1:?missing hostUrl}" - local -r port="${2:?missing port}" - local scheme - - if is_boolean_yes "$SERVER_DB_ENABLE_TLS"; then - scheme="https" - else - scheme="http" - fi - - if grep -q -E "^https?://[^:]+:[0-9]+$" <<<"$hostUrl"; then # i.e. http://localhost:9200 - echo "${hostUrl}" - elif grep -q -E "^https?://[^:]+$" <<<"$hostUrl"; then # i.e. http://localhost - echo "${hostUrl}:${port}" - elif grep -q -E "^[^:]+:[0-9]+$" <<<"$hostUrl"; then # i.e. localhost:9200 - echo "${scheme}://${hostUrl}" - else # i.e. localhost - echo "${scheme}://${hostUrl}:${port}" - fi -} - -######################## -# Check if Kibana/Dashboards is running -# Globals: -# SERVER_* -# Arguments: -# None -# Returns: -# Boolean -######################### -is_kibana_running() { - local pid - pid="$(get_pid_from_file "${SERVER_PID_FILE}")" - - if [[ -z "$pid" ]]; then - false - else - is_service_running "$pid" - fi -} - -######################## -# Check if Kibana/Dashboards is not running -# Globals: -# SERVER_* -# Arguments: -# None -# Returns: -# Boolean -######################### -is_kibana_not_running() { - ! is_kibana_running -} - -######################## -# Check if Kibana/Dashboards is ready -# Globals: -# SERVER_* -# Arguments: -# None -# Returns: -# Boolean -######################### -is_kibana_ready() { - local basePath - local rewriteBasePath - local scheme="http" - local opts=() - rewriteBasePath=$(kibana_conf_get "server.rewriteBasePath") - # The default value for is 'server.rewriteBasePath' is 'true' when ommited.' - # Therefore, we must check the value is not 'true' - ! is_boolean_yes "$rewriteBasePath" && basePath=$(kibana_conf_get "server.basePath") - - [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]] && ! is_empty_value "$SERVER_PASSWORD" && opts+=("-u" "kibanaserver:${SERVER_PASSWORD}") - if is_boolean_yes "$SERVER_DB_ENABLE_TLS"; then - scheme="https" - opts+=("-k") - fi - if is_kibana_running; then - # Kibana 7 and Opensearch expects .status.overall.state to be 'green', while 8 expects .status.overall.level to be 'available' - local -r status="$(yq eval '.status.overall | pick(["state", "level"]) | .[]' - <<<"$(curl -s "${opts[@]}" "${scheme}://127.0.0.1:${SERVER_PORT_NUMBER}${basePath}/api/status")")" - [[ "$status" = "green" || "$status" = "available" ]] && return - else - false - fi -} - -######################## -# Wait until Kibana/Dashboards is ready -# Globals: -# SERVER_* -# Arguments: -# None -# Returns: -# Boolean -######################### -wait_for_kibana_ready() { - info "Waiting for ${SERVER_FLAVOR^} to be started and ready" - retries="$SERVER_WAIT_READY_MAX_RETRIES" - until is_kibana_ready || [[ "$retries" -eq 0 ]]; do - debug "Waiting for ${SERVER_FLAVOR^} server: $((retries--)) remaining attempts..." - sleep 2 - done - if [[ "$retries" -eq 0 ]]; then - error "${SERVER_FLAVOR^} is not available after ${SERVER_WAIT_READY_MAX_RETRIES} retries" - if [[ -r "${SERVER_LOGS_DIR}/init_scripts_start.log" ]]; then - info "Dumping ${SERVER_LOGS_DIR}/init_scripts_start.log for additional diagnostics..." - cat "${SERVER_LOGS_DIR}/init_scripts_start.log" - fi - exit 1 - fi -} - -######################## -# Start Kibana/Dashboards in background mode -# Globals: -# SERVER_* -# Arguments: -# Extra arguments to pass to the command (optional array) -# Returns: -# None -######################### -kibana_start_bg() { - local extra_args=("${@}") - - info "Starting ${SERVER_FLAVOR^} in background" - local start_command=("${SERVER_BIN_DIR}/${SERVER_FLAVOR}" "serve" "${extra_args[@]}") - am_i_root && start_command=("run_as_user" "$SERVER_DAEMON_USER" "${start_command[@]}") - debug_execute "${start_command[@]}" & -} - -######################## -# Run custom initialization scripts -# Globals: -# SERVER_* -# Arguments: -# None -# Returns: -# None -######################### -kibana_custom_init_scripts() { - read -r -a init_scripts <<<"$(find "$SERVER_INITSCRIPTS_DIR" -type f -name "*.sh" -print0 | xargs -0)" - if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "$SERVER_VOLUME_DIR"/.user_scripts_initialized ]] || is_boolean_yes "$SERVER_FORCE_INITSCRIPTS"; then - if is_boolean_yes "$SERVER_FORCE_INITSCRIPTS"; then - info "Forcing execution of user files" - fi - - if is_boolean_yes "${SERVER_INITSCRIPTS_START_SERVER}"; then - # Binding to localhost to not give false positives for external connections - kibana_start_bg "--host" "127.0.0.1" "--log-file" "${SERVER_LOGS_DIR}/init_scripts_start.log" - wait_for_kibana_ready - fi - - info "Loading user's custom files from $SERVER_INITSCRIPTS_DIR" - for f in "${init_scripts[@]}"; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$SERVER_VOLUME_DIR"/.user_scripts_initialized - - is_kibana_running && stop_service_using_pid "$SERVER_PID_FILE" - retry_while "is_kibana_not_running" - fi -} diff --git a/bitnami/kibana/7/debian-12/tags-info.yaml b/bitnami/kibana/7/debian-12/tags-info.yaml deleted file mode 100644 index 7d0322a3a34ac..0000000000000 --- a/bitnami/kibana/7/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "7" -- 7-debian-12 -- 7.17.21 diff --git a/bitnami/kibana/8/debian-12/Dockerfile b/bitnami/kibana/8/debian-12/Dockerfile index a3b25bc6164e0..c54b5df840be1 100644 --- a/bitnami/kibana/8/debian-12/Dockerfile +++ b/bitnami/kibana/8/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T11:58:22Z" \ + org.opencontainers.image.created="2025-01-11T19:07:11Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kibana/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="8.13.4-debian-12-r0" \ + org.opencontainers.image.ref.name="8.17.0-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kibana" \ org.opencontainers.image.title="kibana" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="8.13.4" + org.opencontainers.image.version="8.17.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -29,13 +30,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libexpat1 libgcc-s1 libnss3 libstdc++6 procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-1-linux-${OS_ARCH}-debian-12" \ - "kibana-8.13.4-0-linux-${OS_ARCH}-debian-12" \ + "yq-4.44.6-0-linux-${OS_ARCH}-debian-12" \ + "kibana-8.17.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/kibana/postunpack.sh -ENV APP_VERSION="8.13.4" \ +ENV APP_VERSION="8.17.0" \ BITNAMI_APP_NAME="kibana" EXPOSE 5601 diff --git a/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index da37971338524..7a105708a6e0c 100644 --- a/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.13.4-0" + "version": "8.17.0-0" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-1" + "version": "4.44.6-0" } } \ No newline at end of file diff --git a/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/kibana/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/kibana/8/debian-12/tags-info.yaml b/bitnami/kibana/8/debian-12/tags-info.yaml index ae6ae606ffce0..29c22b8e57647 100644 --- a/bitnami/kibana/8/debian-12/tags-info.yaml +++ b/bitnami/kibana/8/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "8" - 8-debian-12 -- 8.13.4 +- 8.17.0 - latest diff --git a/bitnami/kibana/README.md b/bitnami/kibana/README.md index 450dc4d9e8cb5..3cce4ebf8a86c 100644 --- a/bitnami/kibana/README.md +++ b/bitnami/kibana/README.md @@ -24,15 +24,21 @@ docker run --name kibana bitnami/kibana:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kibana in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kibana in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -335,7 +341,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/kong-ingress-controller/2/README.md b/bitnami/kong-ingress-controller/2/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/kong-ingress-controller/2/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/kong-ingress-controller/2/debian-12/Dockerfile b/bitnami/kong-ingress-controller/2/debian-12/Dockerfile deleted file mode 100644 index 1c671546efca5..0000000000000 --- a/bitnami/kong-ingress-controller/2/debian-12/Dockerfile +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T21:51:43Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kong-ingress-controller/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.12.4-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kong-ingress-controller" \ - org.opencontainers.image.title="kong-ingress-controller" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.12.4" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "kong-ingress-controller-2.12.4-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -ENV APP_VERSION="2.12.4" \ - BITNAMI_APP_NAME="kong-ingress-controller" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/kong-ingress-controller/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "kong-ingress-controller" ] -CMD [ "--help" ] diff --git a/bitnami/kong-ingress-controller/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kong-ingress-controller/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 9e66bdb46ab9c..0000000000000 --- a/bitnami/kong-ingress-controller/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "kong-ingress-controller": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.12.4-2" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/kong-ingress-controller/2/debian-12/tags-info.yaml b/bitnami/kong-ingress-controller/2/debian-12/tags-info.yaml deleted file mode 100644 index 6c3ab197dbf82..0000000000000 --- a/bitnami/kong-ingress-controller/2/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "2" -- 2-debian-12 -- 2.12.4 diff --git a/bitnami/kong-ingress-controller/3/debian-12/Dockerfile b/bitnami/kong-ingress-controller/3/debian-12/Dockerfile index b5ab6905aae20..db54b3d1b2ed0 100644 --- a/bitnami/kong-ingress-controller/3/debian-12/Dockerfile +++ b/bitnami/kong-ingress-controller/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T10:49:11Z" \ + org.opencontainers.image.created="2025-01-03T00:55:03Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kong-ingress-controller/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.1.5-debian-12-r0" \ + org.opencontainers.image.ref.name="3.4.1-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kong-ingress-controller" \ org.opencontainers.image.title="kong-ingress-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.1.5" + org.opencontainers.image.version="3.4.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "kong-ingress-controller-3.1.5-0-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "kong-ingress-controller-3.4.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="3.1.5" \ +ENV APP_VERSION="3.4.1" \ BITNAMI_APP_NAME="kong-ingress-controller" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/kong-ingress-controller/bin:$PATH" diff --git a/bitnami/kong-ingress-controller/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kong-ingress-controller/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index a83ebf525274b..ba1e1722806ef 100644 --- a/bitnami/kong-ingress-controller/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kong-ingress-controller/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.1.5-0" + "version": "3.4.1-0" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/kong-ingress-controller/3/debian-12/tags-info.yaml b/bitnami/kong-ingress-controller/3/debian-12/tags-info.yaml index 68074b024abae..9f9b21b7dfe03 100644 --- a/bitnami/kong-ingress-controller/3/debian-12/tags-info.yaml +++ b/bitnami/kong-ingress-controller/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.1.5 +- 3.4.1 - latest diff --git a/bitnami/kong-ingress-controller/README.md b/bitnami/kong-ingress-controller/README.md index 838faa96c9c7b..a324cce523154 100644 --- a/bitnami/kong-ingress-controller/README.md +++ b/bitnami/kong-ingress-controller/README.md @@ -22,11 +22,17 @@ docker run --name kong-ingress-controller bitnami/kong-ingress-controller:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kong Ingress Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kong Ingress Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -82,7 +88,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/kong/3/debian-12/Dockerfile b/bitnami/kong/3/debian-12/Dockerfile index ad432bbb6c666..a6598e18a1280 100644 --- a/bitnami/kong/3/debian-12/Dockerfile +++ b/bitnami/kong/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T20:15:50Z" \ + org.opencontainers.image.created="2025-01-11T18:38:44Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kong/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.7.0-debian-12-r1" \ + org.opencontainers.image.ref.name="3.9.0-debian-12-r8" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kong" \ org.opencontainers.image.title="kong" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.7.0" + org.opencontainers.image.version="3.9.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libabsl20220623 libaom3 libavif15 libbrotli1 libbsd0 libcrypt1 libdav1d6 libde265-0 libdeflate0 libexpat1 libfontconfig1 libfreetype6 libgav1-1 libgcc-s1 libgcrypt20 libgd3 libgeoip1 libgpg-error0 libheif1 libicu72 libjbig0 libjpeg62-turbo liblerc4 liblzma5 libmd0 libnuma1 libpcre3 libpng16-16 libprotobuf-dev librav1e0 libssl3 libstdc++6 libsvtav1enc1 libtiff6 libwebp7 libx11-6 libx265-199 libxau6 libxcb1 libxdmcp6 libxml2 libxpm4 libxslt1.1 libyaml-0-2 libyuv0 libzstd1 perl procps zlib1g zlib1g-dev RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "kong-3.7.0-1-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "kong-3.9.0-6-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/kong/postunpack.sh -ENV APP_VERSION="3.7.0" \ +ENV APP_VERSION="3.9.0" \ BITNAMI_APP_NAME="kong" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/kong/bin:/opt/bitnami/kong/luarocks/bin:/opt/bitnami/kong/openresty/bin:/opt/bitnami/kong/openresty/luajit/bin:/opt/bitnami/kong/openresty/nginx/sbin:$PATH" diff --git a/bitnami/kong/3/debian-12/docker-compose.yml b/bitnami/kong/3/debian-12/docker-compose.yml index 69c103d939d95..56b8cae75ea4e 100644 --- a/bitnami/kong/3/debian-12/docker-compose.yml +++ b/bitnami/kong/3/debian-12/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:14 + image: docker.io/bitnami/postgresql:latest volumes: - postgresql_data:/bitnami/postgresql environment: diff --git a/bitnami/kong/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kong/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 34e658d00369a..0c1be5cb09f45 100644 --- a/bitnami/kong/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kong/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.7.0-1" + "version": "3.9.0-6" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" } } \ No newline at end of file diff --git a/bitnami/kong/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kong/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/kong/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/kong/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/kong/3/debian-12/rootfs/opt/bitnami/scripts/kong/postunpack.sh b/bitnami/kong/3/debian-12/rootfs/opt/bitnami/scripts/kong/postunpack.sh index 395971cf25775..06827f184d3b6 100755 --- a/bitnami/kong/3/debian-12/rootfs/opt/bitnami/scripts/kong/postunpack.sh +++ b/bitnami/kong/3/debian-12/rootfs/opt/bitnami/scripts/kong/postunpack.sh @@ -9,6 +9,7 @@ set -o nounset set -o pipefail # set -o xtrace # Uncomment this line for debugging purposes +. /opt/bitnami/scripts/libfile.sh . /opt/bitnami/scripts/libfs.sh . /opt/bitnami/scripts/libos.sh . /opt/bitnami/scripts/libkong.sh @@ -33,6 +34,8 @@ kong_conf_set nginx_user "$KONG_DAEMON_USER" kong_configure_non_empty_values install_opentelemetry configure_lua_paths "/opt/bitnami/scripts/kong-env.sh" "/etc/bash.bashrc" +# Comment out 'resolver_address' setting to force Kong to use values from '/etc/resolv.conf' +replace_in_file "$KONG_CONF_FILE" "^resolver_address\s*=.*" "# resolver_address =" # Copy all initially generated configuration files to the default directory # (this is to avoid breaking when entrypoint is being overridden) diff --git a/bitnami/kong/3/debian-12/rootfs/opt/bitnami/scripts/libkong.sh b/bitnami/kong/3/debian-12/rootfs/opt/bitnami/scripts/libkong.sh index aca683593b30c..ea2d7552e5f43 100644 --- a/bitnami/kong/3/debian-12/rootfs/opt/bitnami/scripts/libkong.sh +++ b/bitnami/kong/3/debian-12/rootfs/opt/bitnami/scripts/libkong.sh @@ -265,7 +265,7 @@ is_kong_not_running() { kong_stop() { local -r retries=5 local -r sleep_time=5 - kong stop -c "$KONG_CONF_FILE" -p "$KONG_PREFIX" + kong stop -p "$KONG_PREFIX" if ! retry_while is_kong_not_running "$retries" "$sleep_time"; then error "Kong failed to shut down" exit 1 diff --git a/bitnami/kong/3/debian-12/tags-info.yaml b/bitnami/kong/3/debian-12/tags-info.yaml index d9652bdfe6c58..056f6d8b3ec17 100644 --- a/bitnami/kong/3/debian-12/tags-info.yaml +++ b/bitnami/kong/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.7.0 +- 3.9.0 - latest diff --git a/bitnami/kong/README.md b/bitnami/kong/README.md index c39f6e06bdeeb..34f2fc832b900 100644 --- a/bitnami/kong/README.md +++ b/bitnami/kong/README.md @@ -22,15 +22,21 @@ docker run --name kong bitnami/kong:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kong in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kong in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -294,7 +300,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/kong/docker-compose-cluster.yml b/bitnami/kong/docker-compose-cluster.yml index ef91c17432fe5..173da7b077807 100644 --- a/bitnami/kong/docker-compose-cluster.yml +++ b/bitnami/kong/docker-compose-cluster.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:14 + image: docker.io/bitnami/postgresql:latest ports: - '5432' volumes: diff --git a/bitnami/kong/docker-compose.yml b/bitnami/kong/docker-compose.yml index 69c103d939d95..56b8cae75ea4e 100644 --- a/bitnami/kong/docker-compose.yml +++ b/bitnami/kong/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:14 + image: docker.io/bitnami/postgresql:latest volumes: - postgresql_data:/bitnami/postgresql environment: diff --git a/bitnami/ksql/7.2/debian-12/Dockerfile b/bitnami/ksql/7.2/debian-12/Dockerfile deleted file mode 100644 index 2184799a77973..0000000000000 --- a/bitnami/ksql/7.2/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:20:39Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ksql/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.2.10-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ksql" \ - org.opencontainers.image.title="ksql" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.2.10" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl netcat-openbsd procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-11.0.23-10-1-linux-${OS_ARCH}-debian-12" \ - "ksql-7.2.10-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/ksql/postunpack.sh -ENV APP_VERSION="7.2.10" \ - BITNAMI_APP_NAME="ksql" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/ksql/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/ksql/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/ksql/run.sh" ] diff --git a/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index d725030aa041e..0000000000000 --- a/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.0.23-10-1" - }, - "ksql": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.2.10-1" - } -} \ No newline at end of file diff --git a/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/ksql/7.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/ksql/7.2/debian-12/tags-info.yaml b/bitnami/ksql/7.2/debian-12/tags-info.yaml deleted file mode 100644 index 291956016a474..0000000000000 --- a/bitnami/ksql/7.2/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "7.2" -- 7.2-debian-12 -- 7.2.10 diff --git a/bitnami/ksql/7.3/debian-12/Dockerfile b/bitnami/ksql/7.3/debian-12/Dockerfile deleted file mode 100644 index c7675be6a2783..0000000000000 --- a/bitnami/ksql/7.3/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:24:42Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ksql/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.3.8-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ksql" \ - org.opencontainers.image.title="ksql" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.3.8" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl netcat-openbsd procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "ksql-7.3.8-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/ksql/postunpack.sh -ENV APP_VERSION="7.3.8" \ - BITNAMI_APP_NAME="ksql" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/ksql/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/ksql/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/ksql/run.sh" ] diff --git a/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 49c10be641559..0000000000000 --- a/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "ksql": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.3.8-1" - } -} \ No newline at end of file diff --git a/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/ksql/7.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh b/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh deleted file mode 100644 index 735ca3114ae6e..0000000000000 --- a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for ksql - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-ksql}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -ksql_env_vars=( - KSQL_MOUNTED_CONF_DIR - KSQL_LISTENERS - KSQL_SSL_KEYSTORE_PASSWORD - KSQL_SSL_TRUSTSTORE_PASSWORD - KSQL_CLIENT_AUTHENTICATION - KSQL_BOOTSTRAP_SERVERS -) -for env_var in "${ksql_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset ksql_env_vars - -# Paths -export KSQL_BASE_DIR="${BITNAMI_ROOT_DIR}/ksql" -export KSQL_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ksql" -export KSQL_DATA_DIR="${KSQL_VOLUME_DIR}/data" -export KSQL_BIN_DIR="${KSQL_BASE_DIR}/bin" -export KSQL_CONF_DIR="${KSQL_BASE_DIR}/etc/ksqldb" -export KSQL_LOGS_DIR="${KSQL_BASE_DIR}/logs" -export KSQL_CONF_FILE="${KSQL_CONF_DIR}/ksql-server.properties" -export KSQL_MOUNTED_CONF_DIR="${KSQL_MOUNTED_CONF_DIR:-${KSQL_VOLUME_DIR}/etc}" -export KSQL_CERTS_DIR="${KSQL_BASE_DIR}/certs" - -# System users (when running with a privileged user) -export KSQL_DAEMON_USER="ksql" -export KSQL_DAEMON_GROUP="ksql" -export KSQL_DEFAULT_LISTENERS="http://0.0.0.0:8088" # only used at build time -export KSQL_DEFAULT_BOOTSTRAP_SERVERS="localhost:9092" # only used at build time - -# KSQL settings -export KSQL_LISTENERS="${KSQL_LISTENERS:-}" -export KSQL_SSL_KEYSTORE_PASSWORD="${KSQL_SSL_KEYSTORE_PASSWORD:-}" -export KSQL_SSL_TRUSTSTORE_PASSWORD="${KSQL_SSL_TRUSTSTORE_PASSWORD:-}" -export KSQL_CLIENT_AUTHENTICATION="${KSQL_CLIENT_AUTHENTICATION:-}" -export KSQL_BOOTSTRAP_SERVERS="${KSQL_BOOTSTRAP_SERVERS:-}" - -# Custom environment variables may be defined below diff --git a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh b/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh deleted file mode 100755 index 8f3e94cfa5643..0000000000000 --- a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/ksql/run.sh" ]]; then - info "** Starting KSQL setup **" - /opt/bitnami/scripts/ksql/setup.sh - info "** KSQL setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh b/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh deleted file mode 100755 index 18531436a8901..0000000000000 --- a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libfs.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -# Auxiliar functions - -######################## -# Create default config file -# Globals: -# KSQL_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -ksql_create_default_config_file() { - cat > "${KSQL_CONF_FILE}.default" << EOF -## The address(es) the socket server listens on. -## FORMAT: listener_name://hostname:port -## -listeners = ${KSQL_DEFAULT_LISTENERS} - -## The advertised address(es) the server is advertised on. -## FORMAT: listener_name://hostname:port -## -# advertised.listener = - -## Keystore & Trustore used to expose the REST API over HTTPS -## -ssl.client.authentication = NONE -# ssl.key.password = -# ssl.keystore.location = -# ssl.keystore.password = - -## List of Kafka brokers to connect to. -## FORMAT: broker_hostname:port -## -bootstrap.servers = ${KSQL_DEFAULT_BOOTSTRAP_SERVERS} - -## Schema Registry server to connect to: -## FORMAT: schema_registry_hostname:port -## -# ksql.schema.registry.url = - -## Login configuration -## -ksql.logging.processing.topic.auto.create = true -ksql.logging.processing.stream.auto.create = true -ksql.logging.processing.rows.include = false - -## Sets the storage directory for stateful operations -## -ksql.streams.state.dir = ${KSQL_DATA_DIR} -EOF -} - -# Create default configuration file -rm "$KSQL_CONF_FILE" -ksql_create_default_config_file -# Ensure directories used by KSQL exist and have proper ownership and permissions -for dir in "$KSQL_CONF_DIR" "$KSQL_DATA_DIR" "$KSQL_LOGS_DIR" "$KSQL_CERTS_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done diff --git a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh b/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh deleted file mode 100755 index 138673a16b3b3..0000000000000 --- a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -info "** Starting KSQL **" - -__run_cmd="${KSQL_BIN_DIR}/ksql-server-start" -__run_flags=("$KSQL_CONF_FILE" "$@") - -if am_i_root; then - exec_as_user "$KSQL_DAEMON_USER" "$__run_cmd" "${__run_flags[@]}" -else - exec "$__run_cmd" "${__run_flags[@]}" -fi diff --git a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh b/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh deleted file mode 100755 index 28672ff979be9..0000000000000 --- a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -# Ensure KSQL environment variables are valid -ksql_validate - -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$KSQL_DAEMON_USER" --group "$KSQL_DAEMON_GROUP" -for dir in "$KSQL_CONF_DIR" "$KSQL_DATA_DIR" "$KSQL_LOGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown -R "${KSQL_DAEMON_USER}:${KSQL_DAEMON_GROUP}" "$dir" -done - -# Ensure KSQL is initialized -ksql_initialize diff --git a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/libksql.sh b/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/libksql.sh deleted file mode 100644 index af7af40ccd216..0000000000000 --- a/bitnami/ksql/7.3/debian-12/rootfs/opt/bitnami/scripts/libksql.sh +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Confluent KSQL library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Return listeners ports -# Globals: -# KSQL_LISTENERS -# Arguments: -# $1 - Bucket name -# Returns: -# Boolean -######################### -ksql_ports() { - local ports - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a listeners <<< "$(tr ',;' ' ' <<< "$KSQL_LISTENERS")" - for l in "${listeners[@]}"; do - if [[ "$l" =~ [a-zA-Z]*://.*:([0-9]*) ]]; then - ports+=("${BASH_REMATCH[1]}") - fi - done - echo "${ports[@]}" - else - echo "8081" - fi -} - -######################## -# Return listeners protocols -# Globals: -# KSQL_LISTENERS -# Arguments: -# $1 - Bucket name -# Returns: -# Boolean -######################### -ksql_protocols() { - local protocols - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a listeners <<< "$(tr ',;' ' ' <<< "$KSQL_LISTENERS")" - for l in "${listeners[@]}"; do - if [[ "$l" =~ ([a-zA-Z]*)://.*:[0-9]* ]]; then - protocols+=("${BASH_REMATCH[1]}") - fi - done - echo "${protocols[@]}" - else - echo "http" - fi -} - -######################## -# Validate settings in KSQL_* env vars -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_validate() { - info "Validating settings in KSQL_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_true_false_value() { - if ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for $1 are [true, false]" - fi - } - check_conflicting_ports() { - local -r total="$#" - for i in $(seq 1 "$((total - 1))"); do - for j in $(seq "$((i + 1))" "$total"); do - if (( "${!i}" == "${!j}" )); then - print_validation_error "There are listeners bound to the same port" - fi - done - done - } - check_allowed_port() { - local validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - if ! err=$(validate_port "${validate_port_args[@]}" "$1"); then - print_validation_error "An invalid port was specified in the environment variable KSQL_LISTENERS: $err" - fi - } - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a ports <<< "$(ksql_ports)" - for port in "${ports[@]}"; do - check_allowed_port "$port" - done - [[ "${#ports[@]}" -gt 1 ]] && check_conflicting_ports "${ports[@]}" - read -r -a protocols <<< "$(ksql_protocols)" - if [[ "${protocols[*]}" =~ https ]]; then - if [[ ! -f ${KSQL_CERTS_DIR}/ssl.keystore.jks ]]; then - print_validation_error "In order to configure HTTPS access, you must mount your ssl.keystore.jks (and optionally the ssl.truststore.jks) to the ${KSQL_CERTS_DIR} directory." - fi - fi - fi - [[ -z "$KSQL_BOOTSTRAP_SERVERS" && ! -f "$KSQL_CONF_FILE" ]] && warn "KSQL_BOOTSTRAP_SERVERS should be provided" - - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Set a configuration setting value to the configuration file -# Globals: -# KSQL_* -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -ksql_conf_set() { - local -r key="${1:?missing key}" - shift - local -r -a values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - ksql_conf_set "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[# ]*$key\s*=.*" "$KSQL_CONF_FILE"; then - # Update the existing key - replace_in_file "$KSQL_CONF_FILE" "^[# ]*${key}\s*=.*" "${key} = ${value}" false - else - # Add a new key - printf '\n%s = %s' "$key" "$value" >>"$KSQL_CONF_FILE" - fi - fi -} - -######################## -# Wait for Kafka brokers to be up -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_wait_for_kafka_brokers() { - local kafka_brokers - local host - local port - - info "Waiting for Kafka brokers to be up" - kafka_brokers="$(grep "^bootstrap.servers" "$KSQL_CONF_FILE" | cut -d '=' -f 2)" - read -r -a brokers <<< "$(tr ',;' ' ' <<< "${kafka_brokers/%,/}")" - for b in "${brokers[@]}"; do - if [[ "$b" =~ [_a-zA-Z]*://(.*):([0-9]*) ]]; then - host="${BASH_REMATCH[1]}" - port="${BASH_REMATCH[2]}" - if ! retry_while "debug_execute nc -z ${host} ${port}" 10 10; then - error "Failed to connect to the broker at $host:$port" - return 1 - fi - fi - done -} - -######################## -# Initialize Confluent KSQL -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_initialize() { - info "Initializing Confluent KSQL" - - # Check for mounted configuration files - if ! is_dir_empty "$KSQL_MOUNTED_CONF_DIR"; then - cp -Lr "$KSQL_MOUNTED_CONF_DIR"/* "$KSQL_CONF_DIR" - fi - if [[ -f "$KSQL_CONF_FILE" ]]; then - info "Injected configuration file found. Skipping default configuration" - else - info "No injected configuration files found, creating default config file." - mv "${KSQL_CONF_FILE}.default" "$KSQL_CONF_FILE" - - # Kafka boostrap settings - [[ -n "$KSQL_BOOTSTRAP_SERVERS" ]] && ksql_conf_set "bootstrap.servers" "$KSQL_BOOTSTRAP_SERVERS" - # Listeners settings - if [[ -n "$KSQL_LISTENERS" ]]; then - ksql_conf_set "listeners" "$KSQL_LISTENERS" - read -r -a protocols <<< "$(ksql_protocols)" - if [[ "${protocols[*]}" =~ https ]]; then - ksql_conf_set "ssl.keystore.location" "${KSQL_CERTS_DIR}/ssl.keystore.jks" - [[ -n "$KSQL_SSL_KEYSTORE_PASSWORD" ]] && ksql_conf_set "ssl.keystore.password" "$KSQL_SSL_KEYSTORE_PASSWORD" - [[ -f "${KSQL_CERTS_DIR}/ssl.truststore.jks" ]] && ksql_conf_set "ssl.truststore.location" "${KSQL_CERTS_DIR}/ssl.truststore.jks" - [[ -n "$KSQL_SSL_TRUSTSTORE_PASSWORD" ]] && ksql_conf_set "ssl.truststore.password" "$KSQL_SSL_TRUSTSTORE_PASSWORD" - fi - [[ -n "$KSQL_CLIENT_AUTHENTICATION" ]] && ksql_conf_set "ssl.client.authentication" "$KSQL_CLIENT_AUTHENTICATION" - fi - fi - ksql_wait_for_kafka_brokers -} diff --git a/bitnami/ksql/7.3/debian-12/tags-info.yaml b/bitnami/ksql/7.3/debian-12/tags-info.yaml deleted file mode 100644 index 988dfcdcb93fe..0000000000000 --- a/bitnami/ksql/7.3/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "7.3" -- 7.3-debian-12 -- 7.3.8 diff --git a/bitnami/ksql/7.4/README.md b/bitnami/ksql/7.4/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/ksql/7.4/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/ksql/7.4/debian-12/Dockerfile b/bitnami/ksql/7.4/debian-12/Dockerfile deleted file mode 100644 index b054dfa5045ff..0000000000000 --- a/bitnami/ksql/7.4/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:25:29Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ksql/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.4.5-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ksql" \ - org.opencontainers.image.title="ksql" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.4.5" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl netcat-openbsd procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "ksql-7.4.5-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/ksql/postunpack.sh -ENV APP_VERSION="7.4.5" \ - BITNAMI_APP_NAME="ksql" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/ksql/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/ksql/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/ksql/run.sh" ] diff --git a/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index c6334a9b8a86f..0000000000000 --- a/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "ksql": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.4.5-1" - } -} \ No newline at end of file diff --git a/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/ksql/7.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh b/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh deleted file mode 100644 index 735ca3114ae6e..0000000000000 --- a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for ksql - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-ksql}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -ksql_env_vars=( - KSQL_MOUNTED_CONF_DIR - KSQL_LISTENERS - KSQL_SSL_KEYSTORE_PASSWORD - KSQL_SSL_TRUSTSTORE_PASSWORD - KSQL_CLIENT_AUTHENTICATION - KSQL_BOOTSTRAP_SERVERS -) -for env_var in "${ksql_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset ksql_env_vars - -# Paths -export KSQL_BASE_DIR="${BITNAMI_ROOT_DIR}/ksql" -export KSQL_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ksql" -export KSQL_DATA_DIR="${KSQL_VOLUME_DIR}/data" -export KSQL_BIN_DIR="${KSQL_BASE_DIR}/bin" -export KSQL_CONF_DIR="${KSQL_BASE_DIR}/etc/ksqldb" -export KSQL_LOGS_DIR="${KSQL_BASE_DIR}/logs" -export KSQL_CONF_FILE="${KSQL_CONF_DIR}/ksql-server.properties" -export KSQL_MOUNTED_CONF_DIR="${KSQL_MOUNTED_CONF_DIR:-${KSQL_VOLUME_DIR}/etc}" -export KSQL_CERTS_DIR="${KSQL_BASE_DIR}/certs" - -# System users (when running with a privileged user) -export KSQL_DAEMON_USER="ksql" -export KSQL_DAEMON_GROUP="ksql" -export KSQL_DEFAULT_LISTENERS="http://0.0.0.0:8088" # only used at build time -export KSQL_DEFAULT_BOOTSTRAP_SERVERS="localhost:9092" # only used at build time - -# KSQL settings -export KSQL_LISTENERS="${KSQL_LISTENERS:-}" -export KSQL_SSL_KEYSTORE_PASSWORD="${KSQL_SSL_KEYSTORE_PASSWORD:-}" -export KSQL_SSL_TRUSTSTORE_PASSWORD="${KSQL_SSL_TRUSTSTORE_PASSWORD:-}" -export KSQL_CLIENT_AUTHENTICATION="${KSQL_CLIENT_AUTHENTICATION:-}" -export KSQL_BOOTSTRAP_SERVERS="${KSQL_BOOTSTRAP_SERVERS:-}" - -# Custom environment variables may be defined below diff --git a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh b/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh deleted file mode 100755 index 8f3e94cfa5643..0000000000000 --- a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/ksql/run.sh" ]]; then - info "** Starting KSQL setup **" - /opt/bitnami/scripts/ksql/setup.sh - info "** KSQL setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh b/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh deleted file mode 100755 index 18531436a8901..0000000000000 --- a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libfs.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -# Auxiliar functions - -######################## -# Create default config file -# Globals: -# KSQL_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -ksql_create_default_config_file() { - cat > "${KSQL_CONF_FILE}.default" << EOF -## The address(es) the socket server listens on. -## FORMAT: listener_name://hostname:port -## -listeners = ${KSQL_DEFAULT_LISTENERS} - -## The advertised address(es) the server is advertised on. -## FORMAT: listener_name://hostname:port -## -# advertised.listener = - -## Keystore & Trustore used to expose the REST API over HTTPS -## -ssl.client.authentication = NONE -# ssl.key.password = -# ssl.keystore.location = -# ssl.keystore.password = - -## List of Kafka brokers to connect to. -## FORMAT: broker_hostname:port -## -bootstrap.servers = ${KSQL_DEFAULT_BOOTSTRAP_SERVERS} - -## Schema Registry server to connect to: -## FORMAT: schema_registry_hostname:port -## -# ksql.schema.registry.url = - -## Login configuration -## -ksql.logging.processing.topic.auto.create = true -ksql.logging.processing.stream.auto.create = true -ksql.logging.processing.rows.include = false - -## Sets the storage directory for stateful operations -## -ksql.streams.state.dir = ${KSQL_DATA_DIR} -EOF -} - -# Create default configuration file -rm "$KSQL_CONF_FILE" -ksql_create_default_config_file -# Ensure directories used by KSQL exist and have proper ownership and permissions -for dir in "$KSQL_CONF_DIR" "$KSQL_DATA_DIR" "$KSQL_LOGS_DIR" "$KSQL_CERTS_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done diff --git a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh b/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh deleted file mode 100755 index 138673a16b3b3..0000000000000 --- a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -info "** Starting KSQL **" - -__run_cmd="${KSQL_BIN_DIR}/ksql-server-start" -__run_flags=("$KSQL_CONF_FILE" "$@") - -if am_i_root; then - exec_as_user "$KSQL_DAEMON_USER" "$__run_cmd" "${__run_flags[@]}" -else - exec "$__run_cmd" "${__run_flags[@]}" -fi diff --git a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh b/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh deleted file mode 100755 index 28672ff979be9..0000000000000 --- a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -# Ensure KSQL environment variables are valid -ksql_validate - -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$KSQL_DAEMON_USER" --group "$KSQL_DAEMON_GROUP" -for dir in "$KSQL_CONF_DIR" "$KSQL_DATA_DIR" "$KSQL_LOGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown -R "${KSQL_DAEMON_USER}:${KSQL_DAEMON_GROUP}" "$dir" -done - -# Ensure KSQL is initialized -ksql_initialize diff --git a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/libksql.sh b/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/libksql.sh deleted file mode 100644 index af7af40ccd216..0000000000000 --- a/bitnami/ksql/7.4/debian-12/rootfs/opt/bitnami/scripts/libksql.sh +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Confluent KSQL library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Return listeners ports -# Globals: -# KSQL_LISTENERS -# Arguments: -# $1 - Bucket name -# Returns: -# Boolean -######################### -ksql_ports() { - local ports - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a listeners <<< "$(tr ',;' ' ' <<< "$KSQL_LISTENERS")" - for l in "${listeners[@]}"; do - if [[ "$l" =~ [a-zA-Z]*://.*:([0-9]*) ]]; then - ports+=("${BASH_REMATCH[1]}") - fi - done - echo "${ports[@]}" - else - echo "8081" - fi -} - -######################## -# Return listeners protocols -# Globals: -# KSQL_LISTENERS -# Arguments: -# $1 - Bucket name -# Returns: -# Boolean -######################### -ksql_protocols() { - local protocols - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a listeners <<< "$(tr ',;' ' ' <<< "$KSQL_LISTENERS")" - for l in "${listeners[@]}"; do - if [[ "$l" =~ ([a-zA-Z]*)://.*:[0-9]* ]]; then - protocols+=("${BASH_REMATCH[1]}") - fi - done - echo "${protocols[@]}" - else - echo "http" - fi -} - -######################## -# Validate settings in KSQL_* env vars -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_validate() { - info "Validating settings in KSQL_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_true_false_value() { - if ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for $1 are [true, false]" - fi - } - check_conflicting_ports() { - local -r total="$#" - for i in $(seq 1 "$((total - 1))"); do - for j in $(seq "$((i + 1))" "$total"); do - if (( "${!i}" == "${!j}" )); then - print_validation_error "There are listeners bound to the same port" - fi - done - done - } - check_allowed_port() { - local validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - if ! err=$(validate_port "${validate_port_args[@]}" "$1"); then - print_validation_error "An invalid port was specified in the environment variable KSQL_LISTENERS: $err" - fi - } - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a ports <<< "$(ksql_ports)" - for port in "${ports[@]}"; do - check_allowed_port "$port" - done - [[ "${#ports[@]}" -gt 1 ]] && check_conflicting_ports "${ports[@]}" - read -r -a protocols <<< "$(ksql_protocols)" - if [[ "${protocols[*]}" =~ https ]]; then - if [[ ! -f ${KSQL_CERTS_DIR}/ssl.keystore.jks ]]; then - print_validation_error "In order to configure HTTPS access, you must mount your ssl.keystore.jks (and optionally the ssl.truststore.jks) to the ${KSQL_CERTS_DIR} directory." - fi - fi - fi - [[ -z "$KSQL_BOOTSTRAP_SERVERS" && ! -f "$KSQL_CONF_FILE" ]] && warn "KSQL_BOOTSTRAP_SERVERS should be provided" - - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Set a configuration setting value to the configuration file -# Globals: -# KSQL_* -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -ksql_conf_set() { - local -r key="${1:?missing key}" - shift - local -r -a values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - ksql_conf_set "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[# ]*$key\s*=.*" "$KSQL_CONF_FILE"; then - # Update the existing key - replace_in_file "$KSQL_CONF_FILE" "^[# ]*${key}\s*=.*" "${key} = ${value}" false - else - # Add a new key - printf '\n%s = %s' "$key" "$value" >>"$KSQL_CONF_FILE" - fi - fi -} - -######################## -# Wait for Kafka brokers to be up -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_wait_for_kafka_brokers() { - local kafka_brokers - local host - local port - - info "Waiting for Kafka brokers to be up" - kafka_brokers="$(grep "^bootstrap.servers" "$KSQL_CONF_FILE" | cut -d '=' -f 2)" - read -r -a brokers <<< "$(tr ',;' ' ' <<< "${kafka_brokers/%,/}")" - for b in "${brokers[@]}"; do - if [[ "$b" =~ [_a-zA-Z]*://(.*):([0-9]*) ]]; then - host="${BASH_REMATCH[1]}" - port="${BASH_REMATCH[2]}" - if ! retry_while "debug_execute nc -z ${host} ${port}" 10 10; then - error "Failed to connect to the broker at $host:$port" - return 1 - fi - fi - done -} - -######################## -# Initialize Confluent KSQL -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_initialize() { - info "Initializing Confluent KSQL" - - # Check for mounted configuration files - if ! is_dir_empty "$KSQL_MOUNTED_CONF_DIR"; then - cp -Lr "$KSQL_MOUNTED_CONF_DIR"/* "$KSQL_CONF_DIR" - fi - if [[ -f "$KSQL_CONF_FILE" ]]; then - info "Injected configuration file found. Skipping default configuration" - else - info "No injected configuration files found, creating default config file." - mv "${KSQL_CONF_FILE}.default" "$KSQL_CONF_FILE" - - # Kafka boostrap settings - [[ -n "$KSQL_BOOTSTRAP_SERVERS" ]] && ksql_conf_set "bootstrap.servers" "$KSQL_BOOTSTRAP_SERVERS" - # Listeners settings - if [[ -n "$KSQL_LISTENERS" ]]; then - ksql_conf_set "listeners" "$KSQL_LISTENERS" - read -r -a protocols <<< "$(ksql_protocols)" - if [[ "${protocols[*]}" =~ https ]]; then - ksql_conf_set "ssl.keystore.location" "${KSQL_CERTS_DIR}/ssl.keystore.jks" - [[ -n "$KSQL_SSL_KEYSTORE_PASSWORD" ]] && ksql_conf_set "ssl.keystore.password" "$KSQL_SSL_KEYSTORE_PASSWORD" - [[ -f "${KSQL_CERTS_DIR}/ssl.truststore.jks" ]] && ksql_conf_set "ssl.truststore.location" "${KSQL_CERTS_DIR}/ssl.truststore.jks" - [[ -n "$KSQL_SSL_TRUSTSTORE_PASSWORD" ]] && ksql_conf_set "ssl.truststore.password" "$KSQL_SSL_TRUSTSTORE_PASSWORD" - fi - [[ -n "$KSQL_CLIENT_AUTHENTICATION" ]] && ksql_conf_set "ssl.client.authentication" "$KSQL_CLIENT_AUTHENTICATION" - fi - fi - ksql_wait_for_kafka_brokers -} diff --git a/bitnami/ksql/7.4/debian-12/tags-info.yaml b/bitnami/ksql/7.4/debian-12/tags-info.yaml deleted file mode 100644 index 5f3c6d4c26669..0000000000000 --- a/bitnami/ksql/7.4/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "7.4" -- 7.4-debian-12 -- 7.4.5 diff --git a/bitnami/ksql/7.5/README.md b/bitnami/ksql/7.5/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/ksql/7.5/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/ksql/7.5/debian-12/Dockerfile b/bitnami/ksql/7.5/debian-12/Dockerfile deleted file mode 100644 index 7514574f5d931..0000000000000 --- a/bitnami/ksql/7.5/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:25:13Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ksql/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.5.4-debian-12-r2" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ksql" \ - org.opencontainers.image.title="ksql" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.5.4" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl netcat-openbsd procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "ksql-7.5.4-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/ksql/postunpack.sh -ENV APP_VERSION="7.5.4" \ - BITNAMI_APP_NAME="ksql" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/ksql/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/ksql/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/ksql/run.sh" ] diff --git a/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 6618ba18c4e16..0000000000000 --- a/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "ksql": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.5.4-1" - } -} \ No newline at end of file diff --git a/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/ksql/7.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh b/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh deleted file mode 100644 index 735ca3114ae6e..0000000000000 --- a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for ksql - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-ksql}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -ksql_env_vars=( - KSQL_MOUNTED_CONF_DIR - KSQL_LISTENERS - KSQL_SSL_KEYSTORE_PASSWORD - KSQL_SSL_TRUSTSTORE_PASSWORD - KSQL_CLIENT_AUTHENTICATION - KSQL_BOOTSTRAP_SERVERS -) -for env_var in "${ksql_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset ksql_env_vars - -# Paths -export KSQL_BASE_DIR="${BITNAMI_ROOT_DIR}/ksql" -export KSQL_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ksql" -export KSQL_DATA_DIR="${KSQL_VOLUME_DIR}/data" -export KSQL_BIN_DIR="${KSQL_BASE_DIR}/bin" -export KSQL_CONF_DIR="${KSQL_BASE_DIR}/etc/ksqldb" -export KSQL_LOGS_DIR="${KSQL_BASE_DIR}/logs" -export KSQL_CONF_FILE="${KSQL_CONF_DIR}/ksql-server.properties" -export KSQL_MOUNTED_CONF_DIR="${KSQL_MOUNTED_CONF_DIR:-${KSQL_VOLUME_DIR}/etc}" -export KSQL_CERTS_DIR="${KSQL_BASE_DIR}/certs" - -# System users (when running with a privileged user) -export KSQL_DAEMON_USER="ksql" -export KSQL_DAEMON_GROUP="ksql" -export KSQL_DEFAULT_LISTENERS="http://0.0.0.0:8088" # only used at build time -export KSQL_DEFAULT_BOOTSTRAP_SERVERS="localhost:9092" # only used at build time - -# KSQL settings -export KSQL_LISTENERS="${KSQL_LISTENERS:-}" -export KSQL_SSL_KEYSTORE_PASSWORD="${KSQL_SSL_KEYSTORE_PASSWORD:-}" -export KSQL_SSL_TRUSTSTORE_PASSWORD="${KSQL_SSL_TRUSTSTORE_PASSWORD:-}" -export KSQL_CLIENT_AUTHENTICATION="${KSQL_CLIENT_AUTHENTICATION:-}" -export KSQL_BOOTSTRAP_SERVERS="${KSQL_BOOTSTRAP_SERVERS:-}" - -# Custom environment variables may be defined below diff --git a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh b/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh deleted file mode 100755 index 8f3e94cfa5643..0000000000000 --- a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/ksql/run.sh" ]]; then - info "** Starting KSQL setup **" - /opt/bitnami/scripts/ksql/setup.sh - info "** KSQL setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh b/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh deleted file mode 100755 index 18531436a8901..0000000000000 --- a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libfs.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -# Auxiliar functions - -######################## -# Create default config file -# Globals: -# KSQL_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -ksql_create_default_config_file() { - cat > "${KSQL_CONF_FILE}.default" << EOF -## The address(es) the socket server listens on. -## FORMAT: listener_name://hostname:port -## -listeners = ${KSQL_DEFAULT_LISTENERS} - -## The advertised address(es) the server is advertised on. -## FORMAT: listener_name://hostname:port -## -# advertised.listener = - -## Keystore & Trustore used to expose the REST API over HTTPS -## -ssl.client.authentication = NONE -# ssl.key.password = -# ssl.keystore.location = -# ssl.keystore.password = - -## List of Kafka brokers to connect to. -## FORMAT: broker_hostname:port -## -bootstrap.servers = ${KSQL_DEFAULT_BOOTSTRAP_SERVERS} - -## Schema Registry server to connect to: -## FORMAT: schema_registry_hostname:port -## -# ksql.schema.registry.url = - -## Login configuration -## -ksql.logging.processing.topic.auto.create = true -ksql.logging.processing.stream.auto.create = true -ksql.logging.processing.rows.include = false - -## Sets the storage directory for stateful operations -## -ksql.streams.state.dir = ${KSQL_DATA_DIR} -EOF -} - -# Create default configuration file -rm "$KSQL_CONF_FILE" -ksql_create_default_config_file -# Ensure directories used by KSQL exist and have proper ownership and permissions -for dir in "$KSQL_CONF_DIR" "$KSQL_DATA_DIR" "$KSQL_LOGS_DIR" "$KSQL_CERTS_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done diff --git a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh b/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh deleted file mode 100755 index 138673a16b3b3..0000000000000 --- a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -info "** Starting KSQL **" - -__run_cmd="${KSQL_BIN_DIR}/ksql-server-start" -__run_flags=("$KSQL_CONF_FILE" "$@") - -if am_i_root; then - exec_as_user "$KSQL_DAEMON_USER" "$__run_cmd" "${__run_flags[@]}" -else - exec "$__run_cmd" "${__run_flags[@]}" -fi diff --git a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh b/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh deleted file mode 100755 index 28672ff979be9..0000000000000 --- a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -# Ensure KSQL environment variables are valid -ksql_validate - -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$KSQL_DAEMON_USER" --group "$KSQL_DAEMON_GROUP" -for dir in "$KSQL_CONF_DIR" "$KSQL_DATA_DIR" "$KSQL_LOGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown -R "${KSQL_DAEMON_USER}:${KSQL_DAEMON_GROUP}" "$dir" -done - -# Ensure KSQL is initialized -ksql_initialize diff --git a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/libksql.sh b/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/libksql.sh deleted file mode 100644 index af7af40ccd216..0000000000000 --- a/bitnami/ksql/7.5/debian-12/rootfs/opt/bitnami/scripts/libksql.sh +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Confluent KSQL library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Return listeners ports -# Globals: -# KSQL_LISTENERS -# Arguments: -# $1 - Bucket name -# Returns: -# Boolean -######################### -ksql_ports() { - local ports - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a listeners <<< "$(tr ',;' ' ' <<< "$KSQL_LISTENERS")" - for l in "${listeners[@]}"; do - if [[ "$l" =~ [a-zA-Z]*://.*:([0-9]*) ]]; then - ports+=("${BASH_REMATCH[1]}") - fi - done - echo "${ports[@]}" - else - echo "8081" - fi -} - -######################## -# Return listeners protocols -# Globals: -# KSQL_LISTENERS -# Arguments: -# $1 - Bucket name -# Returns: -# Boolean -######################### -ksql_protocols() { - local protocols - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a listeners <<< "$(tr ',;' ' ' <<< "$KSQL_LISTENERS")" - for l in "${listeners[@]}"; do - if [[ "$l" =~ ([a-zA-Z]*)://.*:[0-9]* ]]; then - protocols+=("${BASH_REMATCH[1]}") - fi - done - echo "${protocols[@]}" - else - echo "http" - fi -} - -######################## -# Validate settings in KSQL_* env vars -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_validate() { - info "Validating settings in KSQL_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_true_false_value() { - if ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for $1 are [true, false]" - fi - } - check_conflicting_ports() { - local -r total="$#" - for i in $(seq 1 "$((total - 1))"); do - for j in $(seq "$((i + 1))" "$total"); do - if (( "${!i}" == "${!j}" )); then - print_validation_error "There are listeners bound to the same port" - fi - done - done - } - check_allowed_port() { - local validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - if ! err=$(validate_port "${validate_port_args[@]}" "$1"); then - print_validation_error "An invalid port was specified in the environment variable KSQL_LISTENERS: $err" - fi - } - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a ports <<< "$(ksql_ports)" - for port in "${ports[@]}"; do - check_allowed_port "$port" - done - [[ "${#ports[@]}" -gt 1 ]] && check_conflicting_ports "${ports[@]}" - read -r -a protocols <<< "$(ksql_protocols)" - if [[ "${protocols[*]}" =~ https ]]; then - if [[ ! -f ${KSQL_CERTS_DIR}/ssl.keystore.jks ]]; then - print_validation_error "In order to configure HTTPS access, you must mount your ssl.keystore.jks (and optionally the ssl.truststore.jks) to the ${KSQL_CERTS_DIR} directory." - fi - fi - fi - [[ -z "$KSQL_BOOTSTRAP_SERVERS" && ! -f "$KSQL_CONF_FILE" ]] && warn "KSQL_BOOTSTRAP_SERVERS should be provided" - - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Set a configuration setting value to the configuration file -# Globals: -# KSQL_* -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -ksql_conf_set() { - local -r key="${1:?missing key}" - shift - local -r -a values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - ksql_conf_set "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[# ]*$key\s*=.*" "$KSQL_CONF_FILE"; then - # Update the existing key - replace_in_file "$KSQL_CONF_FILE" "^[# ]*${key}\s*=.*" "${key} = ${value}" false - else - # Add a new key - printf '\n%s = %s' "$key" "$value" >>"$KSQL_CONF_FILE" - fi - fi -} - -######################## -# Wait for Kafka brokers to be up -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_wait_for_kafka_brokers() { - local kafka_brokers - local host - local port - - info "Waiting for Kafka brokers to be up" - kafka_brokers="$(grep "^bootstrap.servers" "$KSQL_CONF_FILE" | cut -d '=' -f 2)" - read -r -a brokers <<< "$(tr ',;' ' ' <<< "${kafka_brokers/%,/}")" - for b in "${brokers[@]}"; do - if [[ "$b" =~ [_a-zA-Z]*://(.*):([0-9]*) ]]; then - host="${BASH_REMATCH[1]}" - port="${BASH_REMATCH[2]}" - if ! retry_while "debug_execute nc -z ${host} ${port}" 10 10; then - error "Failed to connect to the broker at $host:$port" - return 1 - fi - fi - done -} - -######################## -# Initialize Confluent KSQL -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_initialize() { - info "Initializing Confluent KSQL" - - # Check for mounted configuration files - if ! is_dir_empty "$KSQL_MOUNTED_CONF_DIR"; then - cp -Lr "$KSQL_MOUNTED_CONF_DIR"/* "$KSQL_CONF_DIR" - fi - if [[ -f "$KSQL_CONF_FILE" ]]; then - info "Injected configuration file found. Skipping default configuration" - else - info "No injected configuration files found, creating default config file." - mv "${KSQL_CONF_FILE}.default" "$KSQL_CONF_FILE" - - # Kafka boostrap settings - [[ -n "$KSQL_BOOTSTRAP_SERVERS" ]] && ksql_conf_set "bootstrap.servers" "$KSQL_BOOTSTRAP_SERVERS" - # Listeners settings - if [[ -n "$KSQL_LISTENERS" ]]; then - ksql_conf_set "listeners" "$KSQL_LISTENERS" - read -r -a protocols <<< "$(ksql_protocols)" - if [[ "${protocols[*]}" =~ https ]]; then - ksql_conf_set "ssl.keystore.location" "${KSQL_CERTS_DIR}/ssl.keystore.jks" - [[ -n "$KSQL_SSL_KEYSTORE_PASSWORD" ]] && ksql_conf_set "ssl.keystore.password" "$KSQL_SSL_KEYSTORE_PASSWORD" - [[ -f "${KSQL_CERTS_DIR}/ssl.truststore.jks" ]] && ksql_conf_set "ssl.truststore.location" "${KSQL_CERTS_DIR}/ssl.truststore.jks" - [[ -n "$KSQL_SSL_TRUSTSTORE_PASSWORD" ]] && ksql_conf_set "ssl.truststore.password" "$KSQL_SSL_TRUSTSTORE_PASSWORD" - fi - [[ -n "$KSQL_CLIENT_AUTHENTICATION" ]] && ksql_conf_set "ssl.client.authentication" "$KSQL_CLIENT_AUTHENTICATION" - fi - fi - ksql_wait_for_kafka_brokers -} diff --git a/bitnami/ksql/7.5/debian-12/tags-info.yaml b/bitnami/ksql/7.5/debian-12/tags-info.yaml deleted file mode 100644 index aa8e91e9b76da..0000000000000 --- a/bitnami/ksql/7.5/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "7.5" -- 7.5-debian-12 -- 7.5.4 diff --git a/bitnami/ksql/7.6/README.md b/bitnami/ksql/7.6/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/ksql/7.6/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/ksql/7.6/debian-12/Dockerfile b/bitnami/ksql/7.6/debian-12/Dockerfile deleted file mode 100644 index 2e1bf3d318c9d..0000000000000 --- a/bitnami/ksql/7.6/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T06:26:07Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ksql/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.6.1-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ksql" \ - org.opencontainers.image.title="ksql" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.6.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl netcat-openbsd procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "java-17.0.11-10-1-linux-${OS_ARCH}-debian-12" \ - "ksql-7.6.1-10-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/ksql/postunpack.sh -ENV APP_VERSION="7.6.1" \ - BITNAMI_APP_NAME="ksql" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/ksql/bin:$PATH" - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/ksql/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/ksql/run.sh" ] diff --git a/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index f04e476cd9eab..0000000000000 --- a/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-10-1" - }, - "ksql": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.6.1-10" - } -} \ No newline at end of file diff --git a/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/ksql/7.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh b/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh deleted file mode 100644 index 735ca3114ae6e..0000000000000 --- a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for ksql - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-ksql}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -ksql_env_vars=( - KSQL_MOUNTED_CONF_DIR - KSQL_LISTENERS - KSQL_SSL_KEYSTORE_PASSWORD - KSQL_SSL_TRUSTSTORE_PASSWORD - KSQL_CLIENT_AUTHENTICATION - KSQL_BOOTSTRAP_SERVERS -) -for env_var in "${ksql_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset ksql_env_vars - -# Paths -export KSQL_BASE_DIR="${BITNAMI_ROOT_DIR}/ksql" -export KSQL_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/ksql" -export KSQL_DATA_DIR="${KSQL_VOLUME_DIR}/data" -export KSQL_BIN_DIR="${KSQL_BASE_DIR}/bin" -export KSQL_CONF_DIR="${KSQL_BASE_DIR}/etc/ksqldb" -export KSQL_LOGS_DIR="${KSQL_BASE_DIR}/logs" -export KSQL_CONF_FILE="${KSQL_CONF_DIR}/ksql-server.properties" -export KSQL_MOUNTED_CONF_DIR="${KSQL_MOUNTED_CONF_DIR:-${KSQL_VOLUME_DIR}/etc}" -export KSQL_CERTS_DIR="${KSQL_BASE_DIR}/certs" - -# System users (when running with a privileged user) -export KSQL_DAEMON_USER="ksql" -export KSQL_DAEMON_GROUP="ksql" -export KSQL_DEFAULT_LISTENERS="http://0.0.0.0:8088" # only used at build time -export KSQL_DEFAULT_BOOTSTRAP_SERVERS="localhost:9092" # only used at build time - -# KSQL settings -export KSQL_LISTENERS="${KSQL_LISTENERS:-}" -export KSQL_SSL_KEYSTORE_PASSWORD="${KSQL_SSL_KEYSTORE_PASSWORD:-}" -export KSQL_SSL_TRUSTSTORE_PASSWORD="${KSQL_SSL_TRUSTSTORE_PASSWORD:-}" -export KSQL_CLIENT_AUTHENTICATION="${KSQL_CLIENT_AUTHENTICATION:-}" -export KSQL_BOOTSTRAP_SERVERS="${KSQL_BOOTSTRAP_SERVERS:-}" - -# Custom environment variables may be defined below diff --git a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh b/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh deleted file mode 100755 index 8f3e94cfa5643..0000000000000 --- a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/ksql/run.sh" ]]; then - info "** Starting KSQL setup **" - /opt/bitnami/scripts/ksql/setup.sh - info "** KSQL setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh b/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh deleted file mode 100755 index 18531436a8901..0000000000000 --- a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libfs.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -# Auxiliar functions - -######################## -# Create default config file -# Globals: -# KSQL_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -ksql_create_default_config_file() { - cat > "${KSQL_CONF_FILE}.default" << EOF -## The address(es) the socket server listens on. -## FORMAT: listener_name://hostname:port -## -listeners = ${KSQL_DEFAULT_LISTENERS} - -## The advertised address(es) the server is advertised on. -## FORMAT: listener_name://hostname:port -## -# advertised.listener = - -## Keystore & Trustore used to expose the REST API over HTTPS -## -ssl.client.authentication = NONE -# ssl.key.password = -# ssl.keystore.location = -# ssl.keystore.password = - -## List of Kafka brokers to connect to. -## FORMAT: broker_hostname:port -## -bootstrap.servers = ${KSQL_DEFAULT_BOOTSTRAP_SERVERS} - -## Schema Registry server to connect to: -## FORMAT: schema_registry_hostname:port -## -# ksql.schema.registry.url = - -## Login configuration -## -ksql.logging.processing.topic.auto.create = true -ksql.logging.processing.stream.auto.create = true -ksql.logging.processing.rows.include = false - -## Sets the storage directory for stateful operations -## -ksql.streams.state.dir = ${KSQL_DATA_DIR} -EOF -} - -# Create default configuration file -rm "$KSQL_CONF_FILE" -ksql_create_default_config_file -# Ensure directories used by KSQL exist and have proper ownership and permissions -for dir in "$KSQL_CONF_DIR" "$KSQL_DATA_DIR" "$KSQL_LOGS_DIR" "$KSQL_CERTS_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done diff --git a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh b/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh deleted file mode 100755 index 138673a16b3b3..0000000000000 --- a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -info "** Starting KSQL **" - -__run_cmd="${KSQL_BIN_DIR}/ksql-server-start" -__run_flags=("$KSQL_CONF_FILE" "$@") - -if am_i_root; then - exec_as_user "$KSQL_DAEMON_USER" "$__run_cmd" "${__run_flags[@]}" -else - exec "$__run_cmd" "${__run_flags[@]}" -fi diff --git a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh b/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh deleted file mode 100755 index 28672ff979be9..0000000000000 --- a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libksql.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh - -# Load KSQL environment variables -. /opt/bitnami/scripts/ksql-env.sh - -# Ensure KSQL environment variables are valid -ksql_validate - -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$KSQL_DAEMON_USER" --group "$KSQL_DAEMON_GROUP" -for dir in "$KSQL_CONF_DIR" "$KSQL_DATA_DIR" "$KSQL_LOGS_DIR"; do - ensure_dir_exists "$dir" - am_i_root && chown -R "${KSQL_DAEMON_USER}:${KSQL_DAEMON_GROUP}" "$dir" -done - -# Ensure KSQL is initialized -ksql_initialize diff --git a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/libksql.sh b/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/libksql.sh deleted file mode 100644 index af7af40ccd216..0000000000000 --- a/bitnami/ksql/7.6/debian-12/rootfs/opt/bitnami/scripts/libksql.sh +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Confluent KSQL library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Return listeners ports -# Globals: -# KSQL_LISTENERS -# Arguments: -# $1 - Bucket name -# Returns: -# Boolean -######################### -ksql_ports() { - local ports - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a listeners <<< "$(tr ',;' ' ' <<< "$KSQL_LISTENERS")" - for l in "${listeners[@]}"; do - if [[ "$l" =~ [a-zA-Z]*://.*:([0-9]*) ]]; then - ports+=("${BASH_REMATCH[1]}") - fi - done - echo "${ports[@]}" - else - echo "8081" - fi -} - -######################## -# Return listeners protocols -# Globals: -# KSQL_LISTENERS -# Arguments: -# $1 - Bucket name -# Returns: -# Boolean -######################### -ksql_protocols() { - local protocols - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a listeners <<< "$(tr ',;' ' ' <<< "$KSQL_LISTENERS")" - for l in "${listeners[@]}"; do - if [[ "$l" =~ ([a-zA-Z]*)://.*:[0-9]* ]]; then - protocols+=("${BASH_REMATCH[1]}") - fi - done - echo "${protocols[@]}" - else - echo "http" - fi -} - -######################## -# Validate settings in KSQL_* env vars -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_validate() { - info "Validating settings in KSQL_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_true_false_value() { - if ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for $1 are [true, false]" - fi - } - check_conflicting_ports() { - local -r total="$#" - for i in $(seq 1 "$((total - 1))"); do - for j in $(seq "$((i + 1))" "$total"); do - if (( "${!i}" == "${!j}" )); then - print_validation_error "There are listeners bound to the same port" - fi - done - done - } - check_allowed_port() { - local validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - if ! err=$(validate_port "${validate_port_args[@]}" "$1"); then - print_validation_error "An invalid port was specified in the environment variable KSQL_LISTENERS: $err" - fi - } - - if [[ -n "$KSQL_LISTENERS" ]]; then - read -r -a ports <<< "$(ksql_ports)" - for port in "${ports[@]}"; do - check_allowed_port "$port" - done - [[ "${#ports[@]}" -gt 1 ]] && check_conflicting_ports "${ports[@]}" - read -r -a protocols <<< "$(ksql_protocols)" - if [[ "${protocols[*]}" =~ https ]]; then - if [[ ! -f ${KSQL_CERTS_DIR}/ssl.keystore.jks ]]; then - print_validation_error "In order to configure HTTPS access, you must mount your ssl.keystore.jks (and optionally the ssl.truststore.jks) to the ${KSQL_CERTS_DIR} directory." - fi - fi - fi - [[ -z "$KSQL_BOOTSTRAP_SERVERS" && ! -f "$KSQL_CONF_FILE" ]] && warn "KSQL_BOOTSTRAP_SERVERS should be provided" - - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Set a configuration setting value to the configuration file -# Globals: -# KSQL_* -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -ksql_conf_set() { - local -r key="${1:?missing key}" - shift - local -r -a values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - ksql_conf_set "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[# ]*$key\s*=.*" "$KSQL_CONF_FILE"; then - # Update the existing key - replace_in_file "$KSQL_CONF_FILE" "^[# ]*${key}\s*=.*" "${key} = ${value}" false - else - # Add a new key - printf '\n%s = %s' "$key" "$value" >>"$KSQL_CONF_FILE" - fi - fi -} - -######################## -# Wait for Kafka brokers to be up -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_wait_for_kafka_brokers() { - local kafka_brokers - local host - local port - - info "Waiting for Kafka brokers to be up" - kafka_brokers="$(grep "^bootstrap.servers" "$KSQL_CONF_FILE" | cut -d '=' -f 2)" - read -r -a brokers <<< "$(tr ',;' ' ' <<< "${kafka_brokers/%,/}")" - for b in "${brokers[@]}"; do - if [[ "$b" =~ [_a-zA-Z]*://(.*):([0-9]*) ]]; then - host="${BASH_REMATCH[1]}" - port="${BASH_REMATCH[2]}" - if ! retry_while "debug_execute nc -z ${host} ${port}" 10 10; then - error "Failed to connect to the broker at $host:$port" - return 1 - fi - fi - done -} - -######################## -# Initialize Confluent KSQL -# Globals: -# KSQL_* -# Arguments: -# None -# Returns: -# None -######################### -ksql_initialize() { - info "Initializing Confluent KSQL" - - # Check for mounted configuration files - if ! is_dir_empty "$KSQL_MOUNTED_CONF_DIR"; then - cp -Lr "$KSQL_MOUNTED_CONF_DIR"/* "$KSQL_CONF_DIR" - fi - if [[ -f "$KSQL_CONF_FILE" ]]; then - info "Injected configuration file found. Skipping default configuration" - else - info "No injected configuration files found, creating default config file." - mv "${KSQL_CONF_FILE}.default" "$KSQL_CONF_FILE" - - # Kafka boostrap settings - [[ -n "$KSQL_BOOTSTRAP_SERVERS" ]] && ksql_conf_set "bootstrap.servers" "$KSQL_BOOTSTRAP_SERVERS" - # Listeners settings - if [[ -n "$KSQL_LISTENERS" ]]; then - ksql_conf_set "listeners" "$KSQL_LISTENERS" - read -r -a protocols <<< "$(ksql_protocols)" - if [[ "${protocols[*]}" =~ https ]]; then - ksql_conf_set "ssl.keystore.location" "${KSQL_CERTS_DIR}/ssl.keystore.jks" - [[ -n "$KSQL_SSL_KEYSTORE_PASSWORD" ]] && ksql_conf_set "ssl.keystore.password" "$KSQL_SSL_KEYSTORE_PASSWORD" - [[ -f "${KSQL_CERTS_DIR}/ssl.truststore.jks" ]] && ksql_conf_set "ssl.truststore.location" "${KSQL_CERTS_DIR}/ssl.truststore.jks" - [[ -n "$KSQL_SSL_TRUSTSTORE_PASSWORD" ]] && ksql_conf_set "ssl.truststore.password" "$KSQL_SSL_TRUSTSTORE_PASSWORD" - fi - [[ -n "$KSQL_CLIENT_AUTHENTICATION" ]] && ksql_conf_set "ssl.client.authentication" "$KSQL_CLIENT_AUTHENTICATION" - fi - fi - ksql_wait_for_kafka_brokers -} diff --git a/bitnami/ksql/7.6/debian-12/tags-info.yaml b/bitnami/ksql/7.6/debian-12/tags-info.yaml deleted file mode 100644 index 6a42dbbd12b65..0000000000000 --- a/bitnami/ksql/7.6/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "7.6" -- 7.6-debian-12 -- 7.6.1 -- latest diff --git a/bitnami/ksql/7.7/README.md b/bitnami/ksql/7.7/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/ksql/7.7/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/ksql/7.8/debian-12/Dockerfile b/bitnami/ksql/7.8/debian-12/Dockerfile new file mode 100644 index 0000000000000..ab92f9efaf1e0 --- /dev/null +++ b/bitnami/ksql/7.8/debian-12/Dockerfile @@ -0,0 +1,61 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-03T00:09:43Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/ksql/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="7.8.0-debian-12-r1" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/ksql" \ + org.opencontainers.image.title="ksql" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="7.8.0" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl netcat-openbsd procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "ksql-7.8.0-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN /opt/bitnami/scripts/java/postunpack.sh +RUN /opt/bitnami/scripts/ksql/postunpack.sh +ENV APP_VERSION="7.8.0" \ + BITNAMI_APP_NAME="ksql" \ + JAVA_HOME="/opt/bitnami/java" \ + PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/ksql/bin:$PATH" + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/ksql/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/ksql/run.sh" ] diff --git a/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..4b5e66b443cb4 --- /dev/null +++ b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "java": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "17.0.13-12-1" + }, + "ksql": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "7.8.0-0" + } +} \ No newline at end of file diff --git a/bitnami/golang/1.21/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/golang/1.21/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/postgresql-repmgr/14/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/postgresql-repmgr/14/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/ksql/7.8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/golang/1.21/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/ksql/7.8/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/golang/1.21/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/ksql/7.8/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/golang/1.21/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/ksql/7.8/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/golang/1.21/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/ksql/7.8/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh new file mode 100755 index 0000000000000..38802fc0bfe91 --- /dev/null +++ b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + +print_welcome_page + +echo "" +exec "$@" diff --git a/bitnami/java/11/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh similarity index 100% rename from bitnami/java/11/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh rename to bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh diff --git a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh similarity index 100% rename from bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh rename to bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql-env.sh diff --git a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh similarity index 100% rename from bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh rename to bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql/entrypoint.sh diff --git a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh similarity index 100% rename from bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh rename to bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql/postunpack.sh diff --git a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh similarity index 100% rename from bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh rename to bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql/run.sh diff --git a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh similarity index 100% rename from bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh rename to bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/ksql/setup.sh diff --git a/bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/libksql.sh b/bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/libksql.sh similarity index 100% rename from bitnami/ksql/7.2/debian-12/rootfs/opt/bitnami/scripts/libksql.sh rename to bitnami/ksql/7.8/debian-12/rootfs/opt/bitnami/scripts/libksql.sh diff --git a/bitnami/ksql/7.8/debian-12/tags-info.yaml b/bitnami/ksql/7.8/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..8d4b46d28adcb --- /dev/null +++ b/bitnami/ksql/7.8/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "7.8" +- 7.8-debian-12 +- 7.8.0 +- latest diff --git a/bitnami/ksql/README.md b/bitnami/ksql/README.md index 2aabfcbb7bbf6..32c4ab677a86a 100644 --- a/bitnami/ksql/README.md +++ b/bitnami/ksql/README.md @@ -21,11 +21,17 @@ docker run --name ksql bitnami/ksql:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use ksql in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use ksql in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -99,7 +105,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/kube-rbac-proxy/0/debian-12/Dockerfile b/bitnami/kube-rbac-proxy/0/debian-12/Dockerfile index 8476f1ce9c0fe..b6744e1711991 100644 --- a/bitnami/kube-rbac-proxy/0/debian-12/Dockerfile +++ b/bitnami/kube-rbac-proxy/0/debian-12/Dockerfile @@ -3,6 +3,7 @@ FROM docker.io/bitnami/minideb:bookworm as builder +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH ENV OS_ARCH="${TARGETARCH:-amd64}" @@ -14,12 +15,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "kube-rbac-proxy-0.17.1-1-linux-${OS_ARCH}-debian-12" \ + "kube-rbac-proxy-0.18.2-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -30,19 +31,20 @@ RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ FROM scratch +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH ENV OS_ARCH="${TARGETARCH:-amd64}" LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="scratch" \ - org.opencontainers.image.created="2024-05-13T22:26:44Z" \ + org.opencontainers.image.created="2025-01-03T00:31:19Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.17.1-debian-12-r1" \ + org.opencontainers.image.ref.name="0.18.2-debian-12-r2" \ org.opencontainers.image.title="kube-rbac-proxy" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.17.1" + org.opencontainers.image.version="0.18.2" COPY prebuildfs / COPY rootfs / @@ -50,7 +52,7 @@ COPY --from=builder /opt/bitnami/kube-rbac-proxy/bin/kube-rbac-proxy /kube-rbac- COPY --from=builder /opt/bitnami/kube-rbac-proxy/.spdx-kube-rbac-proxy.spdx /opt/bitnami/kube-rbac-proxy/.spdx-kube-rbac-proxy.spdx COPY --from=builder /opt/bitnami/kube-rbac-proxy/licenses /opt/bitnami/kube-rbac-proxy/licenses -ENV APP_VERSION="0.17.1" \ +ENV APP_VERSION="0.18.2" \ BITNAMI_APP_NAME="kube-rbac-proxy" USER 1001 diff --git a/bitnami/kube-rbac-proxy/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kube-rbac-proxy/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index ad8be1cbed851..fcc943ae724d9 100644 --- a/bitnami/kube-rbac-proxy/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kube-rbac-proxy/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.17.1-1" + "version": "0.18.2-1" } } \ No newline at end of file diff --git a/bitnami/kube-rbac-proxy/0/debian-12/tags-info.yaml b/bitnami/kube-rbac-proxy/0/debian-12/tags-info.yaml index 2db778d7fc90c..7c900738461fc 100644 --- a/bitnami/kube-rbac-proxy/0/debian-12/tags-info.yaml +++ b/bitnami/kube-rbac-proxy/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.17.1 +- 0.18.2 - latest diff --git a/bitnami/kube-rbac-proxy/README.md b/bitnami/kube-rbac-proxy/README.md index 04ccacaae27fa..d682a5e85e036 100644 --- a/bitnami/kube-rbac-proxy/README.md +++ b/bitnami/kube-rbac-proxy/README.md @@ -22,11 +22,17 @@ docker run --name kube-rbac-proxy bitnami/kube-rbac-proxy:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kube RBAC Proxy in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kube RBAC Proxy in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -56,7 +62,7 @@ docker build -t bitnami/APP:latest . ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). ## Configuration @@ -86,7 +92,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/kube-state-metrics/2/debian-12/Dockerfile b/bitnami/kube-state-metrics/2/debian-12/Dockerfile index 4f0a56ccd12d6..90936620a72ca 100644 --- a/bitnami/kube-state-metrics/2/debian-12/Dockerfile +++ b/bitnami/kube-state-metrics/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:25:50Z" \ + org.opencontainers.image.created="2025-01-03T00:37:01Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kube-state-metrics/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.12.0-debian-12-r6" \ + org.opencontainers.image.ref.name="2.14.0-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kube-state-metrics" \ org.opencontainers.image.title="kube-state-metrics" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.12.0" + org.opencontainers.image.version="2.14.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "kube-state-metrics-2.12.0-3-linux-${OS_ARCH}-debian-12" \ + "kube-state-metrics-2.14.0-2-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="2.12.0" \ +ENV APP_VERSION="2.14.0" \ BITNAMI_APP_NAME="kube-state-metrics" \ PATH="/opt/bitnami/kube-state-metrics/bin:$PATH" diff --git a/bitnami/kube-state-metrics/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kube-state-metrics/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 8f7f22bf2e654..fddbd9691e0b9 100644 --- a/bitnami/kube-state-metrics/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kube-state-metrics/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.12.0-3" + "version": "2.14.0-2" } } \ No newline at end of file diff --git a/bitnami/kube-state-metrics/2/debian-12/tags-info.yaml b/bitnami/kube-state-metrics/2/debian-12/tags-info.yaml index 9d04fd2169720..997a29ab3d36b 100644 --- a/bitnami/kube-state-metrics/2/debian-12/tags-info.yaml +++ b/bitnami/kube-state-metrics/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.12.0 +- 2.14.0 - latest diff --git a/bitnami/kube-state-metrics/README.md b/bitnami/kube-state-metrics/README.md index 7d9fec47dec7d..0b7fec3c0658b 100644 --- a/bitnami/kube-state-metrics/README.md +++ b/bitnami/kube-state-metrics/README.md @@ -20,15 +20,21 @@ Deploy Kube-state-metrics on your [Kubernetes cluster](https://github.com/kubern * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kube State Metrics in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kube State Metrics in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -86,7 +92,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/kubeapps-apis/2/debian-12/Dockerfile b/bitnami/kubeapps-apis/2/debian-12/Dockerfile index b67f7bf3609b1..3bb28ee9faf30 100644 --- a/bitnami/kubeapps-apis/2/debian-12/Dockerfile +++ b/bitnami/kubeapps-apis/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:26:42Z" \ + org.opencontainers.image.created="2024-12-24T09:25:23Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kubeapps-apis/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.10.0-debian-12-r5" \ + org.opencontainers.image.ref.name="2.12.1-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kubeapps-apis" \ org.opencontainers.image.title="kubeapps-apis" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.10.0" + org.opencontainers.image.version="2.12.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "kubeapps-apis-2.10.0-2-linux-${OS_ARCH}-debian-12" \ + "kubeapps-apis-2.12.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir -p /opt/bitnami/kubeapps-apis/.kube && chown 1001:1001 /opt/bitnami/kubeapps-apis/.kube RUN ln -s /opt/bitnami/kubeapps-apis/plugins /plugins && ln -s /opt/bitnami/kubeapps-apis/bin/kubeapps-apis /kubeapps-apis && ln -s /opt/bitnami/kubeapps-apis/.kube /.kube -ENV APP_VERSION="2.10.0" \ +ENV APP_VERSION="2.12.1" \ BITNAMI_APP_NAME="kubeapps-apis" \ PATH="/opt/bitnami/kubeapps-apis/bin:$PATH" diff --git a/bitnami/kubeapps-apis/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kubeapps-apis/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 4a80d3a88f84c..438a3b485c3b7 100644 --- a/bitnami/kubeapps-apis/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kubeapps-apis/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.10.0-2" + "version": "2.12.1-0" } } \ No newline at end of file diff --git a/bitnami/kubeapps-apis/2/debian-12/tags-info.yaml b/bitnami/kubeapps-apis/2/debian-12/tags-info.yaml index d7a5c175698d3..2591c105be851 100644 --- a/bitnami/kubeapps-apis/2/debian-12/tags-info.yaml +++ b/bitnami/kubeapps-apis/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.10.0 +- 2.12.1 - latest diff --git a/bitnami/kubeapps-apis/README.md b/bitnami/kubeapps-apis/README.md index c07327b90eb8c..c83d524a7101e 100644 --- a/bitnami/kubeapps-apis/README.md +++ b/bitnami/kubeapps-apis/README.md @@ -21,7 +21,7 @@ docker run --name kubeapps-apis bitnami/kubeapps-apis:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kubeapps APIs in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kubeapps APIs in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Kubeapps APIs in Kubernetes? @@ -29,11 +29,17 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/kubeapps-apprepository-controller/2/debian-12/Dockerfile b/bitnami/kubeapps-apprepository-controller/2/debian-12/Dockerfile index 709bb71aca3cc..fabd4d444c20f 100644 --- a/bitnami/kubeapps-apprepository-controller/2/debian-12/Dockerfile +++ b/bitnami/kubeapps-apprepository-controller/2/debian-12/Dockerfile @@ -3,6 +3,7 @@ FROM docker.io/bitnami/minideb:bookworm as builder +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH ENV OS_ARCH="${TARGETARCH:-amd64}" @@ -14,12 +15,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "kubeapps-apprepository-controller-2.10.0-2-linux-${OS_ARCH}-debian-12" \ + "kubeapps-apprepository-controller-2.12.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -30,19 +31,20 @@ RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ FROM scratch +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH ENV OS_ARCH="${TARGETARCH:-amd64}" LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="scratch" \ - org.opencontainers.image.created="2024-05-13T22:27:40Z" \ + org.opencontainers.image.created="2024-12-24T09:10:50Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.10.0-debian-12-r4" \ + org.opencontainers.image.ref.name="2.12.1-debian-12-r0" \ org.opencontainers.image.title="kubeapps-apprepository-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.10.0" + org.opencontainers.image.version="2.12.1" COPY prebuildfs / COPY rootfs / @@ -50,7 +52,7 @@ COPY --from=builder /opt/bitnami/kubeapps-apprepository-controller/bin/appreposi COPY --from=builder /opt/bitnami/kubeapps-apprepository-controller/.spdx-kubeapps-apprepository-controller.spdx /opt/bitnami/kubeapps-apprepository-controller/.spdx-kubeapps-apprepository-controller.spdx COPY --from=builder /opt/bitnami/kubeapps-apprepository-controller/licenses /opt/bitnami/kubeapps-apprepository-controller/licenses -ENV APP_VERSION="2.10.0" \ +ENV APP_VERSION="2.12.1" \ BITNAMI_APP_NAME="kubeapps-apprepository-controller" USER 1001 diff --git a/bitnami/kubeapps-apprepository-controller/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kubeapps-apprepository-controller/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 5bafbd5cc076d..cd8327461c10f 100644 --- a/bitnami/kubeapps-apprepository-controller/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kubeapps-apprepository-controller/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.10.0-2" + "version": "2.12.1-0" } } \ No newline at end of file diff --git a/bitnami/kubeapps-apprepository-controller/2/debian-12/tags-info.yaml b/bitnami/kubeapps-apprepository-controller/2/debian-12/tags-info.yaml index d7a5c175698d3..2591c105be851 100644 --- a/bitnami/kubeapps-apprepository-controller/2/debian-12/tags-info.yaml +++ b/bitnami/kubeapps-apprepository-controller/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.10.0 +- 2.12.1 - latest diff --git a/bitnami/kubeapps-apprepository-controller/README.md b/bitnami/kubeapps-apprepository-controller/README.md index 67ee17ebe8a4e..6e3a08c819e15 100644 --- a/bitnami/kubeapps-apprepository-controller/README.md +++ b/bitnami/kubeapps-apprepository-controller/README.md @@ -21,7 +21,7 @@ docker run --name kubeapps-apprepository-controller bitnami/kubeapps-appreposito * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kubeapps AppRepository Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kubeapps AppRepository Controller in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Kubeapps AppRepository Controller in Kubernetes? @@ -29,11 +29,17 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/kubeapps-asset-syncer/2/debian-12/Dockerfile b/bitnami/kubeapps-asset-syncer/2/debian-12/Dockerfile index 08d981fbf109a..3d7eed38fbbd3 100644 --- a/bitnami/kubeapps-asset-syncer/2/debian-12/Dockerfile +++ b/bitnami/kubeapps-asset-syncer/2/debian-12/Dockerfile @@ -3,6 +3,7 @@ FROM docker.io/bitnami/minideb:bookworm as builder +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH ENV OS_ARCH="${TARGETARCH:-amd64}" @@ -14,12 +15,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "kubeapps-asset-syncer-2.10.0-2-linux-${OS_ARCH}-debian-12" \ + "kubeapps-asset-syncer-2.12.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -30,19 +31,20 @@ RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ FROM scratch +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH ENV OS_ARCH="${TARGETARCH:-amd64}" LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="scratch" \ - org.opencontainers.image.created="2024-05-13T22:27:48Z" \ + org.opencontainers.image.created="2024-12-24T09:10:52Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.10.0-debian-12-r4" \ + org.opencontainers.image.ref.name="2.12.1-debian-12-r0" \ org.opencontainers.image.title="kubeapps-asset-syncer" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.10.0" + org.opencontainers.image.version="2.12.1" COPY prebuildfs / COPY rootfs / @@ -50,7 +52,7 @@ COPY --from=builder /opt/bitnami/kubeapps-asset-syncer/bin/asset-syncer /asset-s COPY --from=builder /opt/bitnami/kubeapps-asset-syncer/.spdx-kubeapps-asset-syncer.spdx /opt/bitnami/kubeapps-asset-syncer/.spdx-kubeapps-asset-syncer.spdx COPY --from=builder /opt/bitnami/kubeapps-asset-syncer/licenses /opt/bitnami/kubeapps-asset-syncer/licenses -ENV APP_VERSION="2.10.0" \ +ENV APP_VERSION="2.12.1" \ BITNAMI_APP_NAME="kubeapps-asset-syncer" USER 1001 diff --git a/bitnami/kubeapps-asset-syncer/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kubeapps-asset-syncer/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 81767cffca77b..06d9e123303eb 100644 --- a/bitnami/kubeapps-asset-syncer/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kubeapps-asset-syncer/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.10.0-2" + "version": "2.12.1-0" } } \ No newline at end of file diff --git a/bitnami/kubeapps-asset-syncer/2/debian-12/tags-info.yaml b/bitnami/kubeapps-asset-syncer/2/debian-12/tags-info.yaml index d7a5c175698d3..2591c105be851 100644 --- a/bitnami/kubeapps-asset-syncer/2/debian-12/tags-info.yaml +++ b/bitnami/kubeapps-asset-syncer/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.10.0 +- 2.12.1 - latest diff --git a/bitnami/kubeapps-asset-syncer/README.md b/bitnami/kubeapps-asset-syncer/README.md index 33c0406afb638..99a8e24a1ad70 100644 --- a/bitnami/kubeapps-asset-syncer/README.md +++ b/bitnami/kubeapps-asset-syncer/README.md @@ -21,7 +21,7 @@ docker run --name kubeapps-asset-syncer bitnami/kubeapps-asset-syncer:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kubeapps Asset Syncer in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kubeapps Asset Syncer in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Kubeapps Asset Syncer in Kubernetes? @@ -29,11 +29,17 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/kubeapps-dashboard/2/debian-12/Dockerfile b/bitnami/kubeapps-dashboard/2/debian-12/Dockerfile index cfb0514310473..1bd83240914bf 100644 --- a/bitnami/kubeapps-dashboard/2/debian-12/Dockerfile +++ b/bitnami/kubeapps-dashboard/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T09:44:40Z" \ + org.opencontainers.image.created="2024-12-24T09:31:01Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kubeapps-dashboard/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.10.0-debian-12-r5" \ + org.opencontainers.image.ref.name="2.12.1-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kubeapps-dashboard" \ org.opencontainers.image.title="kubeapps-dashboard" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.10.0" + org.opencontainers.image.version="2.12.1" ENV OS_ARCH="${TARGETARCH:-amd64}" \ OS_FLAVOUR="debian-12" \ @@ -27,14 +28,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl gettext libcrypt1 libgeoip1 libpcre3 libssl3 openssl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "nginx-1.26.1-0-linux-${OS_ARCH}-debian-12" \ - "kubeapps-2.10.0-2-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "nginx-1.27.3-0-linux-${OS_ARCH}-debian-12" \ + "kubeapps-2.12.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -52,7 +53,7 @@ RUN rm -rf /app && \ mv /opt/bitnami/kubeapps/build /app RUN chmod -R g+rwX /opt/bitnami/nginx/conf RUN /opt/bitnami/scripts/nginx/postunpack.sh -ENV APP_VERSION="2.10.0" \ +ENV APP_VERSION="2.12.1" \ BITNAMI_APP_NAME="kubeapps-dashboard" \ NGINX_HTTPS_PORT_NUMBER="" \ NGINX_HTTP_PORT_NUMBER="" \ diff --git a/bitnami/kubeapps-dashboard/2/debian-12/docker-compose.yml b/bitnami/kubeapps-dashboard/2/debian-12/docker-compose.yml index bfc8d39219953..36dd0c4d28367 100644 --- a/bitnami/kubeapps-dashboard/2/debian-12/docker-compose.yml +++ b/bitnami/kubeapps-dashboard/2/debian-12/docker-compose.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: kubeapps: - image: docker.io/bitnami/kubeapps-dashboard:2 + image: docker.io/bitnami/kubeapps:2 ports: - '80:80' - '443:443' diff --git a/bitnami/kubeapps-dashboard/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kubeapps-dashboard/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 1c1bc226e9b9a..a60b08f4c3a78 100644 --- a/bitnami/kubeapps-dashboard/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kubeapps-dashboard/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.10.0-2" + "version": "2.12.1-0" }, "nginx": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.26.1-0" + "version": "1.27.3-0" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" } } \ No newline at end of file diff --git a/bitnami/kubeapps-dashboard/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kubeapps-dashboard/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/kubeapps-dashboard/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/kubeapps-dashboard/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/kubeapps-dashboard/2/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh b/bitnami/kubeapps-dashboard/2/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh index c36866212b9be..e7f0bfe83a0e1 100644 --- a/bitnami/kubeapps-dashboard/2/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh +++ b/bitnami/kubeapps-dashboard/2/debian-12/rootfs/opt/bitnami/scripts/libnginx.sh @@ -208,6 +208,17 @@ nginx_initialize() { fi nginx_configure "absolute_redirect" "$(is_boolean_yes "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && echo "on" || echo "off" )" nginx_configure "port_in_redirect" "$(is_boolean_yes "$NGINX_ENABLE_PORT_IN_REDIRECT" && echo "on" || echo "off" )" + # Stream configuration + if is_boolean_yes "$NGINX_ENABLE_STREAM" && + is_file_writable "$NGINX_CONF_FILE" && + ! grep -q "include \"$NGINX_STREAM_SERVER_BLOCKS_DIR" "$NGINX_CONF_FILE"; then + cat >> "$NGINX_CONF_FILE" < oss-assessment scan [project] [flags] - -Examples: - - Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defined frameworks - - # Scan git repository - docker run --rm -it bitnami/kubescape oss-assessment - - # Scan remote Kubernetes cluster. - docker run --rm -it -v /path/to/.kubeconfig:/.kubeconfig bitnami/kubescape oss-assessment --kubeconfig /.kubeconfig - - # Scan and save the results into a file - docker run --rm -it -v /path/to/output:/output bitnami/kubescape oss-assessment --output /output/report.json - - # Disable kubescape logs - docker run --rm -it bitnami/kubescape oss-assessment 'repository_url' --log-level error - - # Enable debug logs - docker run --rm -it -e BITNAMI_DEBUG=true bitnami/kubescape oss-assessment 'repository_url' --log-level error - - # Disable all logs and export result using docker output - docker run --rm -it bitnami/kubescape oss-assessment 'repository_url' --silent > report.json - - # NOTE: When using volumes, permission changes may be required because of the container running as user 1001 - -Flags: - --kubeconfig string Paths to a kubeconfig. Required to scan Kubernetes cluster. - -h, --help Print help for oss-assessment action - -o, --output string Output file. Print output to file and not stdout - -l, --log-level string Log level for the kubescape scan and kubescape scan image commands. - -r, --retries Number of retries for each 'kubescape scan image' command. - -s, --silent Do not display any logs in stdout, only the resulting report. - - # NOTE: Additionally, other 'kubescape scan' flags can be added, run 'kubescape scan -h' for additional information. - """ -} - -######################## -# Runs a kubescape scan and enriches it with Vulnerabilities information for images available in Tanzu Application Catalog -# Arguments: -# - project_url (optional) -# - Supported kubescape flags -# Returns: -# None -######################### -kubescape_oss_assessment() { - - local cmd="kubescape" - local scan_args=("scan" "--format=json") - local scan_image_args=("scan" "image" "--format=json") - local silent="false" - local output="" - local retries="3" - - # By default, Kubescape only runs NSA and MITRE frameworks - # We want to extend that to also include SOC2 and CIS frameworks - readarray -t frameworks < <(${cmd} list frameworks --format=json | jq '.[]' | grep -Ei "nsa|mitre|soc2|cis-v" | sed 's/"//g') - if [[ "${#frameworks[@]}" -gt 0 ]]; then - info "OSS Assessment scan will use the following frameworks: ${frameworks[*]}" - scan_args+=("framework" "$(tr ' ' ',' <<< "${frameworks[*]}")") - else - warn "Could not obtain frameworks, using default ones." - fi - - # Handle input - while [[ $# -gt 0 ]]; do - key="$1" - case $key in - oss-assessment) - shift - ;; - -h|--help) - kubescape_oss_assessment_usage - exit 0 - ;; - -o|--output) - output="$2" - shift 2 - ;; - -s|--silent) - silent="true" - shift - ;; - -r|--retries) - retries="$2" - shift 2 - ;; - *) - scan_args+=("$1") - shift - ;; - esac - done - - # Check that Tanzu Application Catalog file exists - if [[ -f "${TANZU_APPLICATION_CATALOG_FILE}" ]]; then - TAC_PRODUCTS=$(jq -r '.[].product.key' "$TANZU_APPLICATION_CATALOG_FILE") - else - error "The Bitnami Catalog JSON file is missing: ${TANZU_APPLICATION_CATALOG_FILE}" - fi - - # Run Kubescape scan for the provided project and add custom field 'security' - info "Running command '${cmd} ${scan_args[*]}'" - if is_boolean_yes "$silent"; then - KUBESCAPE_OUTPUT="$(${cmd} "${scan_args[@]}" 2> /dev/null | jq '.security = []' || true)" - else - KUBESCAPE_OUTPUT="$(${cmd} "${scan_args[@]}" | jq '.security = []' || true)" - fi - if [[ -n "$KUBESCAPE_OUTPUT" ]]; then - ! is_boolean_yes "$silent" && debug "Result:\n$KUBESCAPE_OUTPUT" - else - error "Failed to execute command 'kubescape scan'." - exit 1 - fi - - # Search for images available in Tanzu Application Catalog - ! is_boolean_yes "$silent" && info "Searching images available in Tanzu Application Catalog" - local -a matching_images - readarray -t project_images < <(echo "$KUBESCAPE_OUTPUT" | jq -r '.resources[]?.object?.spec?.template?.spec?.containers[]?.image') - - for image in "${project_images[@]}"; do - ! is_boolean_yes "$silent" && info "Found image: $image" - for tac_image in $TAC_PRODUCTS; do - if [[ $image =~ $tac_image ]]; then - ! is_boolean_yes "$silent" && info "Found Tanzu Application Catalog image matching! Adding image '${image}' to the scanning list" - matching_images+=("$image") - break - fi - done - done - - # Filter out duplicated images - read -r -a unique_matching_images <<< "$(echo "${matching_images[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" - ! is_boolean_yes "$silent" && info "Scanning images ${unique_matching_images[*]}" - images_scanned=0 - images_success_scanned=0 - - # For each image available in Tanzu Application Catalog, add a vulnerability report to the original project scan - for image in "${unique_matching_images[@]}"; do - KUBESCAPE_IMAGE_OUTPUT="" - info "Scanning image $((images_scanned + 1)) out of ${#unique_matching_images[@]}: ${image}" - for ((i = 1; i <= retries; i += 1)); do - KUBESCAPE_IMAGE_OUTPUT="$(${cmd} "${scan_image_args[@]}" "${image}" 2> /dev/null || echo '')" - if [[ -n "$KUBESCAPE_IMAGE_OUTPUT" ]]; then - debug "Result: $KUBESCAPE_IMAGE_OUTPUT" - break - else - ! is_boolean_yes "$silent" && debug "Image scan failed. Retrying... ${i}/${retries}" - fi - done - - if [[ -n "$KUBESCAPE_IMAGE_OUTPUT" ]]; then - KUBESCAPE_IMAGE_VULNS="$(jq --arg image "$image" '{imageID: $image, vulnerabilities: [.matches[].vulnerability | {id, severity, urls}]}' <(echo "$KUBESCAPE_IMAGE_OUTPUT"))" - KUBESCAPE_OUTPUT="$(jq '.security += [input]' <(echo "$KUBESCAPE_OUTPUT") <(echo "$KUBESCAPE_IMAGE_VULNS"))" - images_success_scanned="$((images_success_scanned + 1))" - else - debug "Failed to scan image '${image}' after several attempts." - fi - images_scanned="$((images_scanned + 1))" - done - - info "Total scanned: ${images_success_scanned} out of ${#unique_matching_images[@]}" - - ! is_boolean_yes "$silent" && info "OSS Assessment report successfully generated" - if [[ -n "$output" ]]; then - echo "$KUBESCAPE_OUTPUT" > "$output" - else - echo "$KUBESCAPE_OUTPUT" - fi - - if [[ "${images_success_scanned}" != "${#unique_matching_images[@]}" ]]; then - info "For getting a more complete report, visit the OSS Health Assessment FAQ to scan images from private repositories." - fi -} diff --git a/bitnami/kubescape/3.0.3/debian-12/tags-info.yaml b/bitnami/kubescape/3.0.3/debian-12/tags-info.yaml deleted file mode 100644 index a71654ba99f2e..0000000000000 --- a/bitnami/kubescape/3.0.3/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- 3.0.3 -- 3.0.3 -- 3.0.3-debian-12 diff --git a/bitnami/kubescape/3/debian-12/Dockerfile b/bitnami/kubescape/3/debian-12/Dockerfile index b66ce0bd5a27f..f78d1c0e0b3cf 100644 --- a/bitnami/kubescape/3/debian-12/Dockerfile +++ b/bitnami/kubescape/3/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-27T23:08:19Z" \ + org.opencontainers.image.created="2025-01-09T17:56:22Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kubescape/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.0.11-debian-12-r0" \ + org.opencontainers.image.ref.name="3.0.23-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kubescape" \ org.opencontainers.image.title="kubescape" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="3.0.11" + org.opencontainers.image.version="3.0.23" ENV HOME="/opt/bitnami/kubescape" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -29,12 +30,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl git jq procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "kubescape-3.0.11-0-linux-${OS_ARCH}-debian-12" \ + "kubescape-3.0.23-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/kubescape/postunpack.sh -ENV APP_VERSION="3.0.11" \ +ENV APP_VERSION="3.0.23" \ BITNAMI_APP_NAME="kubescape" USER 1001 diff --git a/bitnami/kubescape/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kubescape/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 3d361ed14d3cd..4338068191d5d 100644 --- a/bitnami/kubescape/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kubescape/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.0.11-0" + "version": "3.0.23-0" } } \ No newline at end of file diff --git a/bitnami/kubescape/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/kubescape/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/kubescape/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/kubescape/3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/kubescape/3/debian-12/tags-info.yaml b/bitnami/kubescape/3/debian-12/tags-info.yaml index ddde0fd6cee6d..83dcc88e41643 100644 --- a/bitnami/kubescape/3/debian-12/tags-info.yaml +++ b/bitnami/kubescape/3/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "3" - 3-debian-12 -- 3.0.11 +- 3.0.23 - latest diff --git a/bitnami/kubescape/README.md b/bitnami/kubescape/README.md index 0423832994eba..3de9d9bdda449 100644 --- a/bitnami/kubescape/README.md +++ b/bitnami/kubescape/README.md @@ -22,11 +22,17 @@ docker run --name kubescape bitnami/kubescape:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Kubescape in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Kubescape in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -80,7 +86,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/laravel/10/README.md b/bitnami/laravel/10/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/laravel/10/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/laravel/10/debian-12/Dockerfile b/bitnami/laravel/10/debian-12/Dockerfile deleted file mode 100644 index bb1ebe9a79747..0000000000000 --- a/bitnami/laravel/10/debian-12/Dockerfile +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:33:19Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/laravel/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.3.3-debian-12-r12" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/laravel" \ - org.opencontainers.image.title="laravel" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.3.3" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncursesw6 libnettle8 libnghttp2-14 libnsl2 libonig5 libp11-kit0 libpcre2-8-0 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libtirpc3 libunistring2 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 procps sqlite3 sudo zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "python-3.11.9-8-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "php-8.3.7-0-linux-${OS_ARCH}-debian-12" \ - "node-20.13.1-1-linux-${OS_ARCH}-debian-12" \ - "laravel-10.3.3-2-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN /build/bitnami-user.sh -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/laravel/postunpack.sh -RUN /opt/bitnami/scripts/php/postunpack.sh -ENV APP_VERSION="10.3.3" \ - BITNAMI_APP_NAME="laravel" \ - NODE_PATH="/opt/bitnami/node/lib/node_modules" \ - PATH="/opt/bitnami/python/bin:/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/node/bin:$PATH" \ - PHP_ENABLE_OPCACHE="0" - -EXPOSE 3000 8000 - -WORKDIR /app -ENTRYPOINT [ "/opt/bitnami/scripts/laravel/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/laravel/run.sh" ] diff --git a/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 9f7cf675dafb8..0000000000000 --- a/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "laravel": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.3.3-2" - }, - "node": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "20.13.1-1" - }, - "php": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.3.7-0" - }, - "python": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "3.11.9-8" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/laravel/10/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel-env.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel-env.sh deleted file mode 100644 index 9987fa9aeaeba..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel-env.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for laravel - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-laravel}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -laravel_env_vars=( - LARAVEL_PORT_NUMBER - LARAVEL_SKIP_COMPOSER_UPDATE - LARAVEL_SKIP_DATABASE - LARAVEL_DATABASE_TYPE - LARAVEL_DATABASE_HOST - LARAVEL_DATABASE_PORT_NUMBER - LARAVEL_DATABASE_NAME - LARAVEL_DATABASE_USER - LARAVEL_DATABASE_PASSWORD - SKIP_COMPOSER_UPDATE - DB_CONNECTION - DB_HOST - DB_PORT - DB_DATABASE - DB_USERNAME - DB_PASSWORD -) -for env_var in "${laravel_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset laravel_env_vars - -# Paths -export LARAVEL_BASE_DIR="${BITNAMI_ROOT_DIR}/laravel" - -# Laravel configuration -export LARAVEL_PORT_NUMBER="${LARAVEL_PORT_NUMBER:-8000}" -LARAVEL_SKIP_COMPOSER_UPDATE="${LARAVEL_SKIP_COMPOSER_UPDATE:-"${SKIP_COMPOSER_UPDATE:-}"}" -export LARAVEL_SKIP_COMPOSER_UPDATE="${LARAVEL_SKIP_COMPOSER_UPDATE:-no}" -export LARAVEL_SKIP_DATABASE="${LARAVEL_SKIP_DATABASE:-no}" # only used during the first initialization - -# Database configuration -LARAVEL_DATABASE_TYPE="${LARAVEL_DATABASE_TYPE:-"${DB_CONNECTION:-}"}" -export LARAVEL_DATABASE_TYPE="${LARAVEL_DATABASE_TYPE:-mysql}" -export DB_CONNECTION="$LARAVEL_DATABASE_TYPE" # only used during the first initialization -LARAVEL_DATABASE_HOST="${LARAVEL_DATABASE_HOST:-"${DB_HOST:-}"}" -export LARAVEL_DATABASE_HOST="${LARAVEL_DATABASE_HOST:-mariadb}" -export DB_HOST="$LARAVEL_DATABASE_HOST" # only used during the first initialization -LARAVEL_DATABASE_PORT_NUMBER="${LARAVEL_DATABASE_PORT_NUMBER:-"${DB_PORT:-}"}" -export LARAVEL_DATABASE_PORT_NUMBER="${LARAVEL_DATABASE_PORT_NUMBER:-3306}" -export DB_PORT="$LARAVEL_DATABASE_PORT_NUMBER" # only used during the first initialization -LARAVEL_DATABASE_NAME="${LARAVEL_DATABASE_NAME:-"${DB_DATABASE:-}"}" -export LARAVEL_DATABASE_NAME="${LARAVEL_DATABASE_NAME:-bitnami_myapp}" -export DB_DATABASE="$LARAVEL_DATABASE_NAME" # only used during the first initialization -LARAVEL_DATABASE_USER="${LARAVEL_DATABASE_USER:-"${DB_USERNAME:-}"}" -export LARAVEL_DATABASE_USER="${LARAVEL_DATABASE_USER:-bn_myapp}" -export DB_USERNAME="$LARAVEL_DATABASE_USER" # only used during the first initialization -LARAVEL_DATABASE_PASSWORD="${LARAVEL_DATABASE_PASSWORD:-"${DB_PASSWORD:-}"}" -export LARAVEL_DATABASE_PASSWORD="${LARAVEL_DATABASE_PASSWORD:-}" -export DB_PASSWORD="$LARAVEL_DATABASE_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/entrypoint.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/entrypoint.sh deleted file mode 100755 index c67a64e6c626d..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/entrypoint.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Load Laravel environment -. /opt/bitnami/scripts/laravel-env.sh - -print_welcome_page - -if [[ "$*" = *"/opt/bitnami/scripts/laravel/run.sh"* ]]; then - info "** Running Laravel setup **" - /opt/bitnami/scripts/php/setup.sh - /opt/bitnami/scripts/laravel/setup.sh - /post-init.sh - info "** Laravel setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/postunpack.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/postunpack.sh deleted file mode 100755 index 967777f3dce62..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/postunpack.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblaravel.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh - -# Load Laravel environment -. /opt/bitnami/scripts/laravel-env.sh - -# Ensure required directories exist -ensure_dir_exists "/app" -configure_permissions_ownership "/app" -d "775" -f "664" diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/run.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/run.sh deleted file mode 100755 index 5e92d22b005e5..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/run.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblaravel.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libservice.sh - -# Load Laravel environment -. /opt/bitnami/scripts/laravel-env.sh - -cd /app - -declare -a start_flags=("artisan" "serve" "--host=0.0.0.0" "--port=${LARAVEL_PORT_NUMBER}") -start_flags+=("$@") - -info "** Starting Laravel project **" -php "${start_flags[@]}" diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/setup.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/setup.sh deleted file mode 100755 index ada0e164ae043..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/laravel/setup.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblaravel.sh - -# Load Laravel environment -. /opt/bitnami/scripts/laravel-env.sh - -# Ensure Laravel environment variables are valid -laravel_validate - -# Ensure Laravel app is initialized -laravel_initialize - -# Ensure all folders in /app are writable by the non-root "bitnami" user -chown -R bitnami:bitnami /app diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/liblaravel.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/liblaravel.sh deleted file mode 100644 index c52aef3bd1857..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/liblaravel.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Laravel library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Validate settings in LARAVEL_* env vars -# Globals: -# LARAVEL_* -# Arguments: -# None -# Returns: -# None -######################### -laravel_validate() { - info "Validating settings in LARAVEL_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_empty_value() { - if is_empty_value "${!1}"; then - print_validation_error "${1} must be set" - fi - } - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - check_resolved_hostname() { - if ! is_hostname_resolved "$1"; then - warn "Hostname ${1} could not be resolved, this could lead to connection issues" - fi - } - check_valid_port() { - local port_var="${1:?missing port variable}" - local err - if ! err="$(validate_port "${!port_var}")"; then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - # Validate user inputs - check_yes_no_value "LARAVEL_SKIP_COMPOSER_UPDATE" - check_yes_no_value "LARAVEL_SKIP_DATABASE" - - # Database configuration validations - check_resolved_hostname "$LARAVEL_DATABASE_HOST" - check_valid_port "LARAVEL_DATABASE_PORT_NUMBER" - - return "$error_code" -} - -######################## -# Ensure the Laravel app is initialized -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -laravel_initialize() { - if is_dir_empty "/app"; then - info "Creating Laravel application in /app" - cp -r "${LARAVEL_BASE_DIR}/." . - - info "Regenerating APP_KEY" - debug_execute php artisan key:generate --ansi - - if ! is_boolean_yes "$LARAVEL_SKIP_COMPOSER_UPDATE"; then - log "Updating dependencies" - debug_execute composer update - fi - - info "Trying to connect to the database server" - if ! retry_while "debug_execute wait-for-port --timeout 5 --host ${LARAVEL_DATABASE_HOST} ${LARAVEL_DATABASE_PORT_NUMBER}"; then - error "Could not connect to the database" - return 1 - fi - - info "Executing database migrations" - debug_execute php artisan migrate - else - info "An existing project was detected, skipping project creation" - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/libphp.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/libphp.sh deleted file mode 100644 index 838cd2b4289fa..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/libphp.sh +++ /dev/null @@ -1,265 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami PHP library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libwebserver.sh - -######################## -# Add or modify an entry in the main PHP configuration file (php.ini) -# Globals: -# PHP_CONF_FILE -# Arguments: -# $1 - Key -# $2 - Value -# $3 - File to modify (default: $PHP_CONF_FILE) -# Returns: -# None -######################### -php_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - local -r file="${3:-"$PHP_CONF_FILE"}" - local pattern="^[; ]*${key}\s*=.*$" - if [[ "$key" = "extension" || "$key" = "zend_extension" ]]; then - # The "extension" property works a bit different for PHP, as there is one per module to be included, meaning it is additive unlike other configurations - # Because of that, we first check if the extension was defined in the file to replace the proper entry - pattern="^[; ]*${key}\s*=\s*[\"]?${value}(\.so)?[\"]?\s*$" - fi - local -r entry="${key} = ${value}" - if is_file_writable "$file"; then - # Not using the ini-file tool since it does not play well with php.ini - if grep -q -E "$pattern" "$file"; then - replace_in_file "$file" "$pattern" "$entry" - else - cat >> "$file" <<< "$entry" - fi - else - warn "The PHP configuration file '${file}' is not writable. The '${key}' option will not be configured." - fi -} - -######################## -# Ensure PHP is initialized -# Globals: -# PHP_* -# Arguments: -# None -# Returns: -# None -######################### -php_initialize() { - # Configure PHP options based on the runtime environment - info "Configuring PHP options" - if ! is_dir_empty "$PHP_DEFAULT_CONF_DIR"; then - # Copy default configuration to php configuration directory - cp -nr "$PHP_DEFAULT_CONF_DIR"/. "$PHP_CONF_DIR" - fi - php_set_runtime_config "$PHP_CONF_FILE" - - - # PHP-FPM configuration - ! is_empty_value "$PHP_FPM_LISTEN_ADDRESS" && info "Setting PHP-FPM listen option" && php_conf_set "listen" "$PHP_FPM_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Set PHP runtime options, based on user-provided environment variables -# Globals: -# PHP_* -# Arguments: -# None -# Returns: -# None -######################### -php_set_runtime_config() { - local -r conf_file="${1:?missing conf file}" - - ! is_empty_value "$PHP_DATE_TIMEZONE" && info "Setting PHP date.timezone option" && php_conf_set date.timezone "$PHP_DATE_TIMEZONE" "$conf_file" - ! is_empty_value "$PHP_ENABLE_OPCACHE" && info "Setting PHP opcache.enable option" && php_conf_set opcache.enable "$PHP_ENABLE_OPCACHE" "$conf_file" - ! is_empty_value "$PHP_EXPOSE_PHP" && info "Setting PHP expose_php option" && php_conf_set expose_php "$PHP_EXPOSE_PHP" "$conf_file" - ! is_empty_value "$PHP_MAX_EXECUTION_TIME" && info "Setting PHP max_execution_time option" && php_conf_set max_execution_time "$PHP_MAX_EXECUTION_TIME" "$conf_file" - ! is_empty_value "$PHP_MAX_INPUT_TIME" && info "Setting PHP max_input_time option" && php_conf_set max_input_time "$PHP_MAX_INPUT_TIME" "$conf_file" - ! is_empty_value "$PHP_MAX_INPUT_VARS" && info "Setting PHP max_input_vars option" && php_conf_set max_input_vars "$PHP_MAX_INPUT_VARS" "$conf_file" - ! is_empty_value "$PHP_MEMORY_LIMIT" && info "Setting PHP memory_limit option" && php_conf_set memory_limit "$PHP_MEMORY_LIMIT" "$conf_file" - ! is_empty_value "$PHP_POST_MAX_SIZE" && info "Setting PHP post_max_size option" && php_conf_set post_max_size "$PHP_POST_MAX_SIZE" "$conf_file" - ! is_empty_value "$PHP_UPLOAD_MAX_FILESIZE" && info "Setting PHP upload_max_filesize option" && php_conf_set upload_max_filesize "$PHP_UPLOAD_MAX_FILESIZE" "$conf_file" - ! is_empty_value "$PHP_OUTPUT_BUFFERING" && info "Setting PHP output_buffering option" && php_conf_set output_buffering "$PHP_OUTPUT_BUFFERING" "$conf_file" - - true -} - -######################## -# Convert a yes/no value to a PHP boolean -# Globals: -# None -# Arguments: -# $1 - yes/no value -# Returns: -# None -######################### -php_convert_to_boolean() { - local -r value="${1:?missing value}" - is_boolean_yes "$value" && echo "true" || echo "false" -} - -######################## -# Execute/run PHP code and print to stdout -# Globals: -# None -# Stdin: -# Code to execute -# Arguments: -# $1..$n - Input arguments to script -# Returns: -# None -######################### -php_execute_print_output() { - local php_cmd - # Obtain the command specified via stdin - php_cmd="$(/dev/null 2>&1 & - if ! retry_while "is_php_fpm_running"; then - error "php-fpm did not start" - error_code=1 - else - info "php-fpm started" - fi -else - info "php-fpm is already running" -fi - -exit "$error_code" diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/php/status.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/php/status.sh deleted file mode 100755 index 2ca4fb384d050..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/php/status.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -if is_php_fpm_running; then - info "php-fpm is already running" -else - info "php-fpm is not running" -fi diff --git a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh b/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh deleted file mode 100755 index 74274a4b4ee30..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -error_code=0 - -if is_php_fpm_running; then - BITNAMI_QUIET=1 php_fpm_stop - if ! retry_while "is_php_fpm_not_running"; then - error "php-fpm could not be stopped" - error_code=1 - else - info "php-fpm stopped" - fi -else - info "php-fpm is not running" -fi - -exit "$error_code" diff --git a/bitnami/laravel/10/debian-12/rootfs/post-init.d/php.sh b/bitnami/laravel/10/debian-12/rootfs/post-init.d/php.sh deleted file mode 100755 index 6be2585cbc533..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/post-init.d/php.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Executes custom PHP init scripts - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries with logging functions -if [[ -f /opt/bitnami/base/functions ]]; then - . /opt/bitnami/base/functions -else - . /opt/bitnami/scripts/liblog.sh -fi - -# Loop through all input files passed via stdin -read -r -a custom_init_scripts <<< "$@" -failure=0 -if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then - for custom_init_script in "${custom_init_scripts[@]}"; do - [[ "$custom_init_script" != *".php" ]] && continue - info "Executing ${custom_init_script} with PHP interpreter" - php "$custom_init_script" || failure=1 - [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" - done -fi - -exit "$failure" diff --git a/bitnami/laravel/10/debian-12/rootfs/post-init.sh b/bitnami/laravel/10/debian-12/rootfs/post-init.sh deleted file mode 100755 index 3c175be84663e..0000000000000 --- a/bitnami/laravel/10/debian-12/rootfs/post-init.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Only execute init scripts once -if [[ ! -f "/bitnami/laravel/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then - read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)" - if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/laravel/.user_scripts_initialized" ]]; then - mkdir -p "/bitnami/laravel" - for init_script in "${init_scripts[@]}"; do - for init_script_type_handler in /post-init.d/*.sh; do - "$init_script_type_handler" "$init_script" - done - done - fi - - touch "/bitnami/laravel/.user_scripts_initialized" -fi diff --git a/bitnami/laravel/10/debian-12/tags-info.yaml b/bitnami/laravel/10/debian-12/tags-info.yaml deleted file mode 100644 index 5afeffad1d917..0000000000000 --- a/bitnami/laravel/10/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "10" -- 10-debian-12 -- 10.3.3 diff --git a/bitnami/laravel/11/debian-12/Dockerfile b/bitnami/laravel/11/debian-12/Dockerfile index 64f46e6c2ad03..211d16abd5401 100644 --- a/bitnami/laravel/11/debian-12/Dockerfile +++ b/bitnami/laravel/11/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-28T17:01:02Z" \ + org.opencontainers.image.created="2025-01-11T18:19:59Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/laravel/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.1.0-debian-12-r0" \ + org.opencontainers.image.ref.name="11.5.0-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/laravel" \ org.opencontainers.image.title="laravel" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.1.0" + org.opencontainers.image.version="11.5.0" ENV OS_ARCH="${TARGETARCH:-amd64}" \ OS_FLAVOUR="debian-12" \ @@ -24,19 +25,19 @@ ENV OS_ARCH="${TARGETARCH:-amd64}" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages ca-certificates curl libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncursesw6 libnettle8 libnghttp2-14 libnsl2 libonig5 libp11-kit0 libpcre2-8-0 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libtirpc3 libunistring2 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 procps sqlite3 sudo zlib1g +RUN install_packages ca-certificates curl libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncursesw6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpcre2-8-0 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 procps sqlite3 sudo zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "php-8.3.7-1-linux-${OS_ARCH}-debian-12" \ - "node-20.13.1-1-linux-${OS_ARCH}-debian-12" \ - "laravel-11.1.0-0-linux-${OS_ARCH}-debian-12" \ + "python-3.13.1-1-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "php-8.4.2-7-linux-${OS_ARCH}-debian-12" \ + "node-22.13.0-1-linux-${OS_ARCH}-debian-12" \ + "laravel-11.5.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -50,7 +51,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/laravel/postunpack.sh RUN /opt/bitnami/scripts/php/postunpack.sh -ENV APP_VERSION="11.1.0" \ +ENV APP_VERSION="11.5.0" \ BITNAMI_APP_NAME="laravel" \ NODE_PATH="/opt/bitnami/node/lib/node_modules" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/node/bin:$PATH" \ diff --git a/bitnami/laravel/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/laravel/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index e7954e7df1d96..067100113c1cb 100644 --- a/bitnami/laravel/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/laravel/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,30 +3,30 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "11.1.0-0" + "version": "11.5.0-0" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "20.13.1-1" + "version": "22.13.0-1" }, "php": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.3.7-1" + "version": "8.4.2-7" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.13.1-1" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/laravel/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/laravel/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/laravel/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/laravel/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/laravel/11/debian-12/tags-info.yaml b/bitnami/laravel/11/debian-12/tags-info.yaml index 35b137b7acb9a..cd623e832ac43 100644 --- a/bitnami/laravel/11/debian-12/tags-info.yaml +++ b/bitnami/laravel/11/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "11" - 11-debian-12 -- 11.1.0 +- 11.5.0 - latest diff --git a/bitnami/laravel/README.md b/bitnami/laravel/README.md index 8515ec907112f..78faa3416e2cb 100644 --- a/bitnami/laravel/README.md +++ b/bitnami/laravel/README.md @@ -25,11 +25,17 @@ docker run --name laravel -v ${PWD}/my-project:/app bitnami/laravel:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Laravel in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Laravel in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -152,7 +158,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/logstash/7/README.md b/bitnami/logstash/7/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/logstash/7/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/logstash/7/debian-12/Dockerfile b/bitnami/logstash/7/debian-12/Dockerfile deleted file mode 100644 index f481bdeaeaee6..0000000000000 --- a/bitnami/logstash/7/debian-12/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG LOGSTASH_PLUGINS -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-24T14:09:51Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/logstash/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.17.21-debian-12-r5" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/logstash" \ - org.opencontainers.image.title="logstash" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.17.21" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "yq-4.44.1-1-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-12-0-linux-${OS_ARCH}-debian-12" \ - "logstash-7.17.21-4-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/logstash/postunpack.sh -ENV APP_VERSION="7.17.21" \ - BITNAMI_APP_NAME="logstash" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/logstash/bin:$PATH" - -EXPOSE 8080 - -WORKDIR /opt/bitnami/logstash -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/logstash/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/logstash/run.sh" ] diff --git a/bitnami/logstash/7/debian-12/docker-compose.yml b/bitnami/logstash/7/debian-12/docker-compose.yml deleted file mode 100644 index 6eea30ae03b7c..0000000000000 --- a/bitnami/logstash/7/debian-12/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - logstash: - image: docker.io/bitnami/logstash:7 - ports: - - 8080:8080 - volumes: - - logstash_data:/bitnami -volumes: - logstash_data: - driver: local diff --git a/bitnami/logstash/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/logstash/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 304b1cba45c81..0000000000000 --- a/bitnami/logstash/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "java": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "17.0.11-12-0" - }, - "logstash": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.17.21-4" - }, - "yq": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "4.44.1-1" - } -} \ No newline at end of file diff --git a/bitnami/logstash/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/logstash/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/logstash/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 8557631d25490..0000000000000 --- a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index c15af32e2f773..0000000000000 --- a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security -fi diff --git a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/liblogstash.sh b/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/liblogstash.sh deleted file mode 100644 index 3de8af7114a4e..0000000000000 --- a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/liblogstash.sh +++ /dev/null @@ -1,379 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Logstash library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libservice.sh - -######################## -# Validate settings in Logstash environment variables -# Globals: -# LOGSTASH_* -# Arguments: -# None -# Returns: -# None -######################### -logstash_validate() { - debug "Validating settings in LOGSTASH_* environment variables" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - check_resolved_hostname() { - if ! is_hostname_resolved "$1"; then - warn "Hostname ${1} could not be resolved, this could lead to connection issues" - fi - } - check_valid_port() { - local port_var="${1:?missing port variable}" - local err - if ! err="$(validate_port "${!port_var}")"; then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - check_resolved_hostname "$LOGSTASH_BIND_ADDRESS" - check_yes_no_value "LOGSTASH_EXPOSE_API" - check_valid_port "LOGSTASH_API_PORT_NUMBER" - check_yes_no_value "LOGSTASH_ENABLE_MULTIPLE_PIPELINES" - - # Pipeline configuration parameters - # Inputs - check_yes_no_value "LOGSTASH_ENABLE_BEATS_INPUT" - is_boolean_yes "$LOGSTASH_ENABLE_BEATS_INPUT" && check_valid_port "LOGSTASH_BEATS_PORT_NUMBER" - check_yes_no_value "LOGSTASH_ENABLE_GELF_INPUT" - is_boolean_yes "$LOGSTASH_ENABLE_GELF_INPUT" && check_valid_port "LOGSTASH_GELF_PORT_NUMBER" - check_yes_no_value "LOGSTASH_ENABLE_HTTP_INPUT" - is_boolean_yes "$LOGSTASH_ENABLE_HTTP_INPUT" && check_valid_port "LOGSTASH_HTTP_PORT_NUMBER" - check_yes_no_value "LOGSTASH_ENABLE_TCP_INPUT" - is_boolean_yes "$LOGSTASH_ENABLE_TCP_INPUT" && check_valid_port "LOGSTASH_TCP_PORT_NUMBER" - check_yes_no_value "LOGSTASH_ENABLE_UDP_INPUT" - is_boolean_yes "$LOGSTASH_ENABLE_UDP_INPUT" && check_valid_port "LOGSTASH_UDP_PORT_NUMBER" - # Outputs - check_yes_no_value "LOGSTASH_ENABLE_STDOUT_OUTPUT" - check_yes_no_value "LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT" - if is_boolean_yes "$LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT"; then - check_resolved_hostname "$LOGSTASH_ELASTICSEARCH_HOST" - check_valid_port "LOGSTASH_ELASTICSEARCH_PORT_NUMBER" - fi - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Create sample config file -# Globals: -# LOGSTASH_* -# Arguments: -# None -# Returns: -# None -######################### -logstash_create_sample_pipeline_config_file() { - # Default supported inputs/outputs come from historic Bitnami defaults - # Configuration reference: https://www.elastic.co/guide/en/logstash/current/config-examples.html - info "Creating sample config file" - local inputs="" - local outputs="" - # Parse inputs - if is_boolean_yes "$LOGSTASH_ENABLE_BEATS_INPUT"; then - inputs+=$'\n'"beats { - ssl => false - host => \"${LOGSTASH_BIND_ADDRESS}\" - port => ${LOGSTASH_BEATS_PORT_NUMBER} -}" - fi - if is_boolean_yes "$LOGSTASH_ENABLE_GELF_INPUT"; then - inputs+=$'\n'"gelf { - host => \"${LOGSTASH_BIND_ADDRESS}\" - port => ${LOGSTASH_GELF_PORT_NUMBER} -}" - fi - if is_boolean_yes "$LOGSTASH_ENABLE_HTTP_INPUT"; then - inputs+=$'\n'"http { - ssl => false - host => \"${LOGSTASH_BIND_ADDRESS}\" - port => ${LOGSTASH_HTTP_PORT_NUMBER} -}" - fi - if is_boolean_yes "$LOGSTASH_ENABLE_TCP_INPUT"; then - inputs+=$'\n'"tcp { - mode => \"server\" - host => \"${LOGSTASH_BIND_ADDRESS}\" - port => ${LOGSTASH_TCP_PORT_NUMBER} -}" - fi - if is_boolean_yes "$LOGSTASH_ENABLE_UDP_INPUT"; then - inputs+=$'\n'"udp { - host => \"${LOGSTASH_BIND_ADDRESS}\" - port => ${LOGSTASH_UDP_PORT_NUMBER} -}" - fi - # Parse outputs - is_boolean_yes "$LOGSTASH_ENABLE_STDOUT_OUTPUT" && outputs+=$'\n'"stdout { }" - if is_boolean_yes "$LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT"; then - outputs+=$'\n'"elasticsearch { - hosts => [\"${LOGSTASH_ELASTICSEARCH_HOST}:${LOGSTASH_ELASTICSEARCH_PORT_NUMBER}\"] - document_id => \"%{logstash_checksum}\" - index => \"logstash-%{+YYYY.MM.dd}\" -}" - fi - # Indent and add newline so it looks good - [[ -n "$inputs" ]] && inputs="$(indent "$inputs" 2)"$'\n' - [[ -n "$outputs" ]] && outputs="$(indent "$outputs" 2)"$'\n' - # Create the configuration file - cat >"$LOGSTASH_PIPELINE_CONF_FILE" <"$tempfile" - ;; - int) - yq eval "(.${key}) |= ${value}" "$conf_file" >"$tempfile" - ;; - bool) - yq eval "(.${key}) |= (\"${value}\" | test(\"true\"))" "$conf_file" >"$tempfile" - ;; - *) - error "Type unknown: ${type}" - return 1 - ;; - esac - cp "$tempfile" "$conf_file" -} - -######################## -# Ensure Logstash is initialized -# Globals: -# LOGSTASH_* -# Arguments: -# None -# Returns: -# None -######################### -logstash_initialize() { - info "Initializing Logstash" - - logstash_set_heap_size - - # Based on naming from https://www.elastic.co/guide/en/logstash/current/config-setting-files.html - if ! is_mounted_dir_empty "$LOGSTASH_MOUNTED_CONF_DIR"; then - info "Mounted setting files detected" - cp -Lr "$LOGSTASH_MOUNTED_CONF_DIR"/. "$LOGSTASH_CONF_DIR" - fi - - if is_boolean_yes "$LOGSTASH_EXPOSE_API"; then - if is_file_writable "$LOGSTASH_CONF_FILE"; then - info "Enabling Logstash API endpoint" - logstash_yml_set "$LOGSTASH_CONF_FILE" '"api.http.host"' "$LOGSTASH_BIND_ADDRESS" - logstash_yml_set "$LOGSTASH_CONF_FILE" '"api.http.port"' "$LOGSTASH_API_PORT_NUMBER" - else - warn "The Logstash configuration file '${LOGSTASH_CONF_FILE}' is not writable. Configurations based on environment variables will be passed as command-line arguments instead." - fi - fi - - if is_boolean_yes "$LOGSTASH_ENABLE_MULTIPLE_PIPELINES"; then - if [[ -e "${LOGSTASH_MOUNTED_CONF_DIR}/pipelines.yml" ]]; then - info "Detected mounted 'pipelines.yml' configuration file for multiple pipelines" - else - logstash_create_sample_pipelines_yml_file - fi - fi - - # Skip further configuration if Logstash pipeline configuration was passed as a string - [[ -n "$LOGSTASH_PIPELINE_CONF_STRING" ]] && return - - if ! is_mounted_dir_empty "$LOGSTASH_MOUNTED_PIPELINE_CONF_DIR"; then - info "Detected mounted pipeline configuration files" - cp -Lr "$LOGSTASH_MOUNTED_PIPELINE_CONF_DIR"/* "$LOGSTASH_PIPELINE_CONF_DIR" - elif [[ -e "${LOGSTASH_MOUNTED_CONF_DIR}/${LOGSTASH_PIPELINE_CONF_FILENAME}" ]]; then - # Support for legacy configuration before configurations were separated into 'config' and 'pipeline' - warn "Detected mounted '${LOGSTASH_MOUNTED_CONF_DIR}/${LOGSTASH_PIPELINE_CONF_FILENAME}' pipeline configuration file in legacy directory." - warn "Support for this configuration may be deprecated in a future version of this image. Please mount the pipeline files to '${LOGSTASH_MOUNTED_PIPELINE_CONF_DIR}' instead." - cp -Lr "${LOGSTASH_MOUNTED_CONF_DIR}/${LOGSTASH_PIPELINE_CONF_FILENAME}" "$LOGSTASH_PIPELINE_CONF_DIR" - elif is_dir_empty "$LOGSTASH_PIPELINE_CONF_DIR"; then - logstash_create_sample_pipeline_config_file - else - info "Detected existing files in '${LOGSTASH_PIPELINE_CONF_DIR}', skipping sample pipeline generation" - fi -} - -######################## -# Check if Logstash is running -# Globals: -# LOGSTASH_PID_FILE -# Arguments: -# None -# Returns: -# Boolean -######################### -is_logstash_running() { - # Logstash does not create any PID file - # We regenerate the PID file for each time we query it to avoid getting outdated - pgrep -f "org.logstash.Logstash" >"$LOGSTASH_PID_FILE" - - local pid - pid="$(get_pid_from_file "$LOGSTASH_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Logstash is not running -# Globals: -# LOGSTASH_PID_FILE -# Arguments: -# None -# Returns: -# Boolean -######################### -is_logstash_not_running() { - ! is_logstash_running - return "$?" -} - -######################## -# Stop Logstash -# Globals: -# LOGSTASH_PID_FILE -# Arguments: -# None -# Returns: -# None -######################### -logstash_stop() { - ! is_logstash_running && return - debug "Stopping Logstash" - stop_service_using_pid "$LOGSTASH_PID_FILE" -} - -######################## -# Install Logstash plugins -# Globals: -# LOGSTASH_* -# Arguments: -# None -# Returns: -# None -######################### -logstash_install_plugins() { - read -r -a plugins_list <<<"$(tr ',;' ' ' <<<"$LOGSTASH_PLUGINS")" - - # Skip if there isn't any plugin to install - [[ -z "${plugins_list[*]:-}" ]] && return - - # Install plugins - info "Installing plugins: ${plugins_list[*]}" - for plugin in "${plugins_list[@]}"; do - debug "Installing plugin: ${plugin}" - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - logstash-plugin install "$plugin" - else - logstash-plugin install "$plugin" >/dev/null 2>&1 - fi - done -} diff --git a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash-env.sh b/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash-env.sh deleted file mode 100644 index e058c33e5ff6c..0000000000000 --- a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash-env.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for logstash - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-logstash}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -logstash_env_vars=( - LOGSTASH_PIPELINE_CONF_FILENAME - LOGSTASH_BIND_ADDRESS - LOGSTASH_EXPOSE_API - LOGSTASH_API_PORT_NUMBER - LOGSTASH_PIPELINE_CONF_STRING - LOGSTASH_PLUGINS - LOGSTASH_EXTRA_FLAGS - LOGSTASH_HEAP_SIZE - LOGSTASH_MAX_ALLOWED_MEMORY_PERCENTAGE - LOGSTASH_MAX_ALLOWED_MEMORY - LOGSTASH_ENABLE_MULTIPLE_PIPELINES - LOGSTASH_ENABLE_BEATS_INPUT - LOGSTASH_BEATS_PORT_NUMBER - LOGSTASH_ENABLE_GELF_INPUT - LOGSTASH_GELF_PORT_NUMBER - LOGSTASH_ENABLE_HTTP_INPUT - LOGSTASH_HTTP_PORT_NUMBER - LOGSTASH_ENABLE_TCP_INPUT - LOGSTASH_TCP_PORT_NUMBER - LOGSTASH_ENABLE_UDP_INPUT - LOGSTASH_UDP_PORT_NUMBER - LOGSTASH_ENABLE_STDOUT_OUTPUT - LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT - LOGSTASH_ELASTICSEARCH_HOST - LOGSTASH_ELASTICSEARCH_PORT_NUMBER - LOGSTASH_CONF_FILENAME - LOGSTASH_CONF_STRING - LOGSTASH_EXTRA_ARGS -) -for env_var in "${logstash_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset logstash_env_vars - -# Paths -export LOGSTASH_BASE_DIR="/opt/bitnami/logstash" -export LOGSTASH_CONF_DIR="${LOGSTASH_BASE_DIR}/config" -export LOGSTASH_DEFAULT_CONF_DIR="${LOGSTASH_BASE_DIR}/config.default" -export LOGSTASH_PIPELINE_CONF_DIR="${LOGSTASH_BASE_DIR}/pipeline" -export LOGSTASH_DEFAULT_PIPELINE_CONF_DIR="${LOGSTASH_BASE_DIR}/pipeline.default" -export LOGSTASH_BIN_DIR="${LOGSTASH_BASE_DIR}/bin" -export LOGSTASH_CONF_FILE="${LOGSTASH_CONF_DIR}/logstash.yml" -LOGSTASH_PIPELINE_CONF_FILENAME="${LOGSTASH_PIPELINE_CONF_FILENAME:-"${LOGSTASH_CONF_FILENAME:-}"}" -export LOGSTASH_PIPELINE_CONF_FILENAME="${LOGSTASH_PIPELINE_CONF_FILENAME:-logstash.conf}" -export LOGSTASH_PIPELINE_CONF_FILE="${LOGSTASH_PIPELINE_CONF_DIR}/${LOGSTASH_PIPELINE_CONF_FILENAME}" -export LOGSTASH_VOLUME_DIR="/bitnami/logstash" -export LOGSTASH_DATA_DIR="${LOGSTASH_VOLUME_DIR}/data" -export LOGSTASH_MOUNTED_CONF_DIR="${LOGSTASH_VOLUME_DIR}/config" -export LOGSTASH_MOUNTED_PIPELINE_CONF_DIR="${LOGSTASH_VOLUME_DIR}/pipeline" - -# System users (when running with a privileged user) -export LOGSTASH_DAEMON_USER="logstash" -export LOGSTASH_DAEMON_GROUP="logstash" - -# Logstash configuration -export LOGSTASH_BIND_ADDRESS="${LOGSTASH_BIND_ADDRESS:-0.0.0.0}" -export LOGSTASH_EXPOSE_API="${LOGSTASH_EXPOSE_API:-no}" -export LOGSTASH_API_PORT_NUMBER="${LOGSTASH_API_PORT_NUMBER:-9600}" -LOGSTASH_PIPELINE_CONF_STRING="${LOGSTASH_PIPELINE_CONF_STRING:-"${LOGSTASH_CONF_STRING:-}"}" -export LOGSTASH_PIPELINE_CONF_STRING="${LOGSTASH_PIPELINE_CONF_STRING:-}" -export LOGSTASH_PLUGINS="${LOGSTASH_PLUGINS:-}" -LOGSTASH_EXTRA_FLAGS="${LOGSTASH_EXTRA_FLAGS:-"${LOGSTASH_EXTRA_ARGS:-}"}" -export LOGSTASH_EXTRA_FLAGS="${LOGSTASH_EXTRA_FLAGS:-}" -export LOGSTASH_HEAP_SIZE="${LOGSTASH_HEAP_SIZE:-1024m}" -export LOGSTASH_MAX_ALLOWED_MEMORY_PERCENTAGE="${LOGSTASH_MAX_ALLOWED_MEMORY_PERCENTAGE:-100}" -export LOGSTASH_MAX_ALLOWED_MEMORY="${LOGSTASH_MAX_ALLOWED_MEMORY:-}" - -# Logstash pipeline configuration -export LOGSTASH_ENABLE_MULTIPLE_PIPELINES="${LOGSTASH_ENABLE_MULTIPLE_PIPELINES:-no}" -export LOGSTASH_ENABLE_BEATS_INPUT="${LOGSTASH_ENABLE_BEATS_INPUT:-no}" -export LOGSTASH_BEATS_PORT_NUMBER="${LOGSTASH_BEATS_PORT_NUMBER:-5044}" -export LOGSTASH_ENABLE_GELF_INPUT="${LOGSTASH_ENABLE_GELF_INPUT:-no}" -export LOGSTASH_GELF_PORT_NUMBER="${LOGSTASH_GELF_PORT_NUMBER:-12201}" -export LOGSTASH_ENABLE_HTTP_INPUT="${LOGSTASH_ENABLE_HTTP_INPUT:-yes}" -export LOGSTASH_HTTP_PORT_NUMBER="${LOGSTASH_HTTP_PORT_NUMBER:-8080}" -export LOGSTASH_ENABLE_TCP_INPUT="${LOGSTASH_ENABLE_TCP_INPUT:-no}" -export LOGSTASH_TCP_PORT_NUMBER="${LOGSTASH_TCP_PORT_NUMBER:-5010}" -export LOGSTASH_ENABLE_UDP_INPUT="${LOGSTASH_ENABLE_UDP_INPUT:-no}" -export LOGSTASH_UDP_PORT_NUMBER="${LOGSTASH_UDP_PORT_NUMBER:-5000}" -export LOGSTASH_ENABLE_STDOUT_OUTPUT="${LOGSTASH_ENABLE_STDOUT_OUTPUT:-yes}" -export LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT="${LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT:-no}" -export LOGSTASH_ELASTICSEARCH_HOST="${LOGSTASH_ELASTICSEARCH_HOST:-elasticsearch}" -export LOGSTASH_ELASTICSEARCH_PORT_NUMBER="${LOGSTASH_ELASTICSEARCH_PORT_NUMBER:-9200}" - -# Default JVM configuration -export JAVA_HOME="${BITNAMI_ROOT_DIR}/java" - -# Other parameters -export PATH="${LOGSTASH_BIN_DIR}:${JAVA_HOME}/bin:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" - -# Custom environment variables may be defined below diff --git a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/entrypoint.sh b/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/entrypoint.sh deleted file mode 100755 index ac255ac06fffd..0000000000000 --- a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/entrypoint.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -#set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/liblogstash.sh - -# Load Logstash environment variables -. /opt/bitnami/scripts/logstash-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/logstash/config -# /opt/bitnami/logstash/pipeline) -if ! is_dir_empty "$LOGSTASH_DEFAULT_CONF_DIR"; then - debug "Copying files from $LOGSTASH_DEFAULT_CONF_DIR to $LOGSTASH_CONF_DIR" - cp -nr "$LOGSTASH_DEFAULT_CONF_DIR"/. "$LOGSTASH_CONF_DIR" -fi -if ! is_dir_empty "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR"; then - debug "Copying files from $LOGSTASH_DEFAULT_PIPELINE_CONF_DIR to $LOGSTASH_PIPELINE_CONF_DIR" - cp -nr "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR"/. "$LOGSTASH_PIPELINE_CONF_DIR" -fi - -if [[ "$*" = *"/opt/bitnami/scripts/logstash/run.sh"* ]]; then - info "** Starting Logstash setup **" - /opt/bitnami/scripts/logstash/setup.sh - info "** Logstash setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/postunpack.sh b/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/postunpack.sh deleted file mode 100755 index 7dc38e98b2a37..0000000000000 --- a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/postunpack.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblogstash.sh - -# Load Logstash environment variables -. /opt/bitnami/scripts/logstash-env.sh - -info "Creating Logstash daemon user" -ensure_user_exists "$LOGSTASH_DAEMON_USER" --group "$LOGSTASH_DAEMON_GROUP" - -for dir in "$LOGSTASH_BASE_DIR/vendor/bundle/jruby" "$LOGSTASH_CONF_DIR" "$LOGSTASH_PIPELINE_CONF_DIR" "$LOGSTASH_DEFAULT_CONF_DIR" "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR" "$LOGSTASH_MOUNTED_CONF_DIR" "$LOGSTASH_MOUNTED_PIPELINE_CONF_DIR" "$LOGSTASH_VOLUME_DIR" "$LOGSTASH_DATA_DIR"; do - ensure_dir_exists "$dir" - configure_permissions_ownership "$dir" -d "775" -f "664" -u "$LOGSTASH_DAEMON_USER" -g "root" -done - -for file in "$LOGSTASH_BASE_DIR/Gemfile" "$LOGSTASH_BASE_DIR/Gemfile.lock"; do - configure_permissions_ownership "$file" -f "664" -u "$LOGSTASH_DAEMON_USER" -g "root" -done - -info "Configuring paths" -logstash_yml_set "$LOGSTASH_CONF_FILE" '"path.data"' "$LOGSTASH_DATA_DIR" - -info "Configuring logging to standard output" -# Back up the original file for users who'd like to use logfile logging -cp -L "${LOGSTASH_CONF_DIR}/log4j2.properties" "${LOGSTASH_CONF_DIR}/log4j2.orig.properties" -cat > "${LOGSTASH_CONF_DIR}/log4j2.properties" << EOF -status = error -name = LogstashPropertiesConfig - -appender.console.type = Console -appender.console.name = plain_console -appender.console.layout.type = PatternLayout -appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c]%notEmpty{[%X{pipeline.id}]}%notEmpty{[%X{plugin.id}]} %m%n - -appender.json_console.type = Console -appender.json_console.name = json_console -appender.json_console.layout.type = JSONLayout -appender.json_console.layout.compact = true -appender.json_console.layout.eventEol = true - -rootLogger.level = \${sys:ls.log.level} -rootLogger.appenderRef.console.ref = \${sys:ls.log.format}_console -EOF - -logstash_install_plugins - -# As the gems directory depends on the jruby version, we need to create a symlink /opt/bitnami/logstash/gems -# so we can mount an emptydir in readOnlyRootFilesystem -ln -s /opt/bitnami/logstash/vendor/bundle/jruby/*/gems /opt/bitnami/logstash/gems - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -if ! is_dir_empty "$LOGSTASH_CONF_DIR"; then - cp -r "$LOGSTASH_CONF_DIR"/* "$LOGSTASH_DEFAULT_CONF_DIR" - chmod o+r -R "$LOGSTASH_DEFAULT_CONF_DIR" -fi -if ! is_dir_empty "$LOGSTASH_PIPELINE_CONF_DIR"; then - cp -r "$LOGSTASH_PIPELINE_CONF_DIR"/* "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR" - chmod o+r -R "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR" -fi \ No newline at end of file diff --git a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/run.sh b/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/run.sh deleted file mode 100755 index 01ab241e6e99b..0000000000000 --- a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/run.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/liblogstash.sh - -# Load Logstash environment variables -. /opt/bitnami/scripts/logstash-env.sh - -declare -a cmd=("logstash") - -if is_boolean_yes "$LOGSTASH_EXPOSE_API"; then - cmd+=("--api.http.host" "$LOGSTASH_BIND_ADDRESS" "--api.http.port" "$LOGSTASH_API_PORT_NUMBER") -fi - -if [[ -n "$LOGSTASH_PIPELINE_CONF_STRING" ]]; then - cmd+=("-e" "$LOGSTASH_PIPELINE_CONF_STRING") -elif ! is_boolean_yes "$LOGSTASH_ENABLE_MULTIPLE_PIPELINES"; then - cmd+=("-f" "$LOGSTASH_PIPELINE_CONF_DIR") -fi - -declare -a extra_args=() -read -r -a extra_args <<< "$LOGSTASH_EXTRA_FLAGS" -[[ "${#extra_args[@]}" -gt 0 ]] && cmd+=("${extra_args[@]}") - -# JAVA_HOME to be deprecated, see warning: -# warning: usage of JAVA_HOME is deprecated, use LS_JAVA_HOME -export LS_JAVA_HOME=/opt/bitnami/java - -info "** Starting Logstash **" -if am_i_root; then - exec_as_user "$LOGSTASH_DAEMON_USER" "${cmd[@]}" -else - exec "${cmd[@]}" -fi diff --git a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/setup.sh b/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/setup.sh deleted file mode 100755 index 0c86c3299aae9..0000000000000 --- a/bitnami/logstash/7/debian-12/rootfs/opt/bitnami/scripts/logstash/setup.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/liblogstash.sh - -# Load Logstash environment variables -. /opt/bitnami/scripts/logstash-env.sh - -# Ensure Logstash environment variables are valid -logstash_validate - -# Ensure 'daemon' user exists when running as 'root' -am_i_root && ensure_user_exists "$LOGSTASH_DAEMON_USER" --group "$LOGSTASH_DAEMON_GROUP" - -# Ensure Logstash is initialized -logstash_initialize -# Install Logstash plugins -logstash_install_plugins diff --git a/bitnami/logstash/7/debian-12/tags-info.yaml b/bitnami/logstash/7/debian-12/tags-info.yaml deleted file mode 100644 index 7d0322a3a34ac..0000000000000 --- a/bitnami/logstash/7/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "7" -- 7-debian-12 -- 7.17.21 diff --git a/bitnami/logstash/8/debian-12/Dockerfile b/bitnami/logstash/8/debian-12/Dockerfile index 17a16c4ff4ef0..dad9e7179ae65 100644 --- a/bitnami/logstash/8/debian-12/Dockerfile +++ b/bitnami/logstash/8/debian-12/Dockerfile @@ -3,21 +3,22 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" ARG LOGSTASH_PLUGINS ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-24T16:44:44Z" \ + org.opencontainers.image.created="2025-01-11T18:29:28Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/logstash/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="8.13.4-debian-12-r3" \ + org.opencontainers.image.ref.name="8.17.0-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/logstash" \ org.opencontainers.image.title="logstash" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="8.13.4" + org.opencontainers.image.version="8.17.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -30,14 +31,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-1-linux-${OS_ARCH}-debian-12" \ - "java-17.0.11-12-0-linux-${OS_ARCH}-debian-12" \ - "logstash-8.13.4-3-linux-${OS_ARCH}-debian-12" \ + "yq-4.44.6-0-linux-${OS_ARCH}-debian-12" \ + "java-17.0.13-12-1-linux-${OS_ARCH}-debian-12" \ + "logstash-8.17.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -52,7 +53,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/java/postunpack.sh RUN /opt/bitnami/scripts/logstash/postunpack.sh -ENV APP_VERSION="8.13.4" \ +ENV APP_VERSION="8.17.0" \ BITNAMI_APP_NAME="logstash" \ JAVA_HOME="/opt/bitnami/java" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/logstash/bin:$PATH" diff --git a/bitnami/logstash/8/debian-12/docker-compose.yml b/bitnami/logstash/8/debian-12/docker-compose.yml index b49a4d7e1839b..86eab3c201324 100644 --- a/bitnami/logstash/8/debian-12/docker-compose.yml +++ b/bitnami/logstash/8/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: logstash: image: docker.io/bitnami/logstash:8 diff --git a/bitnami/logstash/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/logstash/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 501cd3f51e24e..2f4f0e042b339 100644 --- a/bitnami/logstash/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/logstash/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "17.0.11-12-0" + "version": "17.0.13-12-1" }, "logstash": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.13.4-3" + "version": "8.17.0-0" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-1" + "version": "4.44.6-0" } } \ No newline at end of file diff --git a/bitnami/logstash/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/logstash/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/logstash/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/logstash/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/logstash/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/logstash/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh index 8557631d25490..38802fc0bfe91 100755 --- a/bitnami/logstash/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ b/bitnami/logstash/8/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -13,6 +13,11 @@ set -o pipefail . /opt/bitnami/scripts/libbitnami.sh . /opt/bitnami/scripts/liblog.sh +if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then + # Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9 + unset JAVA_TOOL_OPTIONS +fi + print_welcome_page echo "" diff --git a/bitnami/logstash/8/debian-12/tags-info.yaml b/bitnami/logstash/8/debian-12/tags-info.yaml index ae6ae606ffce0..29c22b8e57647 100644 --- a/bitnami/logstash/8/debian-12/tags-info.yaml +++ b/bitnami/logstash/8/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "8" - 8-debian-12 -- 8.13.4 +- 8.17.0 - latest diff --git a/bitnami/logstash/README.md b/bitnami/logstash/README.md index b17a01e9279a9..f012e7f3ee8dd 100644 --- a/bitnami/logstash/README.md +++ b/bitnami/logstash/README.md @@ -22,7 +22,7 @@ docker run --name logstash bitnami/logstash:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Logstash in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Logstash in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Logstash in Kubernetes? @@ -32,11 +32,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -309,7 +315,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/logstash/docker-compose-testing.yml b/bitnami/logstash/docker-compose-testing.yml new file mode 100644 index 0000000000000..607688c32f327 --- /dev/null +++ b/bitnami/logstash/docker-compose-testing.yml @@ -0,0 +1,15 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + logstash: + image: docker.io/bitnami/logstash:8 + ports: + - 8080:8080 + environment: + - LOGSTASH_CONF_STRING=input {http { port => 8080 }} output {file {path => "/tmp/logstash_output"}} + volumes: + - logstash_data:/bitnami/logstash +volumes: + logstash_data: + driver: local diff --git a/bitnami/logstash/docker-compose.yml b/bitnami/logstash/docker-compose.yml index b49a4d7e1839b..86eab3c201324 100644 --- a/bitnami/logstash/docker-compose.yml +++ b/bitnami/logstash/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: logstash: image: docker.io/bitnami/logstash:8 diff --git a/bitnami/magento/2/debian-12/Dockerfile b/bitnami/magento/2/debian-12/Dockerfile deleted file mode 100644 index 74205a19a7122..0000000000000 --- a/bitnami/magento/2/debian-12/Dockerfile +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:35:46Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/magento/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.4.7-debian-12-r5" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/magento" \ - org.opencontainers.image.title="magento" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.4.7" - -ENV OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages acl ca-certificates cron curl libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "php-8.2.19-0-linux-${OS_ARCH}-debian-12" \ - "apache-2.4.59-2-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-12-linux-${OS_ARCH}-debian-12" \ - "mysql-client-10.6.17-5-linux-${OS_ARCH}-debian-12" \ - "libphp-8.2.19-1-linux-${OS_ARCH}-debian-12" \ - "magento-2.4.7-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN sed -i -e '/pam_loginuid.so/ s/^#*/#/' /etc/pam.d/cron - -COPY rootfs / -RUN /opt/bitnami/scripts/apache/postunpack.sh -RUN /opt/bitnami/scripts/php/postunpack.sh -RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh -RUN /opt/bitnami/scripts/magento/postunpack.sh -RUN /opt/bitnami/scripts/mysql-client/postunpack.sh -ENV APACHE_HTTPS_PORT_NUMBER="" \ - APACHE_HTTP_PORT_NUMBER="" \ - APP_VERSION="2.4.7" \ - BITNAMI_APP_NAME="magento" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:/opt/bitnami/magento/bin:$PATH" - -EXPOSE 8080 8443 - -ENTRYPOINT [ "/opt/bitnami/scripts/magento/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/magento/run.sh" ] diff --git a/bitnami/magento/2/debian-12/docker-compose.yml b/bitnami/magento/2/debian-12/docker-compose.yml deleted file mode 100644 index 79cab1c8b9747..0000000000000 --- a/bitnami/magento/2/debian-12/docker-compose.yml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - mariadb: - image: docker.io/bitnami/mariadb:10.6 - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_magento - - MARIADB_DATABASE=bitnami_magento - volumes: - - 'mariadb_data:/bitnami/mariadb' - magento: - image: docker.io/bitnami/magento:2 - ports: - - '80:8080' - - '443:8443' - environment: - - MAGENTO_HOST=localhost - - MAGENTO_DATABASE_HOST=mariadb - - MAGENTO_DATABASE_PORT_NUMBER=3306 - - MAGENTO_DATABASE_USER=bn_magento - - MAGENTO_DATABASE_NAME=bitnami_magento - - ELASTICSEARCH_HOST=elasticsearch - - ELASTICSEARCH_PORT_NUMBER=9200 - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - 'magento_data:/bitnami/magento' - depends_on: - - mariadb - - elasticsearch - elasticsearch: - image: docker.io/bitnami/elasticsearch:7 - volumes: - - 'elasticsearch_data:/bitnami/elasticsearch/data' -volumes: - mariadb_data: - driver: local - magento_data: - driver: local - elasticsearch_data: - driver: local diff --git a/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index c32f5a86e74d5..0000000000000 --- a/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "apache": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.4.59-2" - }, - "libphp": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.2.19-1" - }, - "magento": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.4.7-1" - }, - "mysql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.6.17-5" - }, - "php": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.2.19-0" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-12" - } -} \ No newline at end of file diff --git a/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/magento/2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf deleted file mode 100644 index 6016f8fbe5829..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf +++ /dev/null @@ -1,5 +0,0 @@ - - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript - AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript - AddOutputFilterByType DEFLATE application/rss+xml - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf deleted file mode 100644 index c0838da2a4e53..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf +++ /dev/null @@ -1,7 +0,0 @@ - - ServerName status.localhost - - Require local - SetHandler server-status - - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh deleted file mode 100644 index b8762c6583591..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for apache - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-apache}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -apache_env_vars=( - APACHE_HTTP_PORT_NUMBER - APACHE_HTTPS_PORT_NUMBER - APACHE_SERVER_TOKENS - APACHE_HTTP_PORT - APACHE_HTTPS_PORT -) -for env_var in "${apache_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset apache_env_vars -export WEB_SERVER_TYPE="apache" - -# Paths -export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache" -export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin" -export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf" -export APACHE_DEFAULT_CONF_DIR="${APACHE_BASE_DIR}/conf.default" -export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs" -export APACHE_TMP_DIR="${APACHE_BASE_DIR}/var/run" -export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs" -export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts" -export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess" -export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf" -export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid" -export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" - -# System users (when running with a privileged user) -export APACHE_DAEMON_USER="daemon" -export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER" -export APACHE_DAEMON_GROUP="daemon" -export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP" -export WEB_SERVER_GROUP="$APACHE_DAEMON_GROUP" - -# Apache configuration -export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080" -export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER" # only used at build time -export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443" -export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER" # only used at build time -APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-"${APACHE_HTTP_PORT:-}"}" -export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}" -export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER" -APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-"${APACHE_HTTPS_PORT:-}"}" -export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}" -export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER" -export APACHE_SERVER_TOKENS="${APACHE_SERVER_TOKENS:-Prod}" - -# Custom environment variables may be defined below diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh deleted file mode 100755 index f2303ab692fbf..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libversion.sh -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh -. /opt/bitnami/scripts/php-env.sh - -# Enable required Apache modules -apache_enable_module "mpm_prefork_module" -php_version="$("${PHP_BIN_DIR}/php" -v | grep ^PHP | cut -d' ' -f2))" -php_major_version="$(get_sematic_version "$php_version" 1)" -if [[ "$php_major_version" -eq "8" ]]; then - apache_enable_module "php_module" "modules/libphp.so" -else - apache_enable_module "php${php_major_version}_module" "modules/libphp${php_major_version}.so" -fi - -# Disable incompatible Apache modules -apache_disable_module "mpm_event_module" - -# Write Apache configuration -apache_php_conf_file="${APACHE_CONF_DIR}/bitnami/php.conf" -cat > "$apache_php_conf_file" < - {{server_name_configuration}} - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl deleted file mode 100644 index 589538513c9c9..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl deleted file mode 100644 index c895e537502a2..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl +++ /dev/null @@ -1 +0,0 @@ -{{additional_configuration}} diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl deleted file mode 100644 index 96be8f8227715..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - - {{additional_http_configuration}} - {{additional_configuration}} - {{htaccess_include}} - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl deleted file mode 100644 index 1ad938929726e..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - - {{additional_https_configuration}} - {{additional_configuration}} - {{htaccess_include}} - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl deleted file mode 100644 index fc0f6c2181961..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - -{{additional_configuration}} -{{htaccess_include}} diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl deleted file mode 100644 index 9440b89d28bfa..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - {{proxy_configuration}} - {{proxy_http_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl deleted file mode 100644 index 577cd461eb9dc..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - {{proxy_configuration}} - {{proxy_https_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl deleted file mode 100644 index 7ac08b131680b..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{proxy_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{extra_directory_configuration}} - -{{additional_configuration}} diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl deleted file mode 100644 index f518c7d42aab8..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} -PassengerPreStart http://localhost:{{http_port}}/ - - {{server_name_configuration}} - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl deleted file mode 100644 index 5aae54c37d3ba..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} -PassengerPreStart https://localhost:{{https_port}}/ - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl deleted file mode 100644 index 2242d656b5a83..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - -{{additional_configuration}} diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl deleted file mode 100644 index f1d31ed3ecc35..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl +++ /dev/null @@ -1,29 +0,0 @@ -# Default SSL Virtual Host configuration. - - - LoadModule ssl_module modules/mod_ssl.so - - -Listen 443 -SSLProtocol all -SSLv2 -SSLv3 -SSLHonorCipherOrder on -SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4" -SSLPassPhraseDialog builtin -SSLSessionCache "shmcb:{{APACHE_LOGS_DIR}}/ssl_scache(512000)" -SSLSessionCacheTimeout 300 - - - DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - - # Error Documents - ErrorDocument 503 /503.html - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl deleted file mode 100644 index 75a255c3efee8..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl +++ /dev/null @@ -1,17 +0,0 @@ -# Default Virtual Host configuration. - -# Let Apache know we're behind a SSL reverse proxy -SetEnvIf X-Forwarded-Proto https HTTPS=on - - - DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - - # Error Documents - ErrorDocument 503 /503.html - - diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh deleted file mode 100755 index f43c6c4fe59c6..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -#set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/apache/conf) -debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" -cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" - -if [[ "$*" == *"/opt/bitnami/scripts/apache/run.sh"* ]]; then - info "** Starting Apache setup **" - /opt/bitnami/scripts/apache/setup.sh - info "** Apache setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh deleted file mode 100755 index eb8f766a37bf1..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh - -######################## -# Sets up the default Bitnami configuration -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_setup_bitnami_config() { - local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" - - # Enable Apache modules - local -a modules_to_enable=( - "deflate_module" - "negotiation_module" - "proxy[^\s]*_module" - "rewrite_module" - "slotmem_shm_module" - "socache_shmcb_module" - "ssl_module" - "status_module" - "version_module" - ) - for module in "${modules_to_enable[@]}"; do - apache_enable_module "$module" - done - - # Disable Apache modules - local -a modules_to_disable=( - "http2_module" - "proxy_hcheck_module" - "proxy_html_module" - "proxy_http2_module" - ) - for module in "${modules_to_disable[@]}"; do - apache_disable_module "$module" - done - - # Bitnami customizations - ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" - render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" - render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - - # Add new configuration only once, to avoid a second postunpack run breaking Apache - local apache_conf_add - apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < - RequestHeader unset Proxy - -EOF - fi -} - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -apache_setup_bitnami_config - -# Ensure non-root user has write permissions on a set of directories -for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides -ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" - -ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" -ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" - -# This file is necessary for avoiding the error -# "unable to write random state" -# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean - -touch /.rnd && chmod g+rw /.rnd - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh deleted file mode 100755 index b5c43c48391c1..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -info "** Reloading Apache configuration **" -exec "${APACHE_BIN_DIR}/apachectl" -k graceful diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh deleted file mode 100755 index 7735dea1e9626..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -/opt/bitnami/scripts/apache/stop.sh -/opt/bitnami/scripts/apache/start.sh diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh deleted file mode 100755 index 23f1e3179c505..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -info "** Starting Apache **" -exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh deleted file mode 100755 index c1f6b373c1cd6..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -# Ensure Apache environment variables are valid -apache_validate - -# Ensure Apache daemon user exists when running as 'root' -am_i_root && ensure_user_exists "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" - -if ! is_dir_empty "$APACHE_DEFAULT_CONF_DIR"; then - # We add the copy from default config in the initialize function for web applications - # that make use of the Apache setup.sh script - debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" - cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" -fi -# Generate SSL certs (without a passphrase) -ensure_dir_exists "${APACHE_CONF_DIR}/bitnami/certs" -if [[ ! -f "${APACHE_CONF_DIR}/bitnami/certs/server.crt" ]]; then - info "Generating sample certificates" - SSL_KEY_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.key" - SSL_CERT_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.crt" - SSL_CSR_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.csr" - SSL_SUBJ="/CN=example.com" - SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" - rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" - openssl genrsa -out "$SSL_KEY_FILE" 4096 - # OpenSSL version 1.0.x does not use the same parameters as OpenSSL >= 1.1.x - if [[ "$(openssl version | grep -oE "[0-9]+\.[0-9]+")" == "1.0" ]]; then - openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" - else - openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" - fi - openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") - rm -f "$SSL_CSR_FILE" -fi -# Load SSL configuration -if [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]] && [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then - ensure_apache_configuration_exists "Include \"${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf\"" "bitnami-ssl\.conf" "${APACHE_CONF_DIR}/bitnami/bitnami.conf" -fi - -# Copy vhosts files -if ! is_dir_empty "/vhosts"; then - info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'" - cp -Lr "/vhosts/." "${APACHE_VHOSTS_DIR}" -fi - -# Mount certificate files -if ! is_dir_empty "${APACHE_BASE_DIR}/certs"; then - warn "The directory '${APACHE_BASE_DIR}/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#using-custom-ssl-certificates" - warn "Restoring certificates at '${APACHE_BASE_DIR}/certs' to '${APACHE_CONF_DIR}/bitnami/certs'" - rm -rf "${APACHE_CONF_DIR}/bitnami/certs" - ln -sf "${APACHE_BASE_DIR}/certs" "${APACHE_CONF_DIR}/bitnami/certs" -elif ! is_dir_empty "/certs"; then - info "Mounting certificates files from '/certs'" - rm -rf "${APACHE_CONF_DIR}/bitnami/certs" - ln -sf "/certs" "${APACHE_CONF_DIR}/bitnami/certs" -fi - -# Mount application files -if ! is_dir_empty "/app"; then - info "Mounting application files from '/app'" - rm -rf "$APACHE_HTDOCS_DIR" - ln -sf "/app" "$APACHE_HTDOCS_DIR" -fi - -# Restore persisted configuration files (deprecated) -if ! is_dir_empty "/bitnami/apache/conf"; then - warn "The directory '/bitnami/apache/conf' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '${APACHE_CONF_DIR}' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#full-configuration" - warn "Restoring configuration at '/bitnami/apache/conf' to '${APACHE_CONF_DIR}'" - rm -rf "$APACHE_CONF_DIR" - ln -sf "/bitnami/apache/conf" "$APACHE_CONF_DIR" -fi - -# Update ports in configuration -[[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && info "Configuring the HTTP port" && apache_configure_http_port "$APACHE_HTTP_PORT_NUMBER" -[[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && info "Configuring the HTTPS port" && apache_configure_https_port "$APACHE_HTTPS_PORT_NUMBER" - -# Configure ServerTokens with user values -[[ -n "$APACHE_SERVER_TOKENS" ]] && info "Configuring Apache ServerTokens directive" && apache_configure_server_tokens "$APACHE_SERVER_TOKENS" - -# Fix logging issue when running as root -! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh deleted file mode 100755 index b47c8aacba892..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -error_code=0 - -if is_apache_not_running; then - "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" - if ! retry_while "is_apache_running"; then - error "apache did not start" - error_code=1 - else - info "apache started" - fi -else - info "apache is already running" -fi - -exit "$error_code" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh deleted file mode 100755 index db8c132c0e826..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -if is_apache_running; then - info "apache is already running" -else - info "apache is not running" -fi diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh deleted file mode 100755 index adc6613b0a9e1..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -error_code=0 - -if is_apache_running; then - BITNAMI_QUIET=1 apache_stop - if ! retry_while "is_apache_not_running"; then - error "apache could not be stopped" - error_code=1 - else - info "apache stopped" - fi -else - info "apache is not running" -fi - -exit "$error_code" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libapache.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libapache.sh deleted file mode 100644 index d6eb686df3f6f..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libapache.sh +++ /dev/null @@ -1,808 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Apache library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -######################## -# Validate settings in APACHE_* env vars -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_validate() { - debug "Validating settings in APACHE_* environment variables" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - check_allowed_port() { - local port_var="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("${!port_var}") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - [[ -w "$APACHE_CONF_FILE" ]] || warn "The Apache configuration file '${APACHE_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied." - - if [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]]; then - if [[ "$APACHE_HTTP_PORT_NUMBER" -eq "$APACHE_HTTPS_PORT_NUMBER" ]]; then - print_validation_error "APACHE_HTTP_PORT_NUMBER and APACHE_HTTPS_PORT_NUMBER are bound to the same port!" - fi - fi - - [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTP_PORT_NUMBER - [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTPS_PORT_NUMBER - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Configure Apache's HTTP port -# Globals: -# APACHE_CONF_FILE, APACHE_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -apache_configure_http_port() { - local -r port=${1:?missing port} - local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" - local -r server_name_exp="s|^\s*#?\s*ServerName\s+([^:\s]+)(:[0-9]+)?$|ServerName \1:${port}|" - local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_FILE}" - apache_configuration="$(sed -E -e "$listen_exp" -e "$server_name_exp" "$APACHE_CONF_FILE")" - echo "$apache_configuration" > "$APACHE_CONF_FILE" - fi - - if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami.conf" - apache_configuration="$(sed -E "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami.conf")" - echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" - fi - - if [[ -w "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_VHOSTS_DIR}/00_status-vhost.conf" - apache_configuration="$(sed -E "$vhost_exp" "${APACHE_VHOSTS_DIR}/00_status-vhost.conf")" - echo "$apache_configuration" > "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" - fi -} - -######################## -# Configure Apache's HTTPS port -# Globals: -# APACHE_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -apache_configure_https_port() { - local -r port=${1:?missing port} - local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" - local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" - local apache_configuration - - if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - apache_configuration="$(sed -E -e "$listen_exp" -e "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf")" - echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - fi -} - -######################## -# Configure Apache's ServerTokens directive -# Globals: -# APACHE_CONF_DIR -# Arguments: -# $1 - Value for ServerTokens directive -# Returns: -# None -######################### -apache_configure_server_tokens() { - local -r value=${1:?missing value} - local -r server_tokens_exp="s|^\s*ServerTokens\s+\w+\s*$|ServerTokens ${value}|" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Configuring ServerTokens ${value} on file ${APACHE_CONF_FILE}" - apache_configuration="$(sed -E -e "$server_tokens_exp" "$APACHE_CONF_FILE")" - echo "$apache_configuration" > "$APACHE_CONF_FILE" - fi -} - -######################## -# Enable a module in the Apache configuration file -# Globals: -# APACHE_CONF_FILE -# Arguments: -# $1 - Module to enable -# $2 - Path to module .so file (optional if already defined in httpd.conf) -# Returns: -# None -######################### -apache_enable_module() { - local -r name="${1:?missing name}" - local -r file="${2:-}" - local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Enabling module '${name}'" - if grep -q -E "$regex" "$APACHE_CONF_FILE"; then - # Uncomment line if the module was already defined - replace_in_file "$APACHE_CONF_FILE" "$regex" "\1" - elif [[ -n "$file" ]]; then - # Add right after the last LoadModule, so all Apache modules are organized in the same section of the file - append_file_after_last_match "$APACHE_CONF_FILE" "^[#\s]*LoadModule" "LoadModule ${name} ${file}" - else - error "Module ${name} was not defined in ${APACHE_CONF_FILE}. Please specify the 'file' parameter for 'apache_enable_module'." - fi - fi -} - -######################## -# Disable a module in the Apache configuration file -# Globals: -# APACHE_CONF_FILE -# Arguments: -# $1 - Module to disable -# Returns: -# None -######################### -apache_disable_module() { - local -r name="${1:?missing name}" - local -r file="${2:-}" - local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Disabling module '${name}'" - replace_in_file "$APACHE_CONF_FILE" "$regex" "#\1" - fi -} - -######################## -# Stop Apache -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_stop() { - is_apache_not_running && return - stop_service_using_pid "$APACHE_PID_FILE" -} - -######################## -# Check if Apache is running -# Globals: -# APACHE_PID_FILE -# Arguments: -# None -# Returns: -# Whether Apache is running -######################## -is_apache_running() { - local pid - pid="$(get_pid_from_file "$APACHE_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Apache is running -# Globals: -# APACHE_PID_FILE -# Arguments: -# None -# Returns: -# Whether Apache is not running -######################## -is_apache_not_running() { - ! is_apache_running -} - -######################## -# Ensure configuration gets added to the main Apache configuration file -# Globals: -# APACHE_* -# Arguments: -# $1 - configuration string -# $2 - pattern to use for checking if the configuration already exists (default: $1) -# $3 - Apache configuration file (default: $APACHE_CONF_FILE) -# Returns: -# None -######################## -ensure_apache_configuration_exists() { - local -r conf="${1:?conf missing}" - local -r pattern="${2:-"$conf"}" - local -r conf_file="${3:-"$APACHE_CONF_FILE"}" - # Enable configuration by appending to httpd.conf - if ! grep -E -q "$pattern" "$conf_file"; then - if is_file_writable "$conf_file"; then - cat >> "$conf_file" <<< "$conf" - else - error "Could not add the following configuration to '${conf_file}:" - error "" - error "$(indent "$conf" 4)" - error "" - error "Include the configuration manually and try again." - return 1 - fi - fi -} - -######################## -# Collect all the .htaccess files from /opt/bitnami/$name and write the result in the 'htaccess' directory -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# $2 - Overwrite the original .htaccess with the explanation text (defaults to 'yes') -# Flags: -# --document-root - Path to document root directory -# Returns: -# None -######################## -apache_replace_htaccess_files() { - local -r app="${1:?missing app}" - local -r result_file="${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" - # Default options - local document_root="${BITNAMI_ROOT_DIR}/${app}" - local overwrite="yes" - local -a htaccess_files - local htaccess_dir - local htaccess_contents - # Validate arguments - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --document-root) - shift - document_root="$1" - ;; - --overwrite) - shift - overwrite="$1" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - if is_file_writable "$result_file"; then - # Locate all .htaccess files inside the document root - read -r -a htaccess_files <<< "$(find "$document_root" -name .htaccess -print0 | xargs -0)" - [[ "${#htaccess_files[@]}" = 0 ]] && return - # Create file with root group write privileges, so it can be modified in non-root containers - [[ ! -f "$result_file" ]] && touch "$result_file" && chmod g+rw "$result_file" - for htaccess_file in "${htaccess_files[@]}"; do - htaccess_dir="$(dirname "$htaccess_file")" - htaccess_contents="$(indent "$(< "$htaccess_file")" 2)" - # Skip if it was already included to the resulting htaccess file - if grep -q "^" <<< "$htaccess_contents"; then - continue - fi - # Add to the htaccess file - cat >> "$result_file" < -${htaccess_contents} - -EOF - # Overwrite the original .htaccess with the explanation text - if is_boolean_yes "$overwrite"; then - echo "# This configuration has been moved to the ${result_file} config file for performance and security reasons" > "$htaccess_file" - fi - done - elif [[ ! -f "$result_file" ]]; then - error "Could not create htaccess for ${app} at '${result_file}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} htaccess file '${result_file}' is not writable. Configurations based on environment variables will not be applied for this file." - return - fi -} - -######################## -# Ensure an Apache application configuration exists (in virtual host format) -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases (defaults to '*') -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render the app's virtual hosts with a .disabled prefix -# --disable-http - Whether to render the app's HTTP virtual host with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS virtual host with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# --additional-configuration - Additional vhost configuration (no default) -# --additional-http-configuration - Additional HTTP vhost configuration (no default) -# --additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --before-vhost-configuration - Configuration to add before the directive (no default) -# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --document-root - Path to document root directory -# --extra-directory-configuration - Extra configuration for the document root directory -# --proxy-address - Address where to proxy requests -# --proxy-configuration - Extra configuration for the proxy -# --proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_apache_app_configuration_exists() { - local -r app="${1:?missing app}" - # Default options - local type="" - local -a hosts=("127.0.0.1" "_default_") - local server_name="www.example.com" # Default ServerName in httpd.conf - local -a server_aliases=("*") - local allow_remote_connections="yes" - local disable="no" - local disable_http="no" - local disable_https="no" - local move_htaccess="yes" - # Template variables defaults - export additional_configuration="" - export additional_http_configuration="" - export additional_https_configuration="" - export before_vhost_configuration="" - export allow_override="All" - export document_root="${BITNAMI_ROOT_DIR}/${app}" - export extra_directory_configuration="" - export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" - export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" - export http_port="$default_http_port" - export https_port="$default_https_port" - export proxy_address="" - export proxy_configuration="" - export proxy_http_configuration="" - export proxy_https_configuration="" - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --hosts \ - | --server-aliases) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - read -r -a "${var_name?}" <<< "$1" - ;; - --disable \ - | --disable-http \ - | --disable-https \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - export "${var_name}=yes" - ;; - --type \ - | --server-name \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --move-htaccess \ - | --additional-configuration \ - | --additional-http-configuration \ - | --additional-https-configuration \ - | --before-vhost-configuration \ - | --allow-override \ - | --document-root \ - | --extra-directory-configuration \ - | --proxy-address \ - | --proxy-configuration \ - | --proxy-http-configuration \ - | --proxy-https-configuration \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - export "${var_name}=${1}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Construct listen ports configuration (only to add when using non-standard ports) - export http_listen_configuration="" - export https_listen_configuration="" - [[ "$http_port" != "$default_http_port" ]] && http_listen_configuration="Listen ${http_port}" - [[ "$https_port" != "$default_https_port" ]] && https_listen_configuration="Listen ${https_port}" - # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" - export http_listen_addresses="" - export https_listen_addresses="" - for host in "${hosts[@]}"; do - http_listen="${host}:${http_port}" - https_listen="${host}:${https_port}" - [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" - [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" - done - # Construct ServerName/ServerAlias block - export server_name_configuration="" - if ! is_empty_value "${server_name:-}"; then - server_name_configuration="ServerName ${server_name}" - fi - if [[ "${#server_aliases[@]}" -gt 0 ]]; then - server_name_configuration+=$'\n'"ServerAlias ${server_aliases[*]}" - fi - # App .htaccess support (only when type is not defined) - export htaccess_include - [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" - if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then - allow_override="None" - htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" - else - # allow_override is already set to the expected value - htaccess_include="" - fi - # ACL configuration - export acl_configuration - if is_boolean_yes "$allow_remote_connections"; then - acl_configuration="Require all granted" - else - acl_configuration="$(cat < "$http_vhost" - elif [[ ! -f "$http_vhost" ]]; then - error "Could not create virtual host for ${app} at '${http_vhost}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - if is_file_writable "$https_vhost"; then - # Create file with root group write privileges, so it can be modified in non-root containers - [[ ! -f "$https_vhost" ]] && touch "$https_vhost" && chmod g+rw "$https_vhost" - render-template "${template_dir}/${template_name}-https-vhost.conf.tpl" | sed '/^\s*$/d' > "$https_vhost" - elif [[ ! -f "$https_vhost" ]]; then - error "Could not create virtual host for ${app} at '${https_vhost}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi -} - -######################## -# Ensure an Apache application configuration does not exist anymore (in virtual hosts format) -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_apache_app_configuration_not_exists() { - local -r app="${1:?missing app}" - local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" - local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" - local -r disable_suffix=".disabled" - # Note that 'rm -f' will not fail if the files don't exist - # However if we lack permissions to remove the file, it will result in a non-zero exit code, as expected by this function - rm -f "$http_vhost" "$https_vhost" "${http_vhost}${disable_suffix}" "${https_vhost}${disable_suffix}" -} - -######################## -# Ensure Apache loads the configuration for an application in a URL prefix -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --additional-configuration - Additional vhost configuration (no default) -# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --document-root - Path to document root directory -# --extra-directory-configuration - Extra configuration for the document root directory -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_apache_prefix_configuration_exists() { - local -r app="${1:?missing app}" - # Default options - local type="" - local allow_remote_connections="yes" - local move_htaccess="yes" - local prefix="/${app}" - # Template variables defaults - export additional_configuration="" - export allow_override="All" - export document_root="${BITNAMI_ROOT_DIR}/${app}" - export extra_directory_configuration="" - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --type \ - | --allow-remote-connections \ - | --move-htaccess \ - | --prefix \ - | --additional-configuration \ - | --allow-override \ - | --document-root \ - | --extra-directory-configuration \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "${var_name}=${1}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # App .htaccess support (only when type is not defined) - export htaccess_include - [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" - if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then - allow_override="None" - htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" - else - # allow_override is already set to the expected value - htaccess_include="" - fi - # ACL configuration - export acl_configuration - if is_boolean_yes "$allow_remote_connections"; then - acl_configuration="Require all granted" - else - acl_configuration="$(cat < "$prefix_file" - ensure_apache_configuration_exists "Include \"$prefix_file\"" - elif [[ ! -f "$prefix_file" ]]; then - error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} web server configuration file '${prefix_file}' is not writable. Configurations based on environment variables will not be applied for this file." - fi -} - -######################## -# Ensure Apache application configuration is updated with the runtime configuration (i.e. ports) -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -apache_update_app_configuration() { - local -r app="${1:?missing app}" - # Default options - local -a hosts=("127.0.0.1" "_default_") - local server_name="www.example.com" # Default ServerName in httpd.conf - local -a server_aliases=() - local enable_http="no" - local enable_https="no" - local disable_http="no" - local disable_https="no" - export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" - export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" - export http_port="$default_http_port" - export https_port="$default_https_port" - local var_name - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --hosts \ - | --server-aliases) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - read -r -a "${var_name?}" <<< "$1" - ;; - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - declare "${var_name}=yes" - ;; - --server-name \ - | --http-port \ - | --https-port \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "${var_name}=${1}" - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" - export http_listen_addresses="" - export https_listen_addresses="" - for host in "${hosts[@]}"; do - http_listen="${host}:${http_port}" - https_listen="${host}:${https_port}" - [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" - [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" - done - # Update configuration - local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" - local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" - local -r disable_suffix=".disabled" - # Helper function to avoid duplicating code - update_common_vhost_config() { - local -r vhost_file="${1:?missing virtual host}" - # Update ServerName - if ! is_empty_value "${server_name:-}"; then - replace_in_file "$vhost_file" "^(\s*ServerName\s+).*" "\1${server_name}" - fi - # Update ServerAlias - if [[ "${#server_aliases[@]}" -gt 0 ]]; then - replace_in_file "$vhost_file" "^(\s*ServerAlias\s+).*" "\1${server_aliases[*]}" - fi - } - # Disable and enable configuration files - rename_conf_file() { - local -r origin="$1" - local -r destination="$2" - if is_file_writable "$origin" && is_file_writable "$destination"; then - warn "Could not rename virtual host file '${origin}' to '${destination}' due to lack of permissions." - else - mv "$origin" "$destination" - fi - } - is_boolean_yes "$disable_http" && [[ -e "$http_vhost" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" - is_boolean_yes "$disable_https" && [[ -e "$https_vhost" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" - is_boolean_yes "$enable_http" && [[ -e "${http_vhost}${disable_suffix}" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" - is_boolean_yes "$enable_https" && [[ -e "${https_vhost}${disable_suffix}" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" - # Update only configuration files without the '.disabled' suffix - if [[ -e "$http_vhost" ]]; then - if is_file_writable "$http_vhost"; then - update_common_vhost_config "$http_vhost" - # Update vhost-specific config (listen port and addresses) - replace_in_file "$http_vhost" "^Listen .*" "Listen ${http_port}" - replace_in_file "$http_vhost" "^$" "" - else - warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - fi - if [[ -e "$https_vhost" ]]; then - if is_file_writable "$https_vhost"; then - update_common_vhost_config "$https_vhost" - # Update vhost-specific config (listen port and addresses) - replace_in_file "$https_vhost" "^Listen .*" "Listen ${https_port}" - replace_in_file "$https_vhost" "^$" "" - else - warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - fi -} - -######################## -# Create a password file for basic authentication and restrict its permissions -# Globals: -# * -# Arguments: -# $1 - file -# $2 - username -# $3 - password -# Returns: -# true if the configuration was updated, false otherwise -######################## -apache_create_password_file() { - local -r file="${1:?missing file}" - local -r username="${2:?missing username}" - local -r password="${3:?missing password}" - - "${APACHE_BIN_DIR}/htpasswd" -bc "$file" "$username" "$password" - am_i_root && configure_permissions_ownership "$file" --file-mode "600" --user "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" -} diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libmagento.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libmagento.sh deleted file mode 100644 index 7a35e9204253a..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libmagento.sh +++ /dev/null @@ -1,516 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Magento library - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libnet.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libpersistence.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load database library -if [[ -f /opt/bitnami/scripts/libmysqlclient.sh ]]; then - . /opt/bitnami/scripts/libmysqlclient.sh -elif [[ -f /opt/bitnami/scripts/libmysql.sh ]]; then - . /opt/bitnami/scripts/libmysql.sh -elif [[ -f /opt/bitnami/scripts/libmariadb.sh ]]; then - . /opt/bitnami/scripts/libmariadb.sh -fi - -######################## -# Validate settings in MAGENTO_* env vars -# Globals: -# MAGENTO_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -magento_validate() { - debug "Validating settings in MAGENTO_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_empty_value() { - if is_empty_value "${!1}"; then - print_validation_error "${1} must be set" - fi - } - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - check_resolved_hostname() { - if ! is_hostname_resolved "$1"; then - warn "Hostname ${1} could not be resolved, this could lead to connection issues" - fi - } - check_mounted_file() { - if [[ -n "${!1:-}" ]] && ! [[ -f "${!1:-}" ]]; then - print_validation_error "${1} is defined but the file ${!1} is not accessible or does not exist" - fi - } - - # Validate user inputs - check_empty_value "MAGENTO_HOST" - check_empty_value "MAGENTO_PASSWORD" - # See: https://devdocs.magento.com/guides/v2.4/config-guide/bootstrap/magento-modes.html - check_multi_value "MAGENTO_MODE" "default developer production" - check_yes_no_value "MAGENTO_ENABLE_HTTPS" - check_yes_no_value "MAGENTO_ENABLE_ADMIN_HTTPS" - check_yes_no_value "MAGENTO_SKIP_REINDEX" - check_yes_no_value "MAGENTO_SKIP_BOOTSTRAP" - - # HTTP cache server configuration validations - check_yes_no_value "MAGENTO_ENABLE_HTTP_CACHE" - if is_boolean_yes "$MAGENTO_ENABLE_HTTP_CACHE"; then - check_empty_value "MAGENTO_HTTP_CACHE_BACKEND_HOST" - check_empty_value "MAGENTO_HTTP_CACHE_BACKEND_PORT_NUMBER" - check_empty_value "MAGENTO_HTTP_CACHE_SERVER_HOST" - check_empty_value "MAGENTO_HTTP_CACHE_SERVER_PORT_NUMBER" - fi - - # Database configuration validations - check_resolved_hostname "$MAGENTO_DATABASE_HOST" - validate_port "$MAGENTO_DATABASE_PORT_NUMBER" - check_yes_no_value "MAGENTO_ENABLE_DATABASE_SSL" - if is_boolean_yes "$MAGENTO_ENABLE_DATABASE_SSL"; then - check_yes_no_value "MAGENTO_VERIFY_DATABASE_SSL" - check_mounted_file "MAGENTO_DATABASE_SSL_CERT_FILE" - check_mounted_file "MAGENTO_DATABASE_SSL_KEY_FILE" - check_mounted_file "MAGENTO_DATABASE_SSL_CA_FILE" - fi - - # Search engine configuration validations - check_multi_value "MAGENTO_SEARCH_ENGINE" "elasticsearch5 elasticsearch6 elasticsearch7" - if [[ "$MAGENTO_SEARCH_ENGINE" =~ ^elasticsearch ]]; then - check_resolved_hostname "$MAGENTO_ELASTICSEARCH_HOST" - validate_port "$MAGENTO_ELASTICSEARCH_PORT_NUMBER" - check_yes_no_value "MAGENTO_ELASTICSEARCH_ENABLE_AUTH" - if is_boolean_yes "$MAGENTO_ELASTICSEARCH_ENABLE_AUTH"; then - check_empty_value "MAGENTO_ELASTICSEARCH_USER" - check_empty_value "MAGENTO_ELASTICSEARCH_PASSWORD" - fi - fi - - # Validate credentials - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - else - for empty_env_var in "MAGENTO_DATABASE_PASSWORD" "MAGENTO_PASSWORD"; do - is_empty_value "${!empty_env_var}" && print_validation_error "The ${empty_env_var} environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow a blank password. This is only recommended for development environments." - done - fi - - # Check that the web server is properly set up - web_server_validate || print_validation_error "Web server validation failed" - - return "$error_code" -} - -######################## -# Ensure Magento is initialized -# Globals: -# MAGENTO_* -# Arguments: -# None -# Returns: -# None -######################### -magento_initialize() { - # Check if Magento has already been initialized and persisted in a previous run - local db_host db_port db_name db_user db_pass - local es_host es_port es_user es_pass - local -r app_name="magento" - if ! is_app_initialized "$app_name"; then - # Parse user inputs for the Magento CLI calls below - db_host="$MAGENTO_DATABASE_HOST" - db_port="$MAGENTO_DATABASE_PORT_NUMBER" - db_name="$MAGENTO_DATABASE_NAME" - db_user="$MAGENTO_DATABASE_USER" - db_pass="$MAGENTO_DATABASE_PASSWORD" - # CLI flags to use for 'setup:config:create' (to create config files but not modify the database) - local -a magento_setup_cli_flags=( - "--no-interaction" - "--backend-frontname" "$MAGENTO_ADMIN_URL_PREFIX" - "--db-host" "${db_host}:${db_port}" - "--db-name" "$db_name" - "--db-user" "$db_user" - "--db-password" "$db_pass" - ) - # Extra flags for when enabling SSL database connections - if is_boolean_yes "$MAGENTO_ENABLE_DATABASE_SSL"; then - info "Enabling SSL for database connections" - is_boolean_yes "$MAGENTO_VERIFY_DATABASE_SSL" && magento_setup_cli_flags+=("--db-ssl-verify") - ! is_empty_value "$MAGENTO_DATABASE_SSL_CERT_FILE" && magento_setup_cli_flags+=("--db-ssl-cert" "$MAGENTO_DATABASE_SSL_CERT_FILE") - ! is_empty_value "$MAGENTO_DATABASE_SSL_KEY_FILE" && magento_setup_cli_flags+=("--db-ssl-key" "$MAGENTO_DATABASE_SSL_KEY_FILE") - ! is_empty_value "$MAGENTO_DATABASE_SSL_CA_FILE" && magento_setup_cli_flags+=("--db-ssl-ca" "$MAGENTO_DATABASE_SSL_CA_FILE") - fi - # Set cache server (i.e. Varnish) configuration to Magento's 'env.php' configuration file - if is_boolean_yes "$MAGENTO_ENABLE_HTTP_CACHE"; then - info "Enabling HTTP cache server" - magento_setup_cli_flags+=("--http-cache-hosts" "${MAGENTO_HTTP_CACHE_SERVER_HOST}:${MAGENTO_HTTP_CACHE_SERVER_PORT_NUMBER}") - fi - # CLI flags to use for 'setup:install' (based on the flags to use for 'setup:config:create') - local -a magento_install_cli_flags=( - "${magento_setup_cli_flags[@]}" - "--search-engine" "$MAGENTO_SEARCH_ENGINE" - "--admin-firstname" "$MAGENTO_FIRST_NAME" - "--admin-lastname" "$MAGENTO_LAST_NAME" - "--admin-email" "$MAGENTO_EMAIL" - "--admin-user" "$MAGENTO_USERNAME" - "--admin-password" "$MAGENTO_PASSWORD" - ) - # Search engine configuration - if [[ "$MAGENTO_SEARCH_ENGINE" =~ ^elasticsearch ]]; then - es_host="$MAGENTO_ELASTICSEARCH_HOST" - es_port="$MAGENTO_ELASTICSEARCH_PORT_NUMBER" - es_user="$MAGENTO_ELASTICSEARCH_USER" - es_pass="$MAGENTO_ELASTICSEARCH_PASSWORD" - # Define whether Elasticsearch auth is enabled - local es_auth="0" - is_boolean_yes "$MAGENTO_ELASTICSEARCH_ENABLE_AUTH" && es_auth="1" - # Elasticsearch configuration is stored in the database, so we only need to specify for 'setup:install' - if is_boolean_yes "$MAGENTO_ELASTICSEARCH_USE_HTTPS"; then - magento_install_cli_flags+=( - "--elasticsearch-host" "https://$es_host" - ) - else - magento_install_cli_flags+=( - "--elasticsearch-host" "$es_host" - ) - fi - magento_install_cli_flags+=( - "--elasticsearch-port" "$es_port" - "--elasticsearch-enable-auth" "$es_auth" - "--elasticsearch-username" "$es_user" - "--elasticsearch-password" "$es_pass" - ) - fi - # Allow to specify extra CLI flags, but ensure they are added last - local -a magento_extra_cli_flags - read -r -a magento_extra_cli_flags <<< "$MAGENTO_EXTRA_INSTALL_ARGS" - if [[ "${#magento_extra_cli_flags[@]}" -gt 0 ]]; then - magento_setup_cli_flags+=("${magento_extra_cli_flags[@]}") - magento_install_cli_flags+=("${magento_extra_cli_flags[@]}") - fi - - # Ensure Magento persisted directories exist (i.e. when a volume has been mounted to /bitnami) - info "Ensuring Magento directories exist" - ensure_dir_exists "$MAGENTO_VOLUME_DIR" - # Use daemon:root ownership for compatibility when running as a non-root user - if am_i_root; then - info "Configuring permissions" - configure_permissions_ownership "$MAGENTO_VOLUME_DIR" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" - fi - - # Wait until external services are available - info "Trying to connect to the database server" - magento_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - if [[ "$MAGENTO_SEARCH_ENGINE" =~ ^elasticsearch ]]; then - info "Trying to connect to Elasticsearch" - magento_wait_for_es_connection "$es_host" "$es_port" - fi - - if ! is_boolean_yes "$MAGENTO_SKIP_BOOTSTRAP"; then - info "Running Magento install script" - magento_execute setup:install "${magento_install_cli_flags[@]}" - - # Define whether the site must be accessed via HTTP or HTTPS - # If the site must be accessed via HTTPS, we will force the admin panel to be accessed via HTTPS too - local use_secure="0" - is_boolean_yes "$MAGENTO_ENABLE_HTTPS" && use_secure="1" - local use_secure_admin="0" - ( is_boolean_yes "$MAGENTO_ENABLE_HTTPS" || is_boolean_yes "$MAGENTO_ENABLE_ADMIN_HTTPS" ) && use_secure_admin="1" - - # Set additional store configuration in the database - # These options were previously added via 'magento setup:install', but that is now deprecated - # See: https://devdocs.magento.com/guides/v2.4/config-guide/prod/config-reference-most.html#web-paths - # Enable/disable HTTPS in frontend and admin panel, respectively - magento_conf_set "web/secure/use_in_frontend" "$use_secure" - magento_conf_set "web/secure/use_in_adminhtml" "$use_secure_admin" - # Set domain name - magento_update_hostname "$MAGENTO_HOST" - # Enable friendly URLs - magento_conf_set "web/seo/use_rewrites" 1 - # Enable HTTP cache: https://devdocs.magento.com/guides/v2.4/config-guide/varnish/config-varnish-magento.html - if is_boolean_yes "$MAGENTO_ENABLE_HTTP_CACHE"; then - # Set Varnish as cache server (1: built-in, 2: Varnish) - # See: vendor/magento/module-page-cache/model/Config.php -> "Cache types" comment - magento_conf_set "system/full_page_cache/caching_application" 2 - # Specify backend host/port for Varnish config file generation via Admin panel - magento_conf_set "system/full_page_cache/varnish/backend_host" "$MAGENTO_HTTP_CACHE_BACKEND_HOST" - magento_conf_set "system/full_page_cache/varnish/backend_port" "$MAGENTO_HTTP_CACHE_BACKEND_PORT_NUMBER" - fi - else - info "An already initialized Magento database was provided, configuration will be skipped" - - info "Generating configuration files" - # First generate the 'env.php' configuration file - # It is essential to add the 'installed' setting, or none of the below calls would work - # Note: The file will be prettified/regenerated after running the commands - magento_execute setup:config:set "${magento_setup_cli_flags[@]}" - replace_in_file "$MAGENTO_CONF_FILE" '\];' ",'install' => ['date' => '$(date -u)']];" - # The below steps are usually handled by the installation script, which is not executed in this case - # Enable all modules to generate the 'config.php' file - magento_execute module:enable --all - # Enable all cache types in 'env.php' (none are enabled via 'setup:config:set') - magento_execute cache:enable - - # Finally, after the Magento is properly installed on disk, perform database schema upgrade - info "Upgrading database schema" - magento_execute setup:upgrade - fi - - # The below steps are common for both normal installations and installations with 'MAGENTO_SKIP_BOOTSTRAP', - # since they rely on modifying files generated during initialization - - # Disable 2FA module by default as it prevents access to admin panel after the first login - # Setup would be hard as it would require to configure Sendmail (SMTP not supported) and authorization keys - # 'You need to configure Two-Factor Authorization in order to proceed to your store's admin area' - # 'An E-mail was sent to you with further instructions' - magento_execute module:disable "Magento_AdminAdobeImsTwoFactorAuth" - magento_execute module:disable "Magento_TwoFactorAuth" - - # Set the Magento mode in 'env.php' - # See: https://devdocs.magento.com/guides/v2.4/config-guide/bootstrap/magento-modes.html - magento_execute deploy:mode:set "$MAGENTO_MODE" - - # Create initial indexes (this is not performed by the setup script) - if is_boolean_yes "$MAGENTO_SKIP_REINDEX"; then - info "Skipping reindex" - else - info "Reindexing" - magento_execute indexer:reindex - fi - - # Flush cache after changing configuration and reindexing, to avoid warnings in admin panel - info "Flushing cache" - magento_execute cache:flush - - # Magento 'default' and 'developer' modes build required assets on demand - # However, due to the huge amount of those, the first-time page load is huge, so we build them beforehand - if is_boolean_yes "$MAGENTO_DEPLOY_STATIC_CONTENT" && [[ "$MAGENTO_MODE" != "production" ]]; then - info "Deploying static files" - magento_execute setup:static-content:deploy -f - fi - - # Configure PHP options provided via envvars in .user.ini (which overrides configuration in php.ini) - for user_ini_file in "${MAGENTO_BASE_DIR}/.user.ini" "${MAGENTO_BASE_DIR}/pub/.user.ini"; do - am_i_root && configure_permissions_ownership "$user_ini_file" -f "660" - php_set_runtime_config "$user_ini_file" - # Ensure that the .user.ini files cannot be written to by the web server user - # This file allows for PHP-FPM to set application-specific PHP settings, and could be a security risk if left writable - am_i_root && configure_permissions_ownership "$user_ini_file" -f "440" - done - - info "Persisting Magento installation" - persist_app "$app_name" "$MAGENTO_DATA_TO_PERSIST" - else - info "Restoring persisted Magento installation" - restore_persisted_app "$app_name" "$MAGENTO_DATA_TO_PERSIST" - - # Compatibility with previous container images - if [[ "$(ls "$MAGENTO_VOLUME_DIR")" = "htdocs" ]]; then - warn "The persisted data for this Magento installation is located at '${MAGENTO_VOLUME_DIR}/htdocs' instead of '${MAGENTO_VOLUME_DIR}'" - warn "This is deprecated and support for this may be removed in a future release" - rm "$MAGENTO_BASE_DIR" - ln -s "${MAGENTO_VOLUME_DIR}/htdocs" "$MAGENTO_BASE_DIR" - fi - - info "Trying to connect to the database server" - db_name="$(magento_conf_get "db" "connection" "default" "dbname")" - db_user="$(magento_conf_get "db" "connection" "default" "username")" - db_pass="$(magento_conf_get "db" "connection" "default" "password")" - # Separate 'host:port' with native Bash split functions (fallback to default port number if not specified) - db_host_port="$(magento_conf_get "db" "connection" "default" "host")" - db_host="${db_host_port%:*}" - if [[ "$db_host_port" =~ :[0-9]+$ ]]; then - # Use '##' to extract only the part after the last colon, to avoid any possible issues with IPv6 addresses - db_port="${db_host_port##*:}" - else - db_port="$MAGENTO_DATABASE_PORT_NUMBER" - fi - magento_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - - if [[ "$MAGENTO_SEARCH_ENGINE" =~ ^elasticsearch ]]; then - es_host="$MAGENTO_ELASTICSEARCH_HOST" - es_port="$MAGENTO_ELASTICSEARCH_PORT_NUMBER" - info "Trying to connect to Elasticsearch" - magento_wait_for_es_connection "$es_host" "$es_port" - fi - - # Perform database schema upgrade - if ! is_boolean_yes "$MAGENTO_KEEP_STATIC" && [[ "$MAGENTO_MODE" != "production" ]]; then - info "Upgrading database schema" - magento_execute setup:upgrade - else - magento_execute setup:upgrade --keep-generated - fi - fi - - # Magento includes a command for setting up the cron jobs via the 'cron:install' command - # However, cron entries for the 'daemon' user are disabled in some Bitnami images for security purposes (via /etc/cron.deny) - # Therefore we have to generate the entry manually (NOTE: the resulting command is equivalent) - local -a cron_cmd=( - # Use an array for easy concatenation of strings - "${PHP_BIN_DIR}/php ${MAGENTO_BIN_DIR}/magento cron:run 2>&1" - "| grep -v \"Ran jobs by schedule\" >> ${MAGENTO_BASE_DIR}/var/log/magento.cron.log" - ) - # Ensure Magento cron jobs are created when running setup with a root user - if am_i_root; then - generate_cron_conf "magento" "${cron_cmd[*]}" --run-as "$WEB_SERVER_DAEMON_USER" --schedule "*/1 * * * *" - else - warn "Skipping cron configuration for Magento because of running as a non-root user" - fi - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Executes the Magento CLI with the specified arguments -# Globals: -# MAGENTO_* -# Arguments: -# $1..$n - Arguments to pass to the CLI call -# Returns: -# None -######################### -magento_execute() { - local -a cmd=("php" "${MAGENTO_BIN_DIR}/magento" "$@") - # Run as web server user to avoid having to change permissions/ownership afterwards - if am_i_root; then - debug_execute run_as_user "$WEB_SERVER_DAEMON_USER" "${cmd[@]}" - else - debug_execute "${cmd[@]}" - fi -} - -######################## -# Add or modify an entry in the Magento configuration file (config.inc.php) -# Globals: -# MAGENTO_* -# Arguments: -# $1 - PHP variable name -# $2 - Value to assign to the PHP variable -# $3 - Whether the value is a literal, or if instead it should be quoted (default: no) -# Returns: -# None -######################### -magento_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - debug "Setting Magento configuration value '${key}' to '${value}'" - magento_execute config:set "$key" "$value" -} - -######################## -# Get an entry from the Magento configuration file (config.inc.php) -# Globals: -# MAGENTO_* -# Arguments: -# $1 - PHP variable name -# Returns: -# None -######################### -magento_conf_get() { - local key="${1:?key missing}" - # Print the key path in a readable format (keeping in mind that the config file simply returns a PHP array) - local key_readable_format - key_readable_format="/$(echo "$*" | sed -E 's/\s+/\//g')" - debug "Getting configuration path '${key_readable_format}' from Magento configuration" - # Construct a PHP array path for the configuration, so each key can be passed as a separate argument - local path="" - for key in "$@"; do - path+="['${key}']" - done - php -r "\$config = require ('${MAGENTO_CONF_FILE}'); print_r(\$config$path);" -} - -######################## -# Wait until the database is accessible with the currently-known credentials -# Globals: -# * -# Arguments: -# $1 - database host -# $2 - database port -# $3 - database name -# $4 - database username -# $5 - database user password (optional) -# Returns: -# true if the database connection succeeded, false otherwise -######################### -magento_wait_for_db_connection() { - local -r db_host="${1:?missing database host}" - local -r db_port="${2:?missing database port}" - local -r db_name="${3:?missing database name}" - local -r db_user="${4:?missing database user}" - local -r db_pass="${5:-}" - check_mysql_connection() { - echo "SELECT 1" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - } - if ! retry_while "check_mysql_connection"; then - error "Could not connect to the database" - return 1 - fi -} - -######################## -# Wait until Elasticsearch is accessible -# Globals: -# * -# Arguments: -# $1 - Elasticsearch host -# $2 - Elasticsearch port -# Returns: -# true if the Elasticsearch connection succeeded, false otherwise -######################### -magento_wait_for_es_connection() { - local -r es_host="${1:?missing database host}" - local -r es_port="${2:?missing database port}" - if ! retry_while "debug_execute wait-for-port --timeout 5 --host ${es_host} ${es_port}"; then - error "Could not connect to Elasticsearch" - return 1 - fi -} - -######################## -# Update Magento hostname -# Globals: -# MAGENTO_* -# Arguments: -# $1 - hostname -# Returns: -# None -######################### -magento_update_hostname() { - local -r hostname="${1:?missing hostname}" - - # Define Magento base URLs (without port if not needed) - local magento_http_base_url="http://${hostname}" - [[ "$MAGENTO_EXTERNAL_HTTP_PORT_NUMBER" != "80" ]] && magento_http_base_url+=":${MAGENTO_EXTERNAL_HTTP_PORT_NUMBER}" - magento_https_base_url="https://${hostname}" - [[ "$MAGENTO_EXTERNAL_HTTPS_PORT_NUMBER" != "443" ]] && magento_https_base_url+=":${MAGENTO_EXTERNAL_HTTPS_PORT_NUMBER}" - - # Magento requires the trailing slash ('/') to be added, or it will fail with 'Invalid Base URL. Value must be a URL or (...)' - magento_conf_set "web/secure/base_url" "${magento_https_base_url}/" - magento_conf_set "web/unsecure/base_url" "${magento_http_base_url}/" -} diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh deleted file mode 100644 index 39569da01dc3d..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh +++ /dev/null @@ -1,1094 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL Client library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh - -######################## -# Validate settings in MYSQL_CLIENT_* environment variables -# Globals: -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_validate() { - info "Validating settings in MYSQL_CLIENT_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - - # Only validate environment variables if any action needs to be performed - check_yes_no_value "MYSQL_CLIENT_ENABLE_SSL_WRAPPER" - check_multi_value "MYSQL_CLIENT_FLAVOR" "mariadb mysql" - - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" ]]; then - empty_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" - fi - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && [[ -z "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then - empty_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - if [[ "${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" - fi - if [[ "${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" - fi - fi - return "$error_code" -} - -######################## -# Perform actions to a database -# Globals: -# DB_* -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_initialize() { - # Wrap binary to force the usage of SSL - if is_boolean_yes "$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"; then - mysql_client_wrap_binary_for_ssl - fi - # Wait for the database to be accessible if any action needs to be performed - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - info "Trying to connect to the database server" - check_mysql_connection() { - echo "SELECT 1" | mysql_execute "mysql" "$MYSQL_CLIENT_DATABASE_ROOT_USER" "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" "-h" "$MYSQL_CLIENT_DATABASE_HOST" "-P" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER" - } - if ! retry_while "check_mysql_connection"; then - error "Could not connect to the database server" - return 1 - fi - fi - # Ensure a database user exists in the server - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]]; then - info "Creating database user ${MYSQL_CLIENT_CREATE_DATABASE_USER}" - local -a args=("$MYSQL_CLIENT_CREATE_DATABASE_USER" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD") - [[ -n "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN") - mysql_ensure_optional_user_exists "${args[@]}" - fi - # Ensure a database exists in the server (and that the user has write privileges, if specified) - if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then - info "Creating database ${MYSQL_CLIENT_CREATE_DATABASE_NAME}" - local -a createdb_args=("$MYSQL_CLIENT_CREATE_DATABASE_NAME" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") - [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" ]] && createdb_args+=("--privileges" "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES") - mysql_ensure_optional_database_exists "${createdb_args[@]}" - fi -} - -######################## -# Wrap binary to force the usage of SSL -# Globals: -# DB_* -# MYSQL_CLIENT_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_client_wrap_binary_for_ssl() { - local wrapper_file="${DB_BIN_DIR}/mysql" - # In MySQL Client 10.6, mysql is a link to the mariadb binary - if [[ -f "${DB_BIN_DIR}/mariadb" ]]; then - wrapper_file="${DB_BIN_DIR}/mariadb" - fi - local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql" - local -a ssl_opts=() - read -r -a ssl_opts <<<"$(mysql_client_extra_opts)" - - mv "$wrapper_file" "$wrapped_binary_file" - cat >"$wrapper_file" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libphp.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libphp.sh deleted file mode 100644 index 838cd2b4289fa..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/libphp.sh +++ /dev/null @@ -1,265 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami PHP library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libwebserver.sh - -######################## -# Add or modify an entry in the main PHP configuration file (php.ini) -# Globals: -# PHP_CONF_FILE -# Arguments: -# $1 - Key -# $2 - Value -# $3 - File to modify (default: $PHP_CONF_FILE) -# Returns: -# None -######################### -php_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - local -r file="${3:-"$PHP_CONF_FILE"}" - local pattern="^[; ]*${key}\s*=.*$" - if [[ "$key" = "extension" || "$key" = "zend_extension" ]]; then - # The "extension" property works a bit different for PHP, as there is one per module to be included, meaning it is additive unlike other configurations - # Because of that, we first check if the extension was defined in the file to replace the proper entry - pattern="^[; ]*${key}\s*=\s*[\"]?${value}(\.so)?[\"]?\s*$" - fi - local -r entry="${key} = ${value}" - if is_file_writable "$file"; then - # Not using the ini-file tool since it does not play well with php.ini - if grep -q -E "$pattern" "$file"; then - replace_in_file "$file" "$pattern" "$entry" - else - cat >> "$file" <<< "$entry" - fi - else - warn "The PHP configuration file '${file}' is not writable. The '${key}' option will not be configured." - fi -} - -######################## -# Ensure PHP is initialized -# Globals: -# PHP_* -# Arguments: -# None -# Returns: -# None -######################### -php_initialize() { - # Configure PHP options based on the runtime environment - info "Configuring PHP options" - if ! is_dir_empty "$PHP_DEFAULT_CONF_DIR"; then - # Copy default configuration to php configuration directory - cp -nr "$PHP_DEFAULT_CONF_DIR"/. "$PHP_CONF_DIR" - fi - php_set_runtime_config "$PHP_CONF_FILE" - - - # PHP-FPM configuration - ! is_empty_value "$PHP_FPM_LISTEN_ADDRESS" && info "Setting PHP-FPM listen option" && php_conf_set "listen" "$PHP_FPM_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Set PHP runtime options, based on user-provided environment variables -# Globals: -# PHP_* -# Arguments: -# None -# Returns: -# None -######################### -php_set_runtime_config() { - local -r conf_file="${1:?missing conf file}" - - ! is_empty_value "$PHP_DATE_TIMEZONE" && info "Setting PHP date.timezone option" && php_conf_set date.timezone "$PHP_DATE_TIMEZONE" "$conf_file" - ! is_empty_value "$PHP_ENABLE_OPCACHE" && info "Setting PHP opcache.enable option" && php_conf_set opcache.enable "$PHP_ENABLE_OPCACHE" "$conf_file" - ! is_empty_value "$PHP_EXPOSE_PHP" && info "Setting PHP expose_php option" && php_conf_set expose_php "$PHP_EXPOSE_PHP" "$conf_file" - ! is_empty_value "$PHP_MAX_EXECUTION_TIME" && info "Setting PHP max_execution_time option" && php_conf_set max_execution_time "$PHP_MAX_EXECUTION_TIME" "$conf_file" - ! is_empty_value "$PHP_MAX_INPUT_TIME" && info "Setting PHP max_input_time option" && php_conf_set max_input_time "$PHP_MAX_INPUT_TIME" "$conf_file" - ! is_empty_value "$PHP_MAX_INPUT_VARS" && info "Setting PHP max_input_vars option" && php_conf_set max_input_vars "$PHP_MAX_INPUT_VARS" "$conf_file" - ! is_empty_value "$PHP_MEMORY_LIMIT" && info "Setting PHP memory_limit option" && php_conf_set memory_limit "$PHP_MEMORY_LIMIT" "$conf_file" - ! is_empty_value "$PHP_POST_MAX_SIZE" && info "Setting PHP post_max_size option" && php_conf_set post_max_size "$PHP_POST_MAX_SIZE" "$conf_file" - ! is_empty_value "$PHP_UPLOAD_MAX_FILESIZE" && info "Setting PHP upload_max_filesize option" && php_conf_set upload_max_filesize "$PHP_UPLOAD_MAX_FILESIZE" "$conf_file" - ! is_empty_value "$PHP_OUTPUT_BUFFERING" && info "Setting PHP output_buffering option" && php_conf_set output_buffering "$PHP_OUTPUT_BUFFERING" "$conf_file" - - true -} - -######################## -# Convert a yes/no value to a PHP boolean -# Globals: -# None -# Arguments: -# $1 - yes/no value -# Returns: -# None -######################### -php_convert_to_boolean() { - local -r value="${1:?missing value}" - is_boolean_yes "$value" && echo "true" || echo "false" -} - -######################## -# Execute/run PHP code and print to stdout -# Globals: -# None -# Stdin: -# Code to execute -# Arguments: -# $1..$n - Input arguments to script -# Returns: -# None -######################### -php_execute_print_output() { - local php_cmd - # Obtain the command specified via stdin - php_cmd="$(/dev/null - wait - exit $? -} -trap _forwardTerm TERM - -# Start cron -if am_i_root; then - info "** Starting cron **" - if ! cron_start; then - error "Failed to start cron. Check that it is installed and its configuration is correct." - exit 1 - fi -else - warn "Cron will not be started because of running as a non-root user" -fi - -# Start Apache -if [[ -f "/opt/bitnami/scripts/nginx-php-fpm/run.sh" ]]; then - exec "/opt/bitnami/scripts/nginx-php-fpm/run.sh" -else - exec "/opt/bitnami/scripts/$(web_server_type)/run.sh" -fi diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/magento/setup.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/magento/setup.sh deleted file mode 100755 index 1fb29d73ce5e8..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/magento/setup.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Magento environment -. /opt/bitnami/scripts/magento-env.sh - -# Load MySQL Client environment for 'mysql_remote_execute' (after 'magento-env.sh' so that MODULE is not set to a wrong value) -if [[ -f /opt/bitnami/scripts/mysql-client-env.sh ]]; then - . /opt/bitnami/scripts/mysql-client-env.sh -elif [[ -f /opt/bitnami/scripts/mysql-env.sh ]]; then - . /opt/bitnami/scripts/mysql-env.sh -elif [[ -f /opt/bitnami/scripts/mariadb-env.sh ]]; then - . /opt/bitnami/scripts/mariadb-env.sh -fi - -# Load PHP environment for cron configuration (after 'magento-env.sh' so that MODULE is not set to a wrong value) -. /opt/bitnami/scripts/php-env.sh - -# Load libraries -. /opt/bitnami/scripts/libmagento.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load web server environment and functions (after Magento environment file so MODULE is not set to a wrong value) -. "/opt/bitnami/scripts/$(web_server_type)-env.sh" - -# Ensure Magento environment variables are valid -magento_validate - -# Update web server configuration with runtime environment (needs to happen before the initialization) -web_server_update_app_configuration "magento" - -# Ensure Magento is initialized -magento_initialize diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/magento/updatehost.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/magento/updatehost.sh deleted file mode 100755 index 127175c69235f..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/magento/updatehost.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load Magento environment -. /opt/bitnami/scripts/magento-env.sh - -# Load libraries -. /opt/bitnami/scripts/libmagento.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load web server environment and functions (after Magento environment file so MODULE is not set to a wrong value) -. "/opt/bitnami/scripts/$(web_server_type)-env.sh" - -magento_update_hostname "$@" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php-env.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php-env.sh deleted file mode 100644 index 2e73a0222ec3d..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php-env.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for php - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-php}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -php_env_vars=( - PHP_FPM_LISTEN_ADDRESS - PHP_DATE_TIMEZONE - PHP_ENABLE_OPCACHE - PHP_MAX_EXECUTION_TIME - PHP_MAX_INPUT_TIME - PHP_MAX_INPUT_VARS - PHP_MEMORY_LIMIT - PHP_POST_MAX_SIZE - PHP_UPLOAD_MAX_FILESIZE - PHP_OPCACHE_ENABLED -) -for env_var in "${php_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset php_env_vars - -# Paths -export PHP_BASE_DIR="${BITNAMI_ROOT_DIR}/php" -export PHP_BIN_DIR="${PHP_BASE_DIR}/bin" -export PHP_CONF_DIR="${PHP_BASE_DIR}/etc" -export PHP_DEFAULT_CONF_DIR="${PHP_BASE_DIR}/etc.default" -export PHP_TMP_DIR="${PHP_BASE_DIR}/var/run" -export PHP_CONF_FILE="${PHP_CONF_DIR}/php.ini" - -# PHP default build-time configuration -export PHP_DEFAULT_OPCACHE_INTERNED_STRINGS_BUFFER="16" # only used at build time -export PHP_DEFAULT_OPCACHE_MEMORY_CONSUMPTION="192" # only used at build time -export PHP_DEFAULT_OPCACHE_FILE_CACHE="${PHP_TMP_DIR}/opcache_file" # only used at build time - -# PHP-FPM configuration -export PHP_FPM_SBIN_DIR="${PHP_BASE_DIR}/sbin" -export PHP_FPM_LOGS_DIR="${PHP_BASE_DIR}/logs" -export PHP_FPM_LOG_FILE="${PHP_FPM_LOGS_DIR}/php-fpm.log" -export PHP_FPM_CONF_FILE="${PHP_CONF_DIR}/php-fpm.conf" -export PHP_FPM_PID_FILE="${PHP_TMP_DIR}/php-fpm.pid" -export PHP_FPM_DEFAULT_LISTEN_ADDRESS="${PHP_TMP_DIR}/www.sock" # only used at build time -export PHP_FPM_LISTEN_ADDRESS="${PHP_FPM_LISTEN_ADDRESS:-}" -export PATH="${PHP_FPM_SBIN_DIR}:${PHP_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" - -# System users (when running with a privileged user) -export PHP_FPM_DAEMON_USER="daemon" -export PHP_FPM_DAEMON_GROUP="daemon" - -# PHP configuration -export PHP_DATE_TIMEZONE="${PHP_DATE_TIMEZONE:-}" -PHP_ENABLE_OPCACHE="${PHP_ENABLE_OPCACHE:-"${PHP_OPCACHE_ENABLED:-}"}" -export PHP_ENABLE_OPCACHE="${PHP_ENABLE_OPCACHE:-}" -export PHP_EXPOSE_PHP="0" -export PHP_MAX_EXECUTION_TIME="${PHP_MAX_EXECUTION_TIME:-}" -export PHP_MAX_INPUT_TIME="${PHP_MAX_INPUT_TIME:-}" -export PHP_MAX_INPUT_VARS="${PHP_MAX_INPUT_VARS:-}" -export PHP_MEMORY_LIMIT="${PHP_MEMORY_LIMIT:-}" -export PHP_POST_MAX_SIZE="${PHP_POST_MAX_SIZE:-}" -export PHP_UPLOAD_MAX_FILESIZE="${PHP_UPLOAD_MAX_FILESIZE:-}" -export PHP_OUTPUT_BUFFERING="8196" - -# Custom environment variables may be defined below diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh deleted file mode 100755 index 57fe4318bb445..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libfs.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -# PHP OPcache optimizations -php_conf_set "opcache.interned_strings_buffer" "$PHP_DEFAULT_OPCACHE_INTERNED_STRINGS_BUFFER" -php_conf_set "opcache.memory_consumption" "$PHP_DEFAULT_OPCACHE_MEMORY_CONSUMPTION" -php_conf_set "opcache.file_cache" "$PHP_DEFAULT_OPCACHE_FILE_CACHE" - -# PHP-FPM configuration -php_conf_set "listen" "$PHP_FPM_DEFAULT_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf" - -# TMP dir configuration -php_conf_set "upload_tmp_dir" "${PHP_BASE_DIR}/tmp" -php_conf_set "session.save_path" "${PHP_TMP_DIR}/session" - -# Ensure directories used by PHP-FPM exist and have proper ownership and permissions -for dir in "$PHP_CONF_DIR" "$PHP_DEFAULT_CONF_DIR" "${PHP_BASE_DIR}/tmp" "$PHP_TMP_DIR" "$PHP_FPM_LOGS_DIR" "${PHP_TMP_DIR}/session"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -info "Disabling PHP-FPM daemon user/group configuration" -mv "${PHP_CONF_DIR}/common.conf" "${PHP_CONF_DIR}/common.conf.disabled" -touch "${PHP_CONF_DIR}/common.conf" - -# Log to stdout/stderr for easy debugging -ln -sf "/dev/stdout" "$PHP_FPM_LOG_FILE" -php_conf_set "error_log" "/dev/stderr" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "$PHP_CONF_DIR"/* "$PHP_DEFAULT_CONF_DIR" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh deleted file mode 100755 index 8bcf57a1ea920..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1090,SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load PHP-FPM environment -. /opt/bitnami/scripts/php-env.sh - -# Load web server environment and functions -. "/opt/bitnami/scripts/$(web_server_type)-env.sh" - -error_code=0 - -if is_php_fpm_enabled; then - if is_php_fpm_not_running; then - error "php-fpm is not running" - error_code=1 - else - info "** Reloading PHP-FPM configuration **" - php_fpm_reload - fi -else - web_server_reload -fi - -exit "$error_code" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh deleted file mode 100755 index 9ca58314833b8..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -/opt/bitnami/scripts/php/stop.sh -/opt/bitnami/scripts/php/start.sh diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/run.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/run.sh deleted file mode 100755 index 8e71d0fbc190e..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/run.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -info "** Starting PHP-FPM **" -declare -a args=("--pid" "$PHP_FPM_PID_FILE" "--fpm-config" "$PHP_FPM_CONF_FILE" "-c" "$PHP_CONF_DIR" "-F") -exec "${PHP_FPM_SBIN_DIR}/php-fpm" "${args[@]}" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh deleted file mode 100755 index 453dccfe9dc5e..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -# Ensure PHP-FPM daemon user exists and required folder belongs to this user when running as 'root' -if am_i_root; then - ensure_user_exists "$PHP_FPM_DAEMON_USER" --group "$PHP_FPM_DAEMON_GROUP" - ensure_dir_exists "$PHP_TMP_DIR" - chown -R "${PHP_FPM_DAEMON_USER}:${PHP_FPM_DAEMON_GROUP}" "$PHP_TMP_DIR" - # Enable daemon configuration - if [[ ! -f "${PHP_CONF_DIR}/common.conf" ]]; then - cp "${PHP_CONF_DIR}/common.conf.disabled" "${PHP_CONF_DIR}/common.conf" - fi -fi - -php_initialize - -# Fix logging issue when running as root -! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/start.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/start.sh deleted file mode 100755 index 1b11f11f62168..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/start.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -error_code=0 - -if is_php_fpm_not_running; then - nohup /opt/bitnami/scripts/php/run.sh >/dev/null 2>&1 & - if ! retry_while "is_php_fpm_running"; then - error "php-fpm did not start" - error_code=1 - else - info "php-fpm started" - fi -else - info "php-fpm is already running" -fi - -exit "$error_code" diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/status.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/status.sh deleted file mode 100755 index 2ca4fb384d050..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/status.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -if is_php_fpm_running; then - info "php-fpm is already running" -else - info "php-fpm is not running" -fi diff --git a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh b/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh deleted file mode 100755 index 74274a4b4ee30..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -error_code=0 - -if is_php_fpm_running; then - BITNAMI_QUIET=1 php_fpm_stop - if ! retry_while "is_php_fpm_not_running"; then - error "php-fpm could not be stopped" - error_code=1 - else - info "php-fpm stopped" - fi -else - info "php-fpm is not running" -fi - -exit "$error_code" diff --git a/bitnami/magento/2/debian-12/rootfs/post-init.d/php.sh b/bitnami/magento/2/debian-12/rootfs/post-init.d/php.sh deleted file mode 100755 index 6be2585cbc533..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/post-init.d/php.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Executes custom PHP init scripts - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries with logging functions -if [[ -f /opt/bitnami/base/functions ]]; then - . /opt/bitnami/base/functions -else - . /opt/bitnami/scripts/liblog.sh -fi - -# Loop through all input files passed via stdin -read -r -a custom_init_scripts <<< "$@" -failure=0 -if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then - for custom_init_script in "${custom_init_scripts[@]}"; do - [[ "$custom_init_script" != *".php" ]] && continue - info "Executing ${custom_init_script} with PHP interpreter" - php "$custom_init_script" || failure=1 - [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" - done -fi - -exit "$failure" diff --git a/bitnami/magento/2/debian-12/rootfs/post-init.sh b/bitnami/magento/2/debian-12/rootfs/post-init.sh deleted file mode 100755 index 5befa0b71fbc5..0000000000000 --- a/bitnami/magento/2/debian-12/rootfs/post-init.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Only execute init scripts once -if [[ ! -f "/bitnami/magento/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then - read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)" - if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/magento/.user_scripts_initialized" ]]; then - mkdir -p "/bitnami/magento" - for init_script in "${init_scripts[@]}"; do - for init_script_type_handler in /post-init.d/*.sh; do - "$init_script_type_handler" "$init_script" - done - done - fi - - touch "/bitnami/magento/.user_scripts_initialized" -fi diff --git a/bitnami/magento/2/debian-12/tags-info.yaml b/bitnami/magento/2/debian-12/tags-info.yaml deleted file mode 100644 index a638ce1c94147..0000000000000 --- a/bitnami/magento/2/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "2" -- 2-debian-12 -- 2.4.7 -- latest diff --git a/bitnami/magento/README.md b/bitnami/magento/README.md deleted file mode 100644 index 2f68e48035636..0000000000000 --- a/bitnami/magento/README.md +++ /dev/null @@ -1,621 +0,0 @@ -# Bitnami package for Magento - -## What is Magento? - -> Magento is a powerful open source e-commerce platform. With easy customizations and rich features, it allows retailers to grow their online businesses in a cost-effective way. - -[Overview of Magento](http://www.magento.com) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -docker run --name magento bitnami/magento:latest -``` - -**Warning**: This quick setup is only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Environment Variables](#environment-variables) section for a more secure deployment. - -## Why use Bitnami Images? - -* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. -* With Bitnami images the latest bug fixes and features are available as soon as possible. -* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. -* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. -* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. -* Bitnami container images are released on a regular basis with the latest distribution packages available. - -Looking to use Magento in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## How to deploy Magento in Kubernetes? - -Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami Magento Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/magento). - -Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Supported tags and respective `Dockerfile` links - -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). - -You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. - -Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). - -## Get this image - -The recommended way to get the Bitnami Magento Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/magento). - -```console -docker pull bitnami/magento:latest -``` - -To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/magento/tags/) in the Docker Hub Registry. - -```console -docker pull bitnami/magento:[TAG] -``` - -If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. - -```console -git clone https://github.com/bitnami/containers.git -cd bitnami/APP/VERSION/OPERATING-SYSTEM -docker build -t bitnami/APP:latest . -``` - -## How to use this image - -Magento requires access to a MySQL or MariaDB database to store information. We'll use the [Bitnami Docker Image for MariaDB](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) for the database requirements. - -### Using the Docker Command Line - -#### Step 1: Create a network - -```console -docker network create magento-network -``` - -#### Step 2: Create a volume for MariaDB persistence and create a MariaDB container - -```console -$ docker volume create --name mariadb_data -docker run -d --name mariadb \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MARIADB_USER=bn_magento \ - --env MARIADB_PASSWORD=bitnami \ - --env MARIADB_DATABASE=bitnami_magento \ - --network magento-network \ - --volume mariadb_data:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -#### Step 3: Create volumes for Magento persistence and launch the container - -```console -$ docker volume create --name magento_data -docker run -d --name magento \ - -p 8080:8080 -p 8443:8443 \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MAGENTO_DATABASE_USER=bn_magento \ - --env MAGENTO_DATABASE_PASSWORD=bitnami \ - --env MAGENTO_DATABASE_NAME=bitnami_magento \ - --network magento-network \ - --volume magento_data:/bitnami/magento \ - bitnami/magento:latest -``` - -Access your application at `http://your-ip/` - -## Installing Magento extensions - -There are a large number of Magento extensions used to add features to your Magento Stores. If you want to install an extension to your Magento container, these are the basic steps you need to take: - -### Step 1: Log into the container shell as root - -```console -docker exec -it magento /bin/bash -``` - -### Step 2: Login as the web server user - -```console -su daemon -s /bin/bash -``` - -### Step 3: Change directory to the Magento root - -```console -cd /bitnami/magento -``` - -### Step 4: Follow the installation instructions for the extension. The Magento standard is to use composer - -```console -composer require -php bin/magento module:enable -php bin/magento setup:upgrade -php bin/magento setup:di:compile -php bin/magento setup:static-content:deploy -f -php bin/magento cache:flush -``` - -### Run the application using Docker Compose - -```console -curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/magento/docker-compose.yml > docker-compose.yml -docker-compose up -d -``` - -Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/magento). - -If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). - -## Persisting your application - -If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed. - -For persistence you should mount a directory at the `/bitnami/magento` path. If the mounted directory is empty, it will be initialized on the first run. Additionally you should mount a volume for persistence of the [MariaDB data](https://github.com/bitnami/containers/blob/main/bitnami/mariadb#persisting-your-database). - -The above examples define the Docker volumes named `mariadb_data` and `magento_data`. The Magento application state will persist as long as volumes are not removed. - -To avoid inadvertent removal of volumes, you can [mount host directories as data volumes](https://docs.docker.com/engine/tutorials/dockervolumes/). Alternatively you can make use of volume plugins to host the volume data. - -### Mount host directories as data volumes with Docker Compose - -This requires a minor change to the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/magento/docker-compose.yml) file present in this repository: - -```diff - mariadb: - ... - volumes: -- - 'mariadb_data:/bitnami/mariadb' -+ - /path/to/mariadb-persistence:/bitnami/mariadb - ... - magento: - ... - volumes: -- - 'magento_data:/bitnami/magento' -+ - /path/to/magento-persistence:/bitnami/magento - ... --volumes: -- mariadb_data: -- driver: local -- magento_data: -- driver: local -``` - -### Mount host directories as data volumes using the Docker command line - -#### Step 1: Create a network (if it does not exist) - -```console -docker network create magento-network -``` - -#### Step 2. Create a MariaDB container with host volume - -```console -docker run -d --name mariadb \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MARIADB_USER=bn_magento \ - --env MARIADB_PASSWORD=bitnami \ - --env MARIADB_DATABASE=bitnami_magento \ - --network magento-network \ - --volume /path/to/mariadb-persistence:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -#### Step 3. Create the Magento container with host volumes - -```console -docker run -d --name magento \ - -p 8080:8080 -p 8443:8443 \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MAGENTO_DATABASE_USER=bn_magento \ - --env MAGENTO_DATABASE_PASSWORD=bitnami \ - --env MAGENTO_DATABASE_NAME=bitnami_magento \ - --network magento-network \ - --volume /path/to/magento-persistence:/bitnami/magento \ - bitnami/magento:latest -``` - -## Configuration - -### Initializing a new instance - -When the container is executed for the first time, it will execute the files with extensions `.sh` located at `/docker-entrypoint-initdb.d`. - -### Environment variables - -#### Customizable environment variables - -| Name | Description | Default Value | -|------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|---------------------| -| `MAGENTO_DATA_TO_PERSIST` | Files to persist relative to the Magento installation directory. To provide multiple values, separate them with a whitespace. | `$MAGENTO_BASE_DIR` | -| `MAGENTO_HOST` | Magento host domain or IP address. | `localhost` | -| `MAGENTO_ENABLE_HTTPS` | Whether to enable SSL to access the Magento store. | `no` | -| `MAGENTO_ENABLE_ADMIN_HTTPS` | Whether to use SSL to access the Magento administration panel. | `no` | -| `MAGENTO_EXTERNAL_HTTP_PORT_NUMBER` | Port to access Magento from outside of the instance using HTTP. | `80` | -| `MAGENTO_EXTERNAL_HTTPS_PORT_NUMBER` | Port to access Magento from outside of the instance using HTTPS. | `443` | -| `MAGENTO_FIRST_NAME` | Magento user first name. | `FirstName` | -| `MAGENTO_LAST_NAME` | Magento user last name. | `LastName` | -| `MAGENTO_MODE` | Magento mode. | `default` | -| `MAGENTO_EXTRA_INSTALL_ARGS` | Extra flags to append to the Magento 'setup:install' command call. | `nil` | -| `MAGENTO_ADMIN_URL_PREFIX` | URL prefix to access the Magento administration panel. | `admin` | -| `MAGENTO_DEPLOY_STATIC_CONTENT` | Whether to deploy Magento static content during the initialization, to optimize initial page load time. | `no` | -| `MAGENTO_KEEP_STATIC` | Whether to keep the content of 'pub/static' folder during the initialization. | `no` | -| `MAGENTO_SKIP_REINDEX` | Whether to skip Magento re-index during the initialization. | `no` | -| `MAGENTO_SKIP_BOOTSTRAP` | Whether to perform initial bootstrapping for the application. | `no` | -| `MAGENTO_USERNAME` | Magento user login name. | `user` | -| `MAGENTO_PASSWORD` | Magento user password. | `bitnami1` | -| `MAGENTO_EMAIL` | Magento user e-mail address. | `user@example.com` | -| `MAGENTO_ENABLE_HTTP_CACHE` | Whether to enable a HTTP cache server for Magento (i.e. Varnish). | `no` | -| `MAGENTO_HTTP_CACHE_BACKEND_HOST` | HTTP cache backend hostname. | `nil` | -| `MAGENTO_HTTP_CACHE_BACKEND_PORT_NUMBER` | HTTP cache backend port. | `nil` | -| `MAGENTO_HTTP_CACHE_SERVER_HOST` | HTTP cache server hostname. | `nil` | -| `MAGENTO_HTTP_CACHE_SERVER_PORT_NUMBER` | HTTP cache server port. | `nil` | -| `MAGENTO_DATABASE_HOST` | Database server host. | `mariadb` | -| `MAGENTO_DATABASE_PORT_NUMBER` | Database server port. | `3306` | -| `MAGENTO_DATABASE_NAME` | Database name. | `bitnami_magento` | -| `MAGENTO_DATABASE_USER` | Database user name. | `bn_magento` | -| `MAGENTO_DATABASE_PASSWORD` | Database user password. | `nil` | -| `MAGENTO_ENABLE_DATABASE_SSL` | Whether to enable SSL for database connections. | `no` | -| `MAGENTO_VERIFY_DATABASE_SSL` | Whether to verify the database SSL certificate when SSL is enabled for database connections. | `yes` | -| `MAGENTO_DATABASE_SSL_CERT_FILE` | Path to the database client certificate file. | `nil` | -| `MAGENTO_DATABASE_SSL_KEY_FILE` | Path to the database client certificate key file. | `nil` | -| `MAGENTO_DATABASE_SSL_CA_FILE` | Path to the database server CA bundle file. | `nil` | -| `MAGENTO_SEARCH_ENGINE` | Magento search engine to use. | `elasticsearch7` | -| `MAGENTO_ELASTICSEARCH_HOST` | Elasticsearch server host. | `elasticsearch` | -| `MAGENTO_ELASTICSEARCH_PORT_NUMBER` | Elasticsearch server port. | `9200` | -| `MAGENTO_ELASTICSEARCH_USE_HTTPS` | Whether to use https to connect with Elasticsearch. | `no` | -| `MAGENTO_ELASTICSEARCH_ENABLE_AUTH` | Whether to enable authentication for connections to the Elasticsearch server. | `no` | -| `MAGENTO_ELASTICSEARCH_USER` | Elasticsearch server user login. | `nil` | -| `MAGENTO_ELASTICSEARCH_PASSWORD` | Elasticsearch server user password. | `nil` | - -#### Read-only environment variables - -| Name | Description | Value | -|----------------------------------|----------------------------------------------------|---------------------------------------| -| `MAGENTO_BASE_DIR` | Magento installation directory. | `${BITNAMI_ROOT_DIR}/magento` | -| `MAGENTO_BIN_DIR` | Magento directory for executable files. | `${MAGENTO_BASE_DIR}/bin` | -| `MAGENTO_CONF_FILE` | Configuration file for Magento. | `${MAGENTO_BASE_DIR}/app/etc/env.php` | -| `MAGENTO_VOLUME_DIR` | Magento directory for mounted configuration files. | `${BITNAMI_VOLUME_DIR}/magento` | -| `PHP_DEFAULT_MAX_EXECUTION_TIME` | Default PHP max execution time. | `18000` | -| `PHP_DEFAULT_MEMORY_LIMIT` | Default PHP memory limit. | `1G` | - -When you start the Magento image, you can adjust the configuration of the instance by passing one or more environment variables either on the docker-compose file or on the `docker run` command line. If you want to add a new environment variable: - -* For docker-compose add the variable name and value under the application section in the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/magento/docker-compose.yml) file present in this repository: - -```yaml -magento: - ... - environment: - - MAGENTO_PASSWORD=my_password1234 - ... -``` - -* For manual execution add a `--env` option with each variable and value: - - ```console - docker run -d --name magento -p 80:8080 -p 443:8443 \ - --env MAGENTO_PASSWORD=my_password1234 \ - --network magento-tier \ - --volume /path/to/magento-persistence:/bitnami \ - bitnami/magento:latest - ``` - -## Logging - -The Bitnami Magento Docker image sends the container logs to `stdout`. To view the logs: - -```console -docker logs magento -``` - -Or using Docker Compose: - -```console -docker-compose logs magento -``` - -You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver. - -## Maintenance - -### Backing up your container - -To backup your data, configuration and logs, follow these simple steps: - -#### Step 1: Stop the currently running container - -```console -docker stop magento -``` - -Or using Docker Compose: - -```console -docker-compose stop magento -``` - -#### Step 2: Run the backup command - -We need to mount two volumes in a container we will use to create the backup: a directory on your host to store the backup in, and the volumes from the container we just stopped so we can access the data. - -```console -docker run --rm -v /path/to/magento-backups:/backups --volumes-from magento busybox \ - cp -a /bitnami/magento /backups/latest -``` - -### Restoring a backup - -Restoring a backup is as simple as mounting the backup as volumes in the containers. - -For the MariaDB database container: - -```diff - $ docker run -d --name mariadb \ - ... -- --volume /path/to/mariadb-persistence:/bitnami/mariadb \ -+ --volume /path/to/mariadb-backups/latest:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -For the Magento container: - -```diff - $ docker run -d --name magento \ - ... -- --volume /path/to/magento-persistence:/bitnami/magento \ -+ --volume /path/to/magento-backups/latest:/bitnami/magento \ - bitnami/magento:latest -``` - -### Upgrade this image - -Bitnami provides up-to-date versions of MariaDB and Magento, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container. We will cover here the upgrade of the Magento application and bundled components (Apache, PHP...). For the MariaDB upgrade see: - -#### Upgrading the Magento application - -Follow this guide to update the Magento version used in your running container image. Note that the below steps will not update any bundled image components such as Apache or PHP, to do this check the next section. - -##### Step 1: Create a backup - -Before following any of the below steps, [create a backup of your container](#backing-up-your-container) to avoid possible data loss, in case something goes wrong. - -##### Step 2: Getting Magento authentication keys - -In order to properly upgrade Magento, you will need Magento authentication keys that will be used to fetch the Magento updates. To obtain these keys, follow [this guide](https://devdocs.magento.com/guides/v2.4/install-gde/prereq/connect-auth.html). - -##### Step 3: Preparing the Docker container for the upgrade - -* Enter the container shell as the `root` user (e.g. `docker exec -u root ...`). - -* Only if the container is running as `root` user, disable cron jobs and wait for any pending jobs to complete: - - ```console - sed -i 's/^/#/' /etc/cron.d/magento - ``` - -* Increase the PHP `memory_limit` to an apropriate value for the upgrade commands to work, such as `2G`: - - ```console - sed -i 's/memory_limit = .*/memory_limit = 2G/' /opt/bitnami/php/etc/php.ini - ``` - -* Backup `composer.json`: - - ```console - cp /opt/bitnami/magento/composer.json /opt/bitnami/magento/composer.json.bak - ``` - -##### Step 4: Update Magento to the desired version - -* Only if the container is running as `root` user, login as the web server user before executing the below command: - - ```console - su daemon -s /bin/bash - ``` - -* To avoid user access to your Magento site while you are upgrading, enable maintenance mode: - - ```console - magento maintenance:enable - ``` - -* Update your Magento requirement to the new desired version in `composer.json`. At this point, you will be asked to provide credentials to access `repo.magento.com`. Enter the authentication keys obtained in Step 1. - - ```console - cd /opt/bitnami/magento - composer require magento/product-community-edition=VERSION --no-update - ``` - - > NOTE: Replace the `VERSION` placeholder with an appropriate value, i.e.: `2.4.1` - -* Update your installation. You will also be asked to provide the same credentials provided in the previous step. - - ```console - composer update - ``` - - > NOTE: If you see an error similar to this while executing the above command, you will need to increase the PHP `memory_limit` configuration to an even higher value. - > - > ```text - > Fatal error: Allowed memory size of 21610612736 bytes exhausted - > ``` - -* Clear the `var/` and `generated/` directories: - - ```console - rm -rf /opt/bitnami/magento/var/cache/* - rm -rf /opt/bitnami/magento/var/page_cache/* - rm -rf /opt/bitnami/magento/generated/* - ``` - -* Upgrade the Magento database schema: - - ```console - magento setup:upgrade - ``` - -* Finally, disable maintenance mode to complete the upgrade: - - ```console - magento maintenance:disable - ``` - -##### Step 5: Restart Docker container - -Restart the Docker container to reset any configuration changes: - -```console -docker stop magento -``` - -Or using Docker Compose: - -```console -docker-compose stop magento -``` - -#### Upgrading bundled image components - -Follow this guide to upgrade any bundled image components, such as Apache or PHP. Note that **Magento will not be updated** if you follow these steps. - -##### Step 1: Get the updated image - -```console -docker pull bitnami/magento:latest -``` - -##### Step 2: Stop the running container - -Stop the currently running container using the command - -```console -docker-compose stop magento -``` - -##### Step 3: Take a snapshot of the application state - -Follow the steps in [Backing up your container](#backing-up-your-container) to take a snapshot of the current application state. - -##### Step 4: Remove the currently running container - -Remove the currently running container by executing the following command: - -```console -docker-compose rm -v magento -``` - -##### Step 5: Run the new image - -Update the image tag in `docker-compose.yml` and re-create your container with the new image: - -```console -docker-compose up -d -``` - -## Customize this image - -The Bitnami Magento Docker image is designed to be extended so it can be used as the base image for your custom web applications. - -### Extend this image - -Before extending this image, please note there are certain configuration settings you can modify using the original image: - -* Settings that can be adapted using environment variables. For instance, you can change the ports used by Apache for HTTP and HTTPS, by setting the environment variables `APACHE_HTTP_PORT_NUMBER` and `APACHE_HTTPS_PORT_NUMBER` respectively. -* [Adding custom virtual hosts](https://github.com/bitnami/containers/blob/main/bitnami/apache#adding-custom-virtual-hosts). -* [Replacing the 'httpd.conf' file](https://github.com/bitnami/containers/blob/main/bitnami/apache#full-configuration). -* [Using custom SSL certificates](https://github.com/bitnami/containers/blob/main/bitnami/apache#using-custom-ssl-certificates). - -If your desired customizations cannot be covered using the methods mentioned above, extend the image. To do so, create your own image using a Dockerfile with the format below: - -```Dockerfile -FROM bitnami/magento -## Put your customizations below -... -``` - -Here is an example of extending the image with the following modifications: - -* Install the `vim` editor -* Modify the Apache configuration file -* Modify the ports used by Apache - -```Dockerfile -FROM bitnami/magento - -## Install 'vim' -RUN install_packages vim - -## Enable mod_ratelimit module -RUN sed -i -r 's/#LoadModule ratelimit_module/LoadModule ratelimit_module/' /opt/bitnami/apache/conf/httpd.conf - -## Modify the ports used by Apache by default -# It is also possible to change these environment variables at runtime -ENV APACHE_HTTP_PORT_NUMBER=8181 -ENV APACHE_HTTPS_PORT_NUMBER=8143 -EXPOSE 8181 8143 -``` - -Based on the extended image, you can update the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/magento/docker-compose.yml) file present in this repository to add other features: - -```diff - magento: -- image: bitnami/magento:latest -+ build: . - ports: -- - '80:8080' -- - '443:8443' -+ - '80:8181' -+ - '443:8143' - environment: -+ - PHP_MEMORY_LIMIT=512m - ... -``` - -## Notable Changes - -## 2.4.1-debian-10-r80 - -* The size of the container image has been decreased. -* The configuration logic is now based on Bash scripts in the *rootfs/* folder. -* The Magento container now supports the "non-root" user approach, but it still runs as the `root` user by default. When running as a non-root user, all services will be run under the same user and Cron jobs will be disabled as crond requires to be run as a superuser. To run as a non-root user, change `USER root` to `USER 1001` in the Dockerfile, or specify `user: 1001` in `docker-compose.yml`. Related changes: - * The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. - * Backwards compatibility is not guaranteed when data is persisted using docker or docker-compose. We highly recommend migrating the Magento site by exporting its content, and importing it on a new Magento container. - -## 2.3.5-debian-10-r57 - -* To avoid issues running custom plugins and themes, the container image has been modified to persist the entire Magento `htdocs` directory. As a consecuence of this change, it is not possible to update the application by changing the image tag anymore, instead, it is needed to [follow the official update guide](https://devdocs.magento.com/guides/v2.3/comp-mgr/cli/cli-upgrade.html). - -## 2.3.1-debian-9-r44 and 2.3.1-ol-7-r53 - -* This image has been adapted so it's easier to customize. See the [Customize this image](#customize-this-image) section for more information. -* The Apache configuration volume (`/bitnami/apache`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the Apache configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom Apache configuration files are advised to mount a volume for the configuration at `/opt/bitnami/apache/conf`, or mount specific configuration files individually. -* The PHP configuration volume (`/bitnami/php`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the PHP configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom PHP configuration files are advised to mount a volume for the configuration at `/opt/bitnami/php/conf`, or mount specific configuration files individually. -* Enabling custom Apache certificates by placing them at `/opt/bitnami/apache/certs` has been deprecated, and support for this functionality will be dropped in the near future. Users wanting to enable custom certificates are advised to mount their certificate files on top of the preconfigured ones at `/certs`. - -## Contributing - -We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. - -## Issues - -If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/bitnami/magento/docker-compose.yml b/bitnami/magento/docker-compose.yml deleted file mode 100644 index 79cab1c8b9747..0000000000000 --- a/bitnami/magento/docker-compose.yml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - mariadb: - image: docker.io/bitnami/mariadb:10.6 - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_magento - - MARIADB_DATABASE=bitnami_magento - volumes: - - 'mariadb_data:/bitnami/mariadb' - magento: - image: docker.io/bitnami/magento:2 - ports: - - '80:8080' - - '443:8443' - environment: - - MAGENTO_HOST=localhost - - MAGENTO_DATABASE_HOST=mariadb - - MAGENTO_DATABASE_PORT_NUMBER=3306 - - MAGENTO_DATABASE_USER=bn_magento - - MAGENTO_DATABASE_NAME=bitnami_magento - - ELASTICSEARCH_HOST=elasticsearch - - ELASTICSEARCH_PORT_NUMBER=9200 - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - 'magento_data:/bitnami/magento' - depends_on: - - mariadb - - elasticsearch - elasticsearch: - image: docker.io/bitnami/elasticsearch:7 - volumes: - - 'elasticsearch_data:/bitnami/elasticsearch/data' -volumes: - mariadb_data: - driver: local - magento_data: - driver: local - elasticsearch_data: - driver: local diff --git a/bitnami/mariadb-galera/10.11/README.md b/bitnami/mariadb-galera/10.11/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb-galera/10.11/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb-galera/10.11/debian-12/Dockerfile b/bitnami/mariadb-galera/10.11/debian-12/Dockerfile deleted file mode 100644 index 64e4f0247b666..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T09:11:16Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.11.8-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ - org.opencontainers.image.title="mariadb-galera" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.11.8" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 libldap-common liblzma5 libncurses6 libpam-ldapd libpam0g libssl3 libstdc++6 libtinfo6 libxml2 nslcd procps psmisc rsync socat zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-galera-10.11.8-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh -ENV APP_VERSION="10.11.8" \ - BITNAMI_APP_NAME="mariadb-galera" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 4444 4567 4568 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/10.11/debian-12/docker-compose.yml b/bitnami/mariadb-galera/10.11/debian-12/docker-compose.yml deleted file mode 100644 index db0bade8449a4..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb-galera: - image: docker.io/bitnami/mariadb-galera:10.11 - ports: - - '3306:3306' - - '4444:4444' - - '4567:4567' - - '4568:4568' - volumes: - - 'mariadb_galera_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_galera_data: - driver: local diff --git a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 350651fa4686d..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb-galera": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.11.8-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh deleted file mode 100644 index fa50716cf1ff9..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami LDAP library - -# shellcheck disable=SC1090,SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -######################## -# Loads global variables used on LDAP configuration. -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# Series of exports to be used as 'eval' arguments -######################### -ldap_env() { - cat <<"EOF" -export LDAP_NSLCD_USER="nslcd" -export LDAP_URI="${LDAP_URI:-}" -export LDAP_BASE="${LDAP_BASE:-}" -export LDAP_BIND_DN="${LDAP_BIND_DN:-}" -export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}" -export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}" -export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}" -export LDAP_SCOPE="${LDAP_SCOPE:-}" -export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}" -export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}" -export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}" - -EOF - if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="nslcd" -EOF - elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="ldap" -EOF - fi -} - -######################## -# Return LDAP config file path depending on distro -# Globals: -# OS_FLAVOUR -# Arguments: -# None -# Returns: -# (String) LDAP config file path -######################### -ldap_openldap_config_path() { - local openldap_config - case "$OS_FLAVOUR" in - debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;; - photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;; - *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;; - esac - echo "$openldap_config" -} - -######################## -# Configure LDAP permissions (to be used at postunpack leve). -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_configure_permissions() { - ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775" - # The nslcd.conf file may not exist in distros like UBI, so we need to create it first - touch "/etc/nslcd.conf" - configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660" - configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660" -} - -######################## -# Create nslcd.conf file -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_create_nslcd_config() { - if am_i_root; then - chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf" - chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd" - cat >"/etc/nslcd.conf" <"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"$(ldap_openldap_config_path)" <"/etc/pam.d/${filename}" < 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]]; then - if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then - warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" - elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - fi - - if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." - fi - - if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." - fi - - if [[ -z "$(get_galera_cluster_address_value)" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." - fi - - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - - if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then - print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." - fi - - if is_boolean_yes "$DB_ENABLE_TLS"; then - if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." - fi - if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then - print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then - print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." - fi - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Persisted data detected. Restoring" - - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - set_safe_to_bootstrap - fi - if ! is_safe_to_bootstrap; then - error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" - exit 1 - fi - fi - - return - else - # initialization should not be performed on non-primary nodes of a galera cluster - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - mysql_install_db - mysql_start_bg - debug "Deleting all users to avoid issues with galera configuration" - mysql_execute "mysql" </dev/null - hostname - fi -} - -######################## -# Check for user override of wsrep_node_address -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# String with node address -######################### -get_node_address() { - if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then - echo "$DB_GALERA_NODE_ADDRESS" - else - # In some environments, the network may not be fully set up when starting the initialization - # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) - local -r retries="60" - local -r seconds="5" - retry_while "hostname -i" "$retries" "$seconds" >/dev/null - # prefer IPv6 over IPv4 if available - # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered - printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' - fi -} - -######################## -# Starts MySQL/MariaDB in the background and waits until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_start_bg() { - local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") - - # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized - flags+=("--bind-address=127.0.0.1") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - - # Do not start as root, to avoid permission issues - am_i_root && flags+=("--user=${DB_DAEMON_USER}") - - # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection - flags+=("--skip-slave-start") - flags+=("$@") - - is_mysql_running && return - - info "Starting $DB_FLAVOR in background" - debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & - - # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot - # create any users, and WSREP instantly kills MariaDB if doing so - wait_for_wsrep - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -######################## -# Wait for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# None -######################## -wait_for_wsrep() { - local -r retries=300 - local -r sleep_time=2 - if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then - error "WSREP did not become ready" - return 1 - fi -} - -######################## -# Checks for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# Boolean -######################## -is_wsrep_ready() { - debug "Checking if WSREP is ready" - is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 7857bb832cf40..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - MARIADB_GALERA_CONF_DIR - MARIADB_GALERA_MOUNTED_CONF_DIR - MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP - MARIADB_GALERA_CLUSTER_BOOTSTRAP - MARIADB_GALERA_CLUSTER_ADDRESS - MARIADB_GALERA_CLUSTER_NAME - MARIADB_GALERA_NODE_NAME - MARIADB_GALERA_NODE_ADDRESS - MARIADB_GALERA_SST_METHOD - MARIADB_GALERA_MARIABACKUP_USER - MARIADB_GALERA_MARIABACKUP_PASSWORD - MARIADB_ENABLE_LDAP - MARIADB_ENABLE_TLS - MARIADB_TLS_CERT_FILE - MARIADB_TLS_KEY_FILE - MARIADB_TLS_CA_FILE - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB Galera authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Galera paths -export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" -export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" -export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" -export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" -export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" -export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" - -# Galera build-time defaults for cluster configuration -export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" -export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" -export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" -export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" -export MARIADB_GALERA_DEFAULT_NODE_NAME="" -export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" -export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" -export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" -export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" -export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" -export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" -export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" - -# Galera cluster configuration. -export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" -export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" -export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" -export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" -export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" -export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" -export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" -export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" -export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" -export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" -export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" -export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" -export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" -export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" -export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" -export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" -export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" -export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" -export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" -export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" -export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" -export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" - -# LDAP -export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" -export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" - -# SSL/TLS configuration -export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" -export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" -export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" -export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" -export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" -export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" -export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" -export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/10.11/debian-12/tags-info.yaml b/bitnami/mariadb-galera/10.11/debian-12/tags-info.yaml deleted file mode 100644 index 784d68931b6bc..0000000000000 --- a/bitnami/mariadb-galera/10.11/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "10.11" -- 10.11-debian-12 -- 10.11.8 diff --git a/bitnami/mariadb-galera/10.4/debian-12/Dockerfile b/bitnami/mariadb-galera/10.4/debian-12/Dockerfile deleted file mode 100644 index 18b602e70add6..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T09:09:33Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.4.34-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ - org.opencontainers.image.title="mariadb-galera" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.4.34" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libffi8 libgcc-s1 libgmp10 libgnutls30 libhogweed6 libicu72 libidn2-0 libjemalloc2 libldap-common liblzma5 libncurses6 libnettle8 libp11-kit0 libpam-ldapd libpam0g libssl3 libstdc++6 libtasn1-6 libtinfo6 libunistring2 libxml2 nslcd procps psmisc rsync socat zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-galera-10.4.34-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh -ENV APP_VERSION="10.4.34" \ - BITNAMI_APP_NAME="mariadb-galera" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 4444 4567 4568 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/10.4/debian-12/docker-compose.yml b/bitnami/mariadb-galera/10.4/debian-12/docker-compose.yml deleted file mode 100644 index d1e9a17aa3b6e..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb-galera: - image: docker.io/bitnami/mariadb-galera:10.4 - ports: - - '3306:3306' - - '4444:4444' - - '4567:4567' - - '4568:4568' - volumes: - - 'mariadb_galera_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_galera_data: - driver: local diff --git a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index ab49f5687441a..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb-galera": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.4.34-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh deleted file mode 100644 index fa50716cf1ff9..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami LDAP library - -# shellcheck disable=SC1090,SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -######################## -# Loads global variables used on LDAP configuration. -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# Series of exports to be used as 'eval' arguments -######################### -ldap_env() { - cat <<"EOF" -export LDAP_NSLCD_USER="nslcd" -export LDAP_URI="${LDAP_URI:-}" -export LDAP_BASE="${LDAP_BASE:-}" -export LDAP_BIND_DN="${LDAP_BIND_DN:-}" -export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}" -export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}" -export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}" -export LDAP_SCOPE="${LDAP_SCOPE:-}" -export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}" -export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}" -export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}" - -EOF - if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="nslcd" -EOF - elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="ldap" -EOF - fi -} - -######################## -# Return LDAP config file path depending on distro -# Globals: -# OS_FLAVOUR -# Arguments: -# None -# Returns: -# (String) LDAP config file path -######################### -ldap_openldap_config_path() { - local openldap_config - case "$OS_FLAVOUR" in - debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;; - photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;; - *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;; - esac - echo "$openldap_config" -} - -######################## -# Configure LDAP permissions (to be used at postunpack leve). -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_configure_permissions() { - ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775" - # The nslcd.conf file may not exist in distros like UBI, so we need to create it first - touch "/etc/nslcd.conf" - configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660" - configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660" -} - -######################## -# Create nslcd.conf file -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_create_nslcd_config() { - if am_i_root; then - chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf" - chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd" - cat >"/etc/nslcd.conf" <"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"$(ldap_openldap_config_path)" <"/etc/pam.d/${filename}" < 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]]; then - if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then - warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" - elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - fi - - if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." - fi - - if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." - fi - - if [[ -z "$(get_galera_cluster_address_value)" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." - fi - - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - - if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then - print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." - fi - - if is_boolean_yes "$DB_ENABLE_TLS"; then - if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." - fi - if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then - print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then - print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." - fi - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Persisted data detected. Restoring" - - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - set_safe_to_bootstrap - fi - if ! is_safe_to_bootstrap; then - error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" - exit 1 - fi - fi - - return - else - # initialization should not be performed on non-primary nodes of a galera cluster - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - mysql_install_db - mysql_start_bg - debug "Deleting all users to avoid issues with galera configuration" - mysql_execute "mysql" </dev/null - hostname - fi -} - -######################## -# Check for user override of wsrep_node_address -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# String with node address -######################### -get_node_address() { - if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then - echo "$DB_GALERA_NODE_ADDRESS" - else - # In some environments, the network may not be fully set up when starting the initialization - # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) - local -r retries="60" - local -r seconds="5" - retry_while "hostname -i" "$retries" "$seconds" >/dev/null - # prefer IPv6 over IPv4 if available - # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered - printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' - fi -} - -######################## -# Starts MySQL/MariaDB in the background and waits until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_start_bg() { - local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") - - # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized - flags+=("--bind-address=127.0.0.1") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - - # Do not start as root, to avoid permission issues - am_i_root && flags+=("--user=${DB_DAEMON_USER}") - - # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection - flags+=("--skip-slave-start") - flags+=("$@") - - is_mysql_running && return - - info "Starting $DB_FLAVOR in background" - debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & - - # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot - # create any users, and WSREP instantly kills MariaDB if doing so - wait_for_wsrep - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -######################## -# Wait for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# None -######################## -wait_for_wsrep() { - local -r retries=300 - local -r sleep_time=2 - if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then - error "WSREP did not become ready" - return 1 - fi -} - -######################## -# Checks for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# Boolean -######################## -is_wsrep_ready() { - debug "Checking if WSREP is ready" - is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 7857bb832cf40..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - MARIADB_GALERA_CONF_DIR - MARIADB_GALERA_MOUNTED_CONF_DIR - MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP - MARIADB_GALERA_CLUSTER_BOOTSTRAP - MARIADB_GALERA_CLUSTER_ADDRESS - MARIADB_GALERA_CLUSTER_NAME - MARIADB_GALERA_NODE_NAME - MARIADB_GALERA_NODE_ADDRESS - MARIADB_GALERA_SST_METHOD - MARIADB_GALERA_MARIABACKUP_USER - MARIADB_GALERA_MARIABACKUP_PASSWORD - MARIADB_ENABLE_LDAP - MARIADB_ENABLE_TLS - MARIADB_TLS_CERT_FILE - MARIADB_TLS_KEY_FILE - MARIADB_TLS_CA_FILE - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB Galera authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Galera paths -export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" -export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" -export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" -export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" -export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" -export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" - -# Galera build-time defaults for cluster configuration -export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" -export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" -export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" -export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" -export MARIADB_GALERA_DEFAULT_NODE_NAME="" -export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" -export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" -export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" -export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" -export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" -export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" -export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" - -# Galera cluster configuration. -export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" -export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" -export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" -export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" -export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" -export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" -export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" -export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" -export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" -export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" -export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" -export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" -export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" -export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" -export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" -export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" -export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" -export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" -export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" -export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" -export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" -export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" - -# LDAP -export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" -export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" - -# SSL/TLS configuration -export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" -export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" -export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" -export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" -export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" -export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" -export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" -export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh deleted file mode 100755 index ec7e80256766f..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/mariadb-galera/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb-galera/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh deleted file mode 100755 index 8bd30f5f8ae49..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh deleted file mode 100755 index 503f456f66f0d..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR" "$DB_GALERA_BOOTSTRAP_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# LDAP permissions -ldap_configure_permissions -ldap_create_pam_config "mariadb" - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf /dev/stdout "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh deleted file mode 100755 index 69b8d4496908b..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_start_nslcd_bg - -info "** Starting MariaDB **" - -set_previous_boot - -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh deleted file mode 100755 index 77c9f7d5d1a97..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadbgalera.sh -. /opt/bitnami/scripts/libldapclient.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Ensure 'nslcd' user exists when running as 'root' - ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Ensure LDAP is initialized -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb-galera/10.4/debian-12/tags-info.yaml b/bitnami/mariadb-galera/10.4/debian-12/tags-info.yaml deleted file mode 100644 index f4cf6afb1a0fe..0000000000000 --- a/bitnami/mariadb-galera/10.4/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "10.4" -- 10.4-debian-12 -- 10.4.34 diff --git a/bitnami/mariadb-galera/10.5/README.md b/bitnami/mariadb-galera/10.5/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb-galera/10.5/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb-galera/10.5/debian-12/Dockerfile b/bitnami/mariadb-galera/10.5/debian-12/Dockerfile deleted file mode 100644 index 0cf4f89d2bb19..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T08:35:51Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.5.25-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ - org.opencontainers.image.title="mariadb-galera" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.5.25" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 libldap-common liblzma5 libncurses6 libpam-ldapd libpam0g libssl3 libstdc++6 libtinfo6 libxml2 nslcd procps psmisc rsync socat zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-galera-10.5.25-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh -ENV APP_VERSION="10.5.25" \ - BITNAMI_APP_NAME="mariadb-galera" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 4444 4567 4568 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/10.5/debian-12/docker-compose.yml b/bitnami/mariadb-galera/10.5/debian-12/docker-compose.yml deleted file mode 100644 index d5ae85f25abdf..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb-galera: - image: docker.io/bitnami/mariadb-galera:10.5 - ports: - - '3306:3306' - - '4444:4444' - - '4567:4567' - - '4568:4568' - volumes: - - 'mariadb_galera_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_galera_data: - driver: local diff --git a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 89a90a68b2b1d..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb-galera": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.5.25-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh deleted file mode 100644 index fa50716cf1ff9..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami LDAP library - -# shellcheck disable=SC1090,SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -######################## -# Loads global variables used on LDAP configuration. -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# Series of exports to be used as 'eval' arguments -######################### -ldap_env() { - cat <<"EOF" -export LDAP_NSLCD_USER="nslcd" -export LDAP_URI="${LDAP_URI:-}" -export LDAP_BASE="${LDAP_BASE:-}" -export LDAP_BIND_DN="${LDAP_BIND_DN:-}" -export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}" -export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}" -export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}" -export LDAP_SCOPE="${LDAP_SCOPE:-}" -export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}" -export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}" -export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}" - -EOF - if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="nslcd" -EOF - elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="ldap" -EOF - fi -} - -######################## -# Return LDAP config file path depending on distro -# Globals: -# OS_FLAVOUR -# Arguments: -# None -# Returns: -# (String) LDAP config file path -######################### -ldap_openldap_config_path() { - local openldap_config - case "$OS_FLAVOUR" in - debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;; - photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;; - *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;; - esac - echo "$openldap_config" -} - -######################## -# Configure LDAP permissions (to be used at postunpack leve). -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_configure_permissions() { - ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775" - # The nslcd.conf file may not exist in distros like UBI, so we need to create it first - touch "/etc/nslcd.conf" - configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660" - configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660" -} - -######################## -# Create nslcd.conf file -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_create_nslcd_config() { - if am_i_root; then - chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf" - chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd" - cat >"/etc/nslcd.conf" <"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"$(ldap_openldap_config_path)" <"/etc/pam.d/${filename}" < 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]]; then - if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then - warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" - elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - fi - - if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." - fi - - if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." - fi - - if [[ -z "$(get_galera_cluster_address_value)" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." - fi - - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - - if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then - print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." - fi - - if is_boolean_yes "$DB_ENABLE_TLS"; then - if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." - fi - if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then - print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then - print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." - fi - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Persisted data detected. Restoring" - - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - set_safe_to_bootstrap - fi - if ! is_safe_to_bootstrap; then - error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" - exit 1 - fi - fi - - return - else - # initialization should not be performed on non-primary nodes of a galera cluster - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - mysql_install_db - mysql_start_bg - debug "Deleting all users to avoid issues with galera configuration" - mysql_execute "mysql" </dev/null - hostname - fi -} - -######################## -# Check for user override of wsrep_node_address -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# String with node address -######################### -get_node_address() { - if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then - echo "$DB_GALERA_NODE_ADDRESS" - else - # In some environments, the network may not be fully set up when starting the initialization - # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) - local -r retries="60" - local -r seconds="5" - retry_while "hostname -i" "$retries" "$seconds" >/dev/null - # prefer IPv6 over IPv4 if available - # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered - printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' - fi -} - -######################## -# Starts MySQL/MariaDB in the background and waits until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_start_bg() { - local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") - - # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized - flags+=("--bind-address=127.0.0.1") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - - # Do not start as root, to avoid permission issues - am_i_root && flags+=("--user=${DB_DAEMON_USER}") - - # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection - flags+=("--skip-slave-start") - flags+=("$@") - - is_mysql_running && return - - info "Starting $DB_FLAVOR in background" - debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & - - # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot - # create any users, and WSREP instantly kills MariaDB if doing so - wait_for_wsrep - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -######################## -# Wait for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# None -######################## -wait_for_wsrep() { - local -r retries=300 - local -r sleep_time=2 - if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then - error "WSREP did not become ready" - return 1 - fi -} - -######################## -# Checks for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# Boolean -######################## -is_wsrep_ready() { - debug "Checking if WSREP is ready" - is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 7857bb832cf40..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - MARIADB_GALERA_CONF_DIR - MARIADB_GALERA_MOUNTED_CONF_DIR - MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP - MARIADB_GALERA_CLUSTER_BOOTSTRAP - MARIADB_GALERA_CLUSTER_ADDRESS - MARIADB_GALERA_CLUSTER_NAME - MARIADB_GALERA_NODE_NAME - MARIADB_GALERA_NODE_ADDRESS - MARIADB_GALERA_SST_METHOD - MARIADB_GALERA_MARIABACKUP_USER - MARIADB_GALERA_MARIABACKUP_PASSWORD - MARIADB_ENABLE_LDAP - MARIADB_ENABLE_TLS - MARIADB_TLS_CERT_FILE - MARIADB_TLS_KEY_FILE - MARIADB_TLS_CA_FILE - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB Galera authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Galera paths -export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" -export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" -export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" -export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" -export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" -export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" - -# Galera build-time defaults for cluster configuration -export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" -export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" -export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" -export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" -export MARIADB_GALERA_DEFAULT_NODE_NAME="" -export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" -export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" -export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" -export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" -export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" -export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" -export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" - -# Galera cluster configuration. -export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" -export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" -export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" -export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" -export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" -export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" -export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" -export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" -export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" -export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" -export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" -export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" -export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" -export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" -export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" -export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" -export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" -export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" -export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" -export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" -export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" -export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" - -# LDAP -export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" -export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" - -# SSL/TLS configuration -export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" -export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" -export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" -export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" -export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" -export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" -export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" -export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh b/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh deleted file mode 100755 index ec7e80256766f..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/mariadb-galera/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb-galera/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh b/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh deleted file mode 100755 index 8bd30f5f8ae49..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh b/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh deleted file mode 100755 index 503f456f66f0d..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR" "$DB_GALERA_BOOTSTRAP_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# LDAP permissions -ldap_configure_permissions -ldap_create_pam_config "mariadb" - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf /dev/stdout "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh b/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh deleted file mode 100755 index 69b8d4496908b..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_start_nslcd_bg - -info "** Starting MariaDB **" - -set_previous_boot - -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh b/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh deleted file mode 100755 index 77c9f7d5d1a97..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadbgalera.sh -. /opt/bitnami/scripts/libldapclient.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Ensure 'nslcd' user exists when running as 'root' - ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Ensure LDAP is initialized -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb-galera/10.5/debian-12/tags-info.yaml b/bitnami/mariadb-galera/10.5/debian-12/tags-info.yaml deleted file mode 100644 index 8e9f78d61cc7c..0000000000000 --- a/bitnami/mariadb-galera/10.5/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "10.5" -- 10.5-debian-12 -- 10.5.25 diff --git a/bitnami/mariadb-galera/10.6/README.md b/bitnami/mariadb-galera/10.6/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb-galera/10.6/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb-galera/10.6/debian-12/Dockerfile b/bitnami/mariadb-galera/10.6/debian-12/Dockerfile deleted file mode 100644 index 6356e62b7180d..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T08:55:58Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.6.18-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ - org.opencontainers.image.title="mariadb-galera" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.6.18" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 libldap-common liblzma5 libncurses6 libpam-ldapd libpam0g libssl3 libstdc++6 libtinfo6 libxml2 nslcd procps psmisc rsync socat zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-galera-10.6.18-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh -ENV APP_VERSION="10.6.18" \ - BITNAMI_APP_NAME="mariadb-galera" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 4444 4567 4568 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/10.6/debian-12/docker-compose.yml b/bitnami/mariadb-galera/10.6/debian-12/docker-compose.yml deleted file mode 100644 index 0b741b1208da2..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb-galera: - image: docker.io/bitnami/mariadb-galera:10.6 - ports: - - '3306:3306' - - '4444:4444' - - '4567:4567' - - '4568:4568' - volumes: - - 'mariadb_galera_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_galera_data: - driver: local diff --git a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 78589c4659f8e..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb-galera": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.6.18-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh deleted file mode 100644 index fa50716cf1ff9..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami LDAP library - -# shellcheck disable=SC1090,SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -######################## -# Loads global variables used on LDAP configuration. -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# Series of exports to be used as 'eval' arguments -######################### -ldap_env() { - cat <<"EOF" -export LDAP_NSLCD_USER="nslcd" -export LDAP_URI="${LDAP_URI:-}" -export LDAP_BASE="${LDAP_BASE:-}" -export LDAP_BIND_DN="${LDAP_BIND_DN:-}" -export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}" -export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}" -export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}" -export LDAP_SCOPE="${LDAP_SCOPE:-}" -export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}" -export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}" -export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}" - -EOF - if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="nslcd" -EOF - elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="ldap" -EOF - fi -} - -######################## -# Return LDAP config file path depending on distro -# Globals: -# OS_FLAVOUR -# Arguments: -# None -# Returns: -# (String) LDAP config file path -######################### -ldap_openldap_config_path() { - local openldap_config - case "$OS_FLAVOUR" in - debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;; - photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;; - *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;; - esac - echo "$openldap_config" -} - -######################## -# Configure LDAP permissions (to be used at postunpack leve). -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_configure_permissions() { - ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775" - # The nslcd.conf file may not exist in distros like UBI, so we need to create it first - touch "/etc/nslcd.conf" - configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660" - configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660" -} - -######################## -# Create nslcd.conf file -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_create_nslcd_config() { - if am_i_root; then - chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf" - chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd" - cat >"/etc/nslcd.conf" <"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"$(ldap_openldap_config_path)" <"/etc/pam.d/${filename}" < 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]]; then - if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then - warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" - elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - fi - - if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." - fi - - if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." - fi - - if [[ -z "$(get_galera_cluster_address_value)" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." - fi - - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - - if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then - print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." - fi - - if is_boolean_yes "$DB_ENABLE_TLS"; then - if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." - fi - if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then - print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then - print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." - fi - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Persisted data detected. Restoring" - - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - set_safe_to_bootstrap - fi - if ! is_safe_to_bootstrap; then - error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" - exit 1 - fi - fi - - return - else - # initialization should not be performed on non-primary nodes of a galera cluster - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - mysql_install_db - mysql_start_bg - debug "Deleting all users to avoid issues with galera configuration" - mysql_execute "mysql" </dev/null - hostname - fi -} - -######################## -# Check for user override of wsrep_node_address -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# String with node address -######################### -get_node_address() { - if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then - echo "$DB_GALERA_NODE_ADDRESS" - else - # In some environments, the network may not be fully set up when starting the initialization - # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) - local -r retries="60" - local -r seconds="5" - retry_while "hostname -i" "$retries" "$seconds" >/dev/null - # prefer IPv6 over IPv4 if available - # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered - printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' - fi -} - -######################## -# Starts MySQL/MariaDB in the background and waits until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_start_bg() { - local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") - - # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized - flags+=("--bind-address=127.0.0.1") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - - # Do not start as root, to avoid permission issues - am_i_root && flags+=("--user=${DB_DAEMON_USER}") - - # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection - flags+=("--skip-slave-start") - flags+=("$@") - - is_mysql_running && return - - info "Starting $DB_FLAVOR in background" - debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & - - # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot - # create any users, and WSREP instantly kills MariaDB if doing so - wait_for_wsrep - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -######################## -# Wait for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# None -######################## -wait_for_wsrep() { - local -r retries=300 - local -r sleep_time=2 - if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then - error "WSREP did not become ready" - return 1 - fi -} - -######################## -# Checks for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# Boolean -######################## -is_wsrep_ready() { - debug "Checking if WSREP is ready" - is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 7857bb832cf40..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - MARIADB_GALERA_CONF_DIR - MARIADB_GALERA_MOUNTED_CONF_DIR - MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP - MARIADB_GALERA_CLUSTER_BOOTSTRAP - MARIADB_GALERA_CLUSTER_ADDRESS - MARIADB_GALERA_CLUSTER_NAME - MARIADB_GALERA_NODE_NAME - MARIADB_GALERA_NODE_ADDRESS - MARIADB_GALERA_SST_METHOD - MARIADB_GALERA_MARIABACKUP_USER - MARIADB_GALERA_MARIABACKUP_PASSWORD - MARIADB_ENABLE_LDAP - MARIADB_ENABLE_TLS - MARIADB_TLS_CERT_FILE - MARIADB_TLS_KEY_FILE - MARIADB_TLS_CA_FILE - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB Galera authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Galera paths -export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" -export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" -export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" -export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" -export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" -export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" - -# Galera build-time defaults for cluster configuration -export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" -export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" -export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" -export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" -export MARIADB_GALERA_DEFAULT_NODE_NAME="" -export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" -export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" -export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" -export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" -export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" -export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" -export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" - -# Galera cluster configuration. -export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" -export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" -export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" -export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" -export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" -export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" -export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" -export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" -export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" -export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" -export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" -export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" -export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" -export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" -export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" -export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" -export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" -export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" -export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" -export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" -export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" -export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" - -# LDAP -export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" -export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" - -# SSL/TLS configuration -export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" -export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" -export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" -export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" -export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" -export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" -export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" -export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh b/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh deleted file mode 100755 index ec7e80256766f..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/mariadb-galera/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb-galera/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh b/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh deleted file mode 100755 index 8bd30f5f8ae49..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh b/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh deleted file mode 100755 index 503f456f66f0d..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR" "$DB_GALERA_BOOTSTRAP_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# LDAP permissions -ldap_configure_permissions -ldap_create_pam_config "mariadb" - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf /dev/stdout "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh b/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh deleted file mode 100755 index 69b8d4496908b..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_start_nslcd_bg - -info "** Starting MariaDB **" - -set_previous_boot - -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh b/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh deleted file mode 100755 index 77c9f7d5d1a97..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadbgalera.sh -. /opt/bitnami/scripts/libldapclient.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Ensure 'nslcd' user exists when running as 'root' - ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Ensure LDAP is initialized -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb-galera/10.6/debian-12/tags-info.yaml b/bitnami/mariadb-galera/10.6/debian-12/tags-info.yaml deleted file mode 100644 index 7112b81f86269..0000000000000 --- a/bitnami/mariadb-galera/10.6/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "10.6" -- 10.6-debian-12 -- 10.6.18 diff --git a/bitnami/mariadb-galera/11.0/debian-12/Dockerfile b/bitnami/mariadb-galera/11.0/debian-12/Dockerfile deleted file mode 100644 index 99edd00ab6cc1..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T08:56:17Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.0.6-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ - org.opencontainers.image.title="mariadb-galera" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.0.6" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 libldap-common liblzma5 libncurses6 libpam-ldapd libpam0g libssl3 libstdc++6 libtinfo6 libxml2 nslcd procps psmisc rsync socat zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-galera-11.0.6-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh -ENV APP_VERSION="11.0.6" \ - BITNAMI_APP_NAME="mariadb-galera" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 4444 4567 4568 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/11.0/debian-12/docker-compose.yml b/bitnami/mariadb-galera/11.0/debian-12/docker-compose.yml deleted file mode 100644 index 3c743a92eb6a0..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb-galera: - image: docker.io/bitnami/mariadb-galera:11.0 - ports: - - '3306:3306' - - '4444:4444' - - '4567:4567' - - '4568:4568' - volumes: - - 'mariadb_galera_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_galera_data: - driver: local diff --git a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 45ff62f378b07..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb-galera": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.0.6-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh deleted file mode 100644 index fa50716cf1ff9..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami LDAP library - -# shellcheck disable=SC1090,SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -######################## -# Loads global variables used on LDAP configuration. -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# Series of exports to be used as 'eval' arguments -######################### -ldap_env() { - cat <<"EOF" -export LDAP_NSLCD_USER="nslcd" -export LDAP_URI="${LDAP_URI:-}" -export LDAP_BASE="${LDAP_BASE:-}" -export LDAP_BIND_DN="${LDAP_BIND_DN:-}" -export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}" -export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}" -export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}" -export LDAP_SCOPE="${LDAP_SCOPE:-}" -export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}" -export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}" -export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}" - -EOF - if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="nslcd" -EOF - elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="ldap" -EOF - fi -} - -######################## -# Return LDAP config file path depending on distro -# Globals: -# OS_FLAVOUR -# Arguments: -# None -# Returns: -# (String) LDAP config file path -######################### -ldap_openldap_config_path() { - local openldap_config - case "$OS_FLAVOUR" in - debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;; - photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;; - *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;; - esac - echo "$openldap_config" -} - -######################## -# Configure LDAP permissions (to be used at postunpack leve). -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_configure_permissions() { - ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775" - # The nslcd.conf file may not exist in distros like UBI, so we need to create it first - touch "/etc/nslcd.conf" - configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660" - configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660" -} - -######################## -# Create nslcd.conf file -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_create_nslcd_config() { - if am_i_root; then - chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf" - chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd" - cat >"/etc/nslcd.conf" <"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"$(ldap_openldap_config_path)" <"/etc/pam.d/${filename}" < 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]]; then - if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then - warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" - elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - fi - - if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." - fi - - if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." - fi - - if [[ -z "$(get_galera_cluster_address_value)" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." - fi - - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - - if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then - print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." - fi - - if is_boolean_yes "$DB_ENABLE_TLS"; then - if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." - fi - if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then - print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then - print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." - fi - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Persisted data detected. Restoring" - - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - set_safe_to_bootstrap - fi - if ! is_safe_to_bootstrap; then - error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" - exit 1 - fi - fi - - return - else - # initialization should not be performed on non-primary nodes of a galera cluster - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - mysql_install_db - mysql_start_bg - debug "Deleting all users to avoid issues with galera configuration" - mysql_execute "mysql" </dev/null - hostname - fi -} - -######################## -# Check for user override of wsrep_node_address -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# String with node address -######################### -get_node_address() { - if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then - echo "$DB_GALERA_NODE_ADDRESS" - else - # In some environments, the network may not be fully set up when starting the initialization - # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) - local -r retries="60" - local -r seconds="5" - retry_while "hostname -i" "$retries" "$seconds" >/dev/null - # prefer IPv6 over IPv4 if available - # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered - printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' - fi -} - -######################## -# Starts MySQL/MariaDB in the background and waits until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_start_bg() { - local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") - - # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized - flags+=("--bind-address=127.0.0.1") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - - # Do not start as root, to avoid permission issues - am_i_root && flags+=("--user=${DB_DAEMON_USER}") - - # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection - flags+=("--skip-slave-start") - flags+=("$@") - - is_mysql_running && return - - info "Starting $DB_FLAVOR in background" - debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & - - # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot - # create any users, and WSREP instantly kills MariaDB if doing so - wait_for_wsrep - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -######################## -# Wait for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# None -######################## -wait_for_wsrep() { - local -r retries=300 - local -r sleep_time=2 - if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then - error "WSREP did not become ready" - return 1 - fi -} - -######################## -# Checks for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# Boolean -######################## -is_wsrep_ready() { - debug "Checking if WSREP is ready" - is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 7857bb832cf40..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - MARIADB_GALERA_CONF_DIR - MARIADB_GALERA_MOUNTED_CONF_DIR - MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP - MARIADB_GALERA_CLUSTER_BOOTSTRAP - MARIADB_GALERA_CLUSTER_ADDRESS - MARIADB_GALERA_CLUSTER_NAME - MARIADB_GALERA_NODE_NAME - MARIADB_GALERA_NODE_ADDRESS - MARIADB_GALERA_SST_METHOD - MARIADB_GALERA_MARIABACKUP_USER - MARIADB_GALERA_MARIABACKUP_PASSWORD - MARIADB_ENABLE_LDAP - MARIADB_ENABLE_TLS - MARIADB_TLS_CERT_FILE - MARIADB_TLS_KEY_FILE - MARIADB_TLS_CA_FILE - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB Galera authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Galera paths -export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" -export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" -export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" -export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" -export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" -export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" - -# Galera build-time defaults for cluster configuration -export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" -export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" -export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" -export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" -export MARIADB_GALERA_DEFAULT_NODE_NAME="" -export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" -export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" -export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" -export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" -export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" -export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" -export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" - -# Galera cluster configuration. -export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" -export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" -export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" -export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" -export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" -export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" -export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" -export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" -export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" -export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" -export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" -export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" -export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" -export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" -export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" -export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" -export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" -export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" -export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" -export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" -export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" -export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" - -# LDAP -export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" -export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" - -# SSL/TLS configuration -export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" -export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" -export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" -export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" -export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" -export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" -export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" -export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh b/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh deleted file mode 100755 index ec7e80256766f..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/mariadb-galera/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb-galera/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh b/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh deleted file mode 100755 index 8bd30f5f8ae49..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh b/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh deleted file mode 100755 index 503f456f66f0d..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR" "$DB_GALERA_BOOTSTRAP_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# LDAP permissions -ldap_configure_permissions -ldap_create_pam_config "mariadb" - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf /dev/stdout "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh b/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh deleted file mode 100755 index 69b8d4496908b..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_start_nslcd_bg - -info "** Starting MariaDB **" - -set_previous_boot - -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh b/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh deleted file mode 100755 index 77c9f7d5d1a97..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadbgalera.sh -. /opt/bitnami/scripts/libldapclient.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Ensure 'nslcd' user exists when running as 'root' - ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Ensure LDAP is initialized -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb-galera/11.0/debian-12/tags-info.yaml b/bitnami/mariadb-galera/11.0/debian-12/tags-info.yaml deleted file mode 100644 index 4d8cd7049b942..0000000000000 --- a/bitnami/mariadb-galera/11.0/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "11.0" -- 11.0-debian-12 -- 11.0.6 diff --git a/bitnami/mariadb-galera/11.1/debian-12/Dockerfile b/bitnami/mariadb-galera/11.1/debian-12/Dockerfile deleted file mode 100644 index 4c3f8c716d830..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T08:40:14Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.1.5-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ - org.opencontainers.image.title="mariadb-galera" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.1.5" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 libldap-common liblzma5 libncurses6 libpam-ldapd libpam0g libssl3 libstdc++6 libtinfo6 libxml2 nslcd procps psmisc rsync socat zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-galera-11.1.5-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh -ENV APP_VERSION="11.1.5" \ - BITNAMI_APP_NAME="mariadb-galera" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 4444 4567 4568 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/11.1/debian-12/docker-compose.yml b/bitnami/mariadb-galera/11.1/debian-12/docker-compose.yml deleted file mode 100644 index 1e63a735fc9e6..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb-galera: - image: docker.io/bitnami/mariadb-galera:11.1 - ports: - - '3306:3306' - - '4444:4444' - - '4567:4567' - - '4568:4568' - volumes: - - 'mariadb_galera_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_galera_data: - driver: local diff --git a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index b12c947e50880..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb-galera": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.1.5-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh deleted file mode 100644 index fa50716cf1ff9..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami LDAP library - -# shellcheck disable=SC1090,SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -######################## -# Loads global variables used on LDAP configuration. -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# Series of exports to be used as 'eval' arguments -######################### -ldap_env() { - cat <<"EOF" -export LDAP_NSLCD_USER="nslcd" -export LDAP_URI="${LDAP_URI:-}" -export LDAP_BASE="${LDAP_BASE:-}" -export LDAP_BIND_DN="${LDAP_BIND_DN:-}" -export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}" -export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}" -export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}" -export LDAP_SCOPE="${LDAP_SCOPE:-}" -export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}" -export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}" -export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}" - -EOF - if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="nslcd" -EOF - elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="ldap" -EOF - fi -} - -######################## -# Return LDAP config file path depending on distro -# Globals: -# OS_FLAVOUR -# Arguments: -# None -# Returns: -# (String) LDAP config file path -######################### -ldap_openldap_config_path() { - local openldap_config - case "$OS_FLAVOUR" in - debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;; - photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;; - *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;; - esac - echo "$openldap_config" -} - -######################## -# Configure LDAP permissions (to be used at postunpack leve). -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_configure_permissions() { - ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775" - # The nslcd.conf file may not exist in distros like UBI, so we need to create it first - touch "/etc/nslcd.conf" - configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660" - configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660" -} - -######################## -# Create nslcd.conf file -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_create_nslcd_config() { - if am_i_root; then - chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf" - chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd" - cat >"/etc/nslcd.conf" <"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"$(ldap_openldap_config_path)" <"/etc/pam.d/${filename}" < 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]]; then - if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then - warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" - elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - fi - - if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." - fi - - if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." - fi - - if [[ -z "$(get_galera_cluster_address_value)" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." - fi - - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - - if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then - print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." - fi - - if is_boolean_yes "$DB_ENABLE_TLS"; then - if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." - fi - if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then - print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then - print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." - fi - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Persisted data detected. Restoring" - - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - set_safe_to_bootstrap - fi - if ! is_safe_to_bootstrap; then - error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" - exit 1 - fi - fi - - return - else - # initialization should not be performed on non-primary nodes of a galera cluster - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - mysql_install_db - mysql_start_bg - debug "Deleting all users to avoid issues with galera configuration" - mysql_execute "mysql" </dev/null - hostname - fi -} - -######################## -# Check for user override of wsrep_node_address -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# String with node address -######################### -get_node_address() { - if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then - echo "$DB_GALERA_NODE_ADDRESS" - else - # In some environments, the network may not be fully set up when starting the initialization - # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) - local -r retries="60" - local -r seconds="5" - retry_while "hostname -i" "$retries" "$seconds" >/dev/null - # prefer IPv6 over IPv4 if available - # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered - printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' - fi -} - -######################## -# Starts MySQL/MariaDB in the background and waits until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_start_bg() { - local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") - - # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized - flags+=("--bind-address=127.0.0.1") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - - # Do not start as root, to avoid permission issues - am_i_root && flags+=("--user=${DB_DAEMON_USER}") - - # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection - flags+=("--skip-slave-start") - flags+=("$@") - - is_mysql_running && return - - info "Starting $DB_FLAVOR in background" - debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & - - # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot - # create any users, and WSREP instantly kills MariaDB if doing so - wait_for_wsrep - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -######################## -# Wait for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# None -######################## -wait_for_wsrep() { - local -r retries=300 - local -r sleep_time=2 - if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then - error "WSREP did not become ready" - return 1 - fi -} - -######################## -# Checks for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# Boolean -######################## -is_wsrep_ready() { - debug "Checking if WSREP is ready" - is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 7857bb832cf40..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - MARIADB_GALERA_CONF_DIR - MARIADB_GALERA_MOUNTED_CONF_DIR - MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP - MARIADB_GALERA_CLUSTER_BOOTSTRAP - MARIADB_GALERA_CLUSTER_ADDRESS - MARIADB_GALERA_CLUSTER_NAME - MARIADB_GALERA_NODE_NAME - MARIADB_GALERA_NODE_ADDRESS - MARIADB_GALERA_SST_METHOD - MARIADB_GALERA_MARIABACKUP_USER - MARIADB_GALERA_MARIABACKUP_PASSWORD - MARIADB_ENABLE_LDAP - MARIADB_ENABLE_TLS - MARIADB_TLS_CERT_FILE - MARIADB_TLS_KEY_FILE - MARIADB_TLS_CA_FILE - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB Galera authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Galera paths -export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" -export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" -export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" -export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" -export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" -export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" - -# Galera build-time defaults for cluster configuration -export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" -export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" -export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" -export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" -export MARIADB_GALERA_DEFAULT_NODE_NAME="" -export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" -export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" -export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" -export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" -export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" -export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" -export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" - -# Galera cluster configuration. -export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" -export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" -export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" -export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" -export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" -export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" -export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" -export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" -export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" -export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" -export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" -export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" -export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" -export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" -export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" -export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" -export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" -export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" -export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" -export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" -export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" -export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" - -# LDAP -export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" -export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" - -# SSL/TLS configuration -export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" -export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" -export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" -export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" -export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" -export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" -export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" -export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh b/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh deleted file mode 100755 index ec7e80256766f..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/mariadb-galera/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb-galera/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh b/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh deleted file mode 100755 index 8bd30f5f8ae49..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh b/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh deleted file mode 100755 index 503f456f66f0d..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR" "$DB_GALERA_BOOTSTRAP_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# LDAP permissions -ldap_configure_permissions -ldap_create_pam_config "mariadb" - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf /dev/stdout "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh b/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh deleted file mode 100755 index 69b8d4496908b..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_start_nslcd_bg - -info "** Starting MariaDB **" - -set_previous_boot - -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh b/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh deleted file mode 100755 index 77c9f7d5d1a97..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadbgalera.sh -. /opt/bitnami/scripts/libldapclient.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Ensure 'nslcd' user exists when running as 'root' - ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Ensure LDAP is initialized -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb-galera/11.1/debian-12/tags-info.yaml b/bitnami/mariadb-galera/11.1/debian-12/tags-info.yaml deleted file mode 100644 index 20d7940429d67..0000000000000 --- a/bitnami/mariadb-galera/11.1/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "11.1" -- 11.1-debian-12 -- 11.1.5 diff --git a/bitnami/mariadb-galera/11.2/README.md b/bitnami/mariadb-galera/11.2/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb-galera/11.2/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb-galera/11.2/debian-12/Dockerfile b/bitnami/mariadb-galera/11.2/debian-12/Dockerfile deleted file mode 100644 index 6a71599fe4482..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T09:27:20Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.2.4-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ - org.opencontainers.image.title="mariadb-galera" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.2.4" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 libldap-common liblzma5 libncurses6 libpam-ldapd libpam0g libssl3 libstdc++6 libtinfo6 libxml2 nslcd procps psmisc rsync socat zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-galera-11.2.4-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh -ENV APP_VERSION="11.2.4" \ - BITNAMI_APP_NAME="mariadb-galera" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 4444 4567 4568 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/11.2/debian-12/docker-compose.yml b/bitnami/mariadb-galera/11.2/debian-12/docker-compose.yml deleted file mode 100644 index 99f78e68cacc4..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb-galera: - image: docker.io/bitnami/mariadb-galera:11.2 - ports: - - '3306:3306' - - '4444:4444' - - '4567:4567' - - '4568:4568' - volumes: - - 'mariadb_galera_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_galera_data: - driver: local diff --git a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index e9c839f4a9664..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb-galera": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.2.4-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh deleted file mode 100644 index fa50716cf1ff9..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami LDAP library - -# shellcheck disable=SC1090,SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -######################## -# Loads global variables used on LDAP configuration. -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# Series of exports to be used as 'eval' arguments -######################### -ldap_env() { - cat <<"EOF" -export LDAP_NSLCD_USER="nslcd" -export LDAP_URI="${LDAP_URI:-}" -export LDAP_BASE="${LDAP_BASE:-}" -export LDAP_BIND_DN="${LDAP_BIND_DN:-}" -export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}" -export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}" -export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}" -export LDAP_SCOPE="${LDAP_SCOPE:-}" -export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}" -export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}" -export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}" - -EOF - if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="nslcd" -EOF - elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="ldap" -EOF - fi -} - -######################## -# Return LDAP config file path depending on distro -# Globals: -# OS_FLAVOUR -# Arguments: -# None -# Returns: -# (String) LDAP config file path -######################### -ldap_openldap_config_path() { - local openldap_config - case "$OS_FLAVOUR" in - debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;; - photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;; - *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;; - esac - echo "$openldap_config" -} - -######################## -# Configure LDAP permissions (to be used at postunpack leve). -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_configure_permissions() { - ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775" - # The nslcd.conf file may not exist in distros like UBI, so we need to create it first - touch "/etc/nslcd.conf" - configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660" - configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660" -} - -######################## -# Create nslcd.conf file -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_create_nslcd_config() { - if am_i_root; then - chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf" - chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd" - cat >"/etc/nslcd.conf" <"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"$(ldap_openldap_config_path)" <"/etc/pam.d/${filename}" < 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]]; then - if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then - warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" - elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - fi - - if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." - fi - - if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." - fi - - if [[ -z "$(get_galera_cluster_address_value)" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." - fi - - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - - if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then - print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." - fi - - if is_boolean_yes "$DB_ENABLE_TLS"; then - if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." - fi - if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then - print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then - print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." - fi - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Persisted data detected. Restoring" - - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - set_safe_to_bootstrap - fi - if ! is_safe_to_bootstrap; then - error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" - exit 1 - fi - fi - - return - else - # initialization should not be performed on non-primary nodes of a galera cluster - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - mysql_install_db - mysql_start_bg - debug "Deleting all users to avoid issues with galera configuration" - mysql_execute "mysql" </dev/null - hostname - fi -} - -######################## -# Check for user override of wsrep_node_address -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# String with node address -######################### -get_node_address() { - if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then - echo "$DB_GALERA_NODE_ADDRESS" - else - # In some environments, the network may not be fully set up when starting the initialization - # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) - local -r retries="60" - local -r seconds="5" - retry_while "hostname -i" "$retries" "$seconds" >/dev/null - # prefer IPv6 over IPv4 if available - # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered - printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' - fi -} - -######################## -# Starts MySQL/MariaDB in the background and waits until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_start_bg() { - local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") - - # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized - flags+=("--bind-address=127.0.0.1") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - - # Do not start as root, to avoid permission issues - am_i_root && flags+=("--user=${DB_DAEMON_USER}") - - # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection - flags+=("--skip-slave-start") - flags+=("$@") - - is_mysql_running && return - - info "Starting $DB_FLAVOR in background" - debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & - - # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot - # create any users, and WSREP instantly kills MariaDB if doing so - wait_for_wsrep - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -######################## -# Wait for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# None -######################## -wait_for_wsrep() { - local -r retries=300 - local -r sleep_time=2 - if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then - error "WSREP did not become ready" - return 1 - fi -} - -######################## -# Checks for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# Boolean -######################## -is_wsrep_ready() { - debug "Checking if WSREP is ready" - is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 7857bb832cf40..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - MARIADB_GALERA_CONF_DIR - MARIADB_GALERA_MOUNTED_CONF_DIR - MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP - MARIADB_GALERA_CLUSTER_BOOTSTRAP - MARIADB_GALERA_CLUSTER_ADDRESS - MARIADB_GALERA_CLUSTER_NAME - MARIADB_GALERA_NODE_NAME - MARIADB_GALERA_NODE_ADDRESS - MARIADB_GALERA_SST_METHOD - MARIADB_GALERA_MARIABACKUP_USER - MARIADB_GALERA_MARIABACKUP_PASSWORD - MARIADB_ENABLE_LDAP - MARIADB_ENABLE_TLS - MARIADB_TLS_CERT_FILE - MARIADB_TLS_KEY_FILE - MARIADB_TLS_CA_FILE - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB Galera authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Galera paths -export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" -export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" -export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" -export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" -export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" -export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" - -# Galera build-time defaults for cluster configuration -export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" -export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" -export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" -export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" -export MARIADB_GALERA_DEFAULT_NODE_NAME="" -export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" -export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" -export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" -export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" -export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" -export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" -export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" - -# Galera cluster configuration. -export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" -export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" -export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" -export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" -export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" -export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" -export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" -export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" -export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" -export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" -export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" -export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" -export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" -export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" -export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" -export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" -export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" -export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" -export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" -export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" -export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" -export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" - -# LDAP -export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" -export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" - -# SSL/TLS configuration -export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" -export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" -export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" -export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" -export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" -export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" -export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" -export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh b/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh deleted file mode 100755 index ec7e80256766f..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/mariadb-galera/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb-galera/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh b/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh deleted file mode 100755 index 8bd30f5f8ae49..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh b/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh deleted file mode 100755 index 503f456f66f0d..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR" "$DB_GALERA_BOOTSTRAP_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# LDAP permissions -ldap_configure_permissions -ldap_create_pam_config "mariadb" - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf /dev/stdout "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh b/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh deleted file mode 100755 index 69b8d4496908b..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_start_nslcd_bg - -info "** Starting MariaDB **" - -set_previous_boot - -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh b/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh deleted file mode 100755 index 77c9f7d5d1a97..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadbgalera.sh -. /opt/bitnami/scripts/libldapclient.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Ensure 'nslcd' user exists when running as 'root' - ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Ensure LDAP is initialized -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb-galera/11.2/debian-12/tags-info.yaml b/bitnami/mariadb-galera/11.2/debian-12/tags-info.yaml deleted file mode 100644 index 3877e38ad87d6..0000000000000 --- a/bitnami/mariadb-galera/11.2/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "11.2" -- 11.2-debian-12 -- 11.2.4 diff --git a/bitnami/mariadb-galera/11.3/debian-12/Dockerfile b/bitnami/mariadb-galera/11.3/debian-12/Dockerfile deleted file mode 100644 index 286b4ac3eaadb..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:41:55Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.3.2-debian-12-r3" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ - org.opencontainers.image.title="mariadb-galera" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.3.2" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 libldap-common liblzma5 libncurses6 libpam-ldapd libpam0g libssl3 libstdc++6 libtinfo6 libxml2 nslcd procps psmisc rsync socat zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-galera-11.3.2-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh -ENV APP_VERSION="11.3.2" \ - BITNAMI_APP_NAME="mariadb-galera" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 4444 4567 4568 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/11.3/debian-12/docker-compose.yml b/bitnami/mariadb-galera/11.3/debian-12/docker-compose.yml deleted file mode 100644 index 3fbdca8935449..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb-galera: - image: docker.io/bitnami/mariadb-galera:11.3 - ports: - - '3306:3306' - - '4444:4444' - - '4567:4567' - - '4568:4568' - volumes: - - 'mariadb_galera_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_galera_data: - driver: local diff --git a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index a4114b192f36f..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb-galera": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.3.2-1" - } -} \ No newline at end of file diff --git a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh deleted file mode 100644 index fa50716cf1ff9..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami LDAP library - -# shellcheck disable=SC1090,SC1091 - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -######################## -# Loads global variables used on LDAP configuration. -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# Series of exports to be used as 'eval' arguments -######################### -ldap_env() { - cat <<"EOF" -export LDAP_NSLCD_USER="nslcd" -export LDAP_URI="${LDAP_URI:-}" -export LDAP_BASE="${LDAP_BASE:-}" -export LDAP_BIND_DN="${LDAP_BIND_DN:-}" -export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}" -export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}" -export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}" -export LDAP_SCOPE="${LDAP_SCOPE:-}" -export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}" -export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}" -export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}" - -EOF - if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="nslcd" -EOF - elif [[ "$OS_FLAVOUR" =~ ^(photon)-.*$ ]]; then - cat <<"EOF" -export LDAP_NSLCD_GROUP="ldap" -EOF - fi -} - -######################## -# Return LDAP config file path depending on distro -# Globals: -# OS_FLAVOUR -# Arguments: -# None -# Returns: -# (String) LDAP config file path -######################### -ldap_openldap_config_path() { - local openldap_config - case "$OS_FLAVOUR" in - debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;; - photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;; - *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;; - esac - echo "$openldap_config" -} - -######################## -# Configure LDAP permissions (to be used at postunpack leve). -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_configure_permissions() { - ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775" - # The nslcd.conf file may not exist in distros like UBI, so we need to create it first - touch "/etc/nslcd.conf" - configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660" - configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660" -} - -######################## -# Create nslcd.conf file -# Globals: -# LDAP_* -# Arguments: -# None -# Returns: -# None -######################### -ldap_create_nslcd_config() { - if am_i_root; then - chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf" - chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd" - cat >"/etc/nslcd.conf" <"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"/etc/nslcd.conf" <>"$(ldap_openldap_config_path)" <"/etc/pam.d/${filename}" < 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]]; then - if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then - warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" - elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - fi - - if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." - fi - - if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." - fi - - if [[ -z "$(get_galera_cluster_address_value)" ]]; then - print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." - fi - - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - - if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then - print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." - fi - - if is_boolean_yes "$DB_ENABLE_TLS"; then - if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." - fi - if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then - print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then - print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." - fi - if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then - print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." - fi - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Persisted data detected. Restoring" - - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then - set_safe_to_bootstrap - fi - if ! is_safe_to_bootstrap; then - error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" - exit 1 - fi - fi - - return - else - # initialization should not be performed on non-primary nodes of a galera cluster - if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - mysql_install_db - mysql_start_bg - debug "Deleting all users to avoid issues with galera configuration" - mysql_execute "mysql" </dev/null - hostname - fi -} - -######################## -# Check for user override of wsrep_node_address -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# String with node address -######################### -get_node_address() { - if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then - echo "$DB_GALERA_NODE_ADDRESS" - else - # In some environments, the network may not be fully set up when starting the initialization - # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) - local -r retries="60" - local -r seconds="5" - retry_while "hostname -i" "$retries" "$seconds" >/dev/null - # prefer IPv6 over IPv4 if available - # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered - printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' - fi -} - -######################## -# Starts MySQL/MariaDB in the background and waits until it's ready -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_start_bg() { - local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") - - # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized - flags+=("--bind-address=127.0.0.1") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - - # Do not start as root, to avoid permission issues - am_i_root && flags+=("--user=${DB_DAEMON_USER}") - - # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection - flags+=("--skip-slave-start") - flags+=("$@") - - is_mysql_running && return - - info "Starting $DB_FLAVOR in background" - debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & - - # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot - # create any users, and WSREP instantly kills MariaDB if doing so - wait_for_wsrep - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -######################## -# Wait for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# None -######################## -wait_for_wsrep() { - local -r retries=300 - local -r sleep_time=2 - if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then - error "WSREP did not become ready" - return 1 - fi -} - -######################## -# Checks for WSREP to be ready to do transactions -# Arguments: -# None -# Returns: -# Boolean -######################## -is_wsrep_ready() { - debug "Checking if WSREP is ready" - is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 7857bb832cf40..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - MARIADB_GALERA_CONF_DIR - MARIADB_GALERA_MOUNTED_CONF_DIR - MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP - MARIADB_GALERA_CLUSTER_BOOTSTRAP - MARIADB_GALERA_CLUSTER_ADDRESS - MARIADB_GALERA_CLUSTER_NAME - MARIADB_GALERA_NODE_NAME - MARIADB_GALERA_NODE_ADDRESS - MARIADB_GALERA_SST_METHOD - MARIADB_GALERA_MARIABACKUP_USER - MARIADB_GALERA_MARIABACKUP_PASSWORD - MARIADB_ENABLE_LDAP - MARIADB_ENABLE_TLS - MARIADB_TLS_CERT_FILE - MARIADB_TLS_KEY_FILE - MARIADB_TLS_CA_FILE - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB Galera authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Galera paths -export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" -export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" -export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" -export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" -export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" -export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" - -# Galera build-time defaults for cluster configuration -export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" -export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" -export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" -export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" -export MARIADB_GALERA_DEFAULT_NODE_NAME="" -export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" -export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" -export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" -export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" -export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" -export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" -export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" -export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" - -# Galera cluster configuration. -export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" -export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" -export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" -export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" -export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" -export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" -export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" -export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" -export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" -export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" -export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" -export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" -export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" -export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" -export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" -export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" -export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" -export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" -export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" -export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" -export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" -export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" - -# LDAP -export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" -export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" - -# SSL/TLS configuration -export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" -export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" -export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" -export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" -export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" -export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" -export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" -export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh b/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh deleted file mode 100755 index ec7e80256766f..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -print_welcome_page - -if [[ "$1" = "/opt/bitnami/scripts/mariadb-galera/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb-galera/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh b/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh deleted file mode 100755 index 8bd30f5f8ae49..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh b/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh deleted file mode 100755 index 503f456f66f0d..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR" "$DB_GALERA_BOOTSTRAP_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# LDAP permissions -ldap_configure_permissions -ldap_create_pam_config "mariadb" - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf /dev/stdout "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh b/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh deleted file mode 100755 index 69b8d4496908b..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libldapclient.sh -. /opt/bitnami/scripts/libmariadbgalera.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_start_nslcd_bg - -info "** Starting MariaDB **" - -set_previous_boot - -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh b/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh deleted file mode 100755 index 77c9f7d5d1a97..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadbgalera.sh -. /opt/bitnami/scripts/libldapclient.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Load LDAP environment variables -eval "$(ldap_env)" - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Ensure 'nslcd' user exists when running as 'root' - ensure_user_exists "$LDAP_NSLCD_USER" --group "$LDAP_NSLCD_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Ensure LDAP is initialized -is_boolean_yes "$DB_ENABLE_LDAP" && ldap_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb-galera/11.3/debian-12/tags-info.yaml b/bitnami/mariadb-galera/11.3/debian-12/tags-info.yaml deleted file mode 100644 index 56b196c7c3d30..0000000000000 --- a/bitnami/mariadb-galera/11.3/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "11.3" -- 11.3-debian-12 -- 11.3.2 -- latest diff --git a/bitnami/mariadb-galera/11.4/debian-12/Dockerfile b/bitnami/mariadb-galera/11.4/debian-12/Dockerfile new file mode 100644 index 0000000000000..774dc48242c41 --- /dev/null +++ b/bitnami/mariadb-galera/11.4/debian-12/Dockerfile @@ -0,0 +1,61 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-02T16:16:55Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="11.4.4-debian-12-r4" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \ + org.opencontainers.image.title="mariadb-galera" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="11.4.4" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 libldap-common liblzma5 libncurses6 libpam-ldapd libpam0g libssl3 libstdc++6 libtinfo6 libxml2 nslcd procps psmisc rsync socat zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "ini-file-1.4.7-8-linux-${OS_ARCH}-debian-12" \ + "mariadb-galera-11.4.4-2-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN mkdir /docker-entrypoint-initdb.d + +COPY rootfs / +RUN /opt/bitnami/scripts/mariadb-galera/postunpack.sh +ENV APP_VERSION="11.4.4" \ + BITNAMI_APP_NAME="mariadb-galera" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" + +EXPOSE 3306 4444 4567 4568 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/mariadb-galera/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/mariadb-galera/run.sh" ] diff --git a/bitnami/mariadb-galera/11.4/debian-12/docker-compose.yml b/bitnami/mariadb-galera/11.4/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..fa186ff7fc2eb --- /dev/null +++ b/bitnami/mariadb-galera/11.4/debian-12/docker-compose.yml @@ -0,0 +1,26 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + mariadb-galera: + image: docker.io/bitnami/mariadb-galera:11.4 + ports: + - '3306:3306' + - '4444:4444' + - '4567:4567' + - '4568:4568' + volumes: + - 'mariadb_galera_data:/bitnami/mariadb' + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm:// + healthcheck: + test: ['CMD', '/opt/bitnami/scripts/mariadb-galera/healthcheck.sh'] + interval: 15s + timeout: 5s + retries: 6 + +volumes: + mariadb_galera_data: + driver: local diff --git a/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..d379bf0e177c7 --- /dev/null +++ b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "ini-file": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.4.7-8" + }, + "mariadb-galera": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.4.4-2" + } +} \ No newline at end of file diff --git a/bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/postgresql-repmgr/15/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/postgresql-repmgr/15/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/java/1.8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/grafana/10/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/grafana/10/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb-galera/11.4/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/grafana/10/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/mariadb-galera/11.4/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh similarity index 100% rename from bitnami/dokuwiki/20240206/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh rename to bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/libldapclient.sh diff --git a/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/libmariadbgalera.sh b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/libmariadbgalera.sh new file mode 100644 index 0000000000000..c2c4ef34ebdfe --- /dev/null +++ b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/libmariadbgalera.sh @@ -0,0 +1,2211 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami MySQL library + +# shellcheck disable=SC1090,SC1091,SC2119,SC2120 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh + +######################## +# Configure database extra start flags +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# Array with extra flags to use +######################### +mysql_extra_flags() { + local randNumber + local -a dbExtraFlags=() + # shellcheck disable=SC2153 + read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" + + if [[ -n "$DB_REPLICATION_MODE" ]]; then + randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" + dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") + if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then + dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") + elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then + dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") + fi + fi + + [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") + + echo "${dbExtraFlags[@]:-}" +} + +######################## +# Validate settings in MYSQL_*/MARIADB_* environment variables +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_validate() { + info "Validating settings in MYSQL_*/MARIADB_* env vars" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + empty_password_enabled_warn() { + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + } + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + backslash_password_error() { + print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" + } + + if [[ -n "$DB_REPLICATION_MODE" ]]; then + if [[ "$DB_REPLICATION_MODE" = "master" ]]; then + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then + empty_password_error "$(get_env_var REPLICATION_PASSWORD)" + fi + if [[ -z "$DB_ROOT_PASSWORD" ]]; then + empty_password_error "$(get_env_var ROOT_PASSWORD)" + fi + if (( ${#DB_ROOT_PASSWORD} > 32 )); then + print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" + fi + if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then + empty_password_error "$(get_env_var PASSWORD)" + fi + fi + elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then + if [[ -z "$DB_MASTER_HOST" ]]; then + print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" + fi + else + print_validation_error "Invalid replication mode. Available options are 'master/slave'" + fi + else + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -z "$DB_ROOT_PASSWORD" ]]; then + empty_password_error "$(get_env_var ROOT_PASSWORD)" + fi + if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then + empty_password_error "$(get_env_var PASSWORD)" + fi + fi + fi + if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "$(get_env_var ROOT_PASSWORD)" + fi + if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then + print_validation_error "root user is already created in the database and you can't use it as username for user creation." + fi + if [[ "${DB_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "$(get_env_var PASSWORD)" + fi + if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" + fi + + collation_env_var="$(get_env_var COLLATION)" + is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Creates MySQL/MariaDB configuration file +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_create_default_config() { + debug "Creating main configuration file" + cat > "$DB_CONF_FILE" < "$dump_file" + debug "Finish dump databases" + + debug "Unlock master databases for write operations" + echo "UNLOCK TABLES;" | mysql_remote_execute "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "mysql" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD" + + debug "Start import dump databases" + mysql_execute < "$dump_file" + mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" + if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then + echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" + fi + else + warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." + fi + fi + + if [[ -e "$DB_DATA_DIR/mysql" ]]; then + info "Using persisted data" + # mysql_upgrade requires the server to be running + [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" + # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html + mariadb_upgrade + else + debug "Cleaning data directory to ensure successfully initialization" + rm -rf "${DB_DATA_DIR:?}"/* + info "Installing database" + mariadb_install_db + mysql_start_bg + wait_for_mysql_access + # we delete existing users and create new ones with stricter access + # commands can still be executed until we restart or run 'flush privileges' + info "Configuring authentication" + mysql_execute "mysql" <=8 depends on this command + # users are not configured on slave nodes during initialization due to --skip-slave-start + wait_for_mysql + + # Special configuration flag for system with slow disks that could take more time + # in initializing + if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then + debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" + sleep "${DB_INIT_SLEEP_TIME}" + fi +} + +######################## +# Initialize database data +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mariadb_install_db() { + local command="${DB_BIN_DIR}/mysql_install_db" + local -a args=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}") + + # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable + read -r -a db_extra_flags <<< "$(mysql_extra_flags)" + [[ "${#db_extra_flags[@]}" -gt 0 ]] && args+=("${db_extra_flags[@]}") + + am_i_root && args=("${args[@]}" "--user=$DB_DAEMON_USER") + args+=("--auth-root-authentication-method=normal") + # Feature available only in MariaDB 10.5+ + # ref: https://mariadb.com/kb/en/mysql_install_db/#not-creating-the-test-database-and-anonymous-user + if [[ ! "$(mysql_get_version)" =~ ^10\.[01234]\. ]]; then + is_boolean_yes "$DB_SKIP_TEST_DB" && args+=("--skip-test-db") + fi + + debug_execute "$command" "${args[@]}" +} + +######################## +# Upgrade Database Schema +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mariadb_upgrade() { + local -a args=("--defaults-file=${DB_CONF_FILE}" "-u" "$DB_ROOT_USER") + info "Running mysql_upgrade" + mysql_start_bg + is_boolean_yes "${ROOT_AUTH_ENABLED:-false}" && args+=("-p$(get_master_env_var_value ROOT_PASSWORD)") + [[ "${DB_UPGRADE}" == "FORCE" ]] && args+=("--force") + debug_execute "${DB_BIN_DIR}/mysql_upgrade" "${args[@]}" || echo "This installation is already upgraded" +} + +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami MySQL Galera library + +# shellcheck disable=SC1090,SC1091,SC2119,SC2120 + +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libnet.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh +. /opt/bitnami/scripts/libfile.sh + +######################## +# Check if a previous boot exists +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# Yes or no +######################### +get_previous_boot() { + [[ -e "$DB_GALERA_BOOTSTRAP_FILE" ]] && echo "yes" || echo "no" +} + +######################## +# Create a flag file to indicate previous boot +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +set_previous_boot() { + info "Setting previous boot" + touch "$DB_GALERA_BOOTSTRAP_FILE" +} + +######################## +# Configure database extra start flags +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# Array with extra flags to use +######################### +mysql_extra_flags() { + local -a dbExtraFlags=() + read -r -a userExtraFlags <<< "${DB_EXTRA_FLAGS?}" + + # This avoids a non-writable configuration file break a Galera Cluster, due to lack of proper Galera clustering configuration + # This is especially important for the MariaDB Galera chart, in which the 'my.cnf' configuration file is mounted by default + if ! is_file_writable "$DB_CONF_FILE"; then + dbExtraFlags+=( + "--wsrep-node-name=$(get_node_name)" + "--wsrep-node-address=$(get_node_address)" + "--wsrep-cluster-name=${DB_GALERA_CLUSTER_NAME}" + "--wsrep-cluster-address=$(get_galera_cluster_address_value)" + "--wsrep-sst-method=${DB_GALERA_SST_METHOD}" + "--wsrep-sst-auth=${DB_GALERA_MARIABACKUP_USER}:${DB_GALERA_MARIABACKUP_PASSWORD}" + ) + fi + + [[ ${#userExtraFlags[@]} -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") + + echo "${dbExtraFlags[@]}" +} + +######################## +# Whether the Galera node will perform bootstrapping of a new cluster, or join an existing one +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# Yes or no +######################### +get_galera_cluster_bootstrap_value() { + local cluster_bootstrap + + # This block evaluate if the cluster needs to be boostraped or not. + # When the node is marked to bootstrap: + # - When it is force by setting DB_GALERA_CLUSTER_BOOTSTRAP + # - When there is not previous boot and not other nodes has been found + # When the node is not marked to bootstrap, the node will join an existing cluster. + cluster_bootstrap="no" # initial value + if is_boolean_yes "$DB_GALERA_CLUSTER_BOOTSTRAP"; then + cluster_bootstrap="yes" + elif ! is_boolean_yes "$(get_previous_boot)" && ! is_boolean_yes "$(has_galera_cluster_other_nodes)"; then + cluster_bootstrap="yes" + fi + echo "$cluster_bootstrap" +} + +######################## +# Whether the Galera cluster has other running nodes +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +has_galera_cluster_other_nodes() { + local node_ip cluster_address address has_nodes + + hostname_has_ips() { + local hostname="${1:?hostname is required}" + [[ "$(getent ahosts "$hostname")" != "" ]] && return 0 + return 1 + } + + has_nodes="yes" + cluster_address="$DB_GALERA_CLUSTER_ADDRESS" + if [[ -z "$cluster_address" ]]; then + has_nodes="no" + elif [[ -n "$cluster_address" ]]; then + has_nodes="no" + read -r -a local_ips <<< "$(hostname -i)" + read -r -a addresses <<< "$(tr ',' ' ' <<< "${cluster_address#*://}")" + if [[ "${#addresses[@]}" -eq "1" ]]; then + if validate_ipv4 "$(echo "${addresses[0]}" | cut -d':' -f1)"; then + has_nodes="yes" + else + address="$(echo "${addresses[0]}" | cut -d':' -f1)" + if retry_while "hostname_has_ips $address" 2 2; then + for ip in $(getent ahosts "$address" | awk '{print $1}' | uniq); do + for local_ip in "${local_ips[@]}"; do + if [[ "$ip" != "$local_ip" ]]; then + has_nodes="yes" + break + fi + done + done + fi + fi + else + for a in "${addresses[@]}"; do + address="$(echo "$a" | cut -d':' -f1)" + node_ip="" + if validate_ipv4 "$address"; then + node_ip="$address" + else + if retry_while "hostname_has_ips $address" 2 2; then + node_ip="$(dns_lookup "$address")" + fi + fi + if [[ -n "$node_ip" ]]; then + has_nodes="yes" + # we now check if *any* of our IPs matches the node IP. In that case, we have to revert has_nodes to no, because it's not in fact a foreign node and check the next. + for local_ip in "${local_ips[@]}"; do + if [[ "$node_ip" == "$local_ip" ]]; then + has_nodes="no" + break + fi + done + # The foreign IP did not match our local IP, so we know that another node exists. + if [[ "$has_nodes" == 'yes' ]]; then + break + fi + fi + done + fi + fi + echo "$has_nodes" +} + +######################## +# Build Galera cluster address string from the bootstrap string +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +get_galera_cluster_address_value() { + local cluster_address + + if ! is_boolean_yes "$(get_galera_cluster_bootstrap_value)" && is_boolean_yes "$(has_galera_cluster_other_nodes)"; then + cluster_address="$DB_GALERA_CLUSTER_ADDRESS" + else + cluster_address="gcomm://" + fi + + debug "Set Galera cluster address to ${cluster_address}" + echo "$cluster_address" +} + +######################## +# Validate settings in MYSQL_*/MARIADB_* environment variables +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_validate() { + info "Validating settings in MYSQL_*/MARIADB_* env vars" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + empty_password_enabled_warn() { + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + } + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + backslash_password_error() { + print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" + } + + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -n "$DB_GALERA_MARIABACKUP_USER" ]] && [[ -z "$DB_GALERA_MARIABACKUP_PASSWORD" ]]; then + empty_password_error "$(get_env_var GALERA_MARIABACKUP_PASSWORD)" + fi + + if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then + if [[ -z "$DB_ROOT_PASSWORD" ]]; then + empty_password_error "$(get_env_var ROOT_PASSWORD)" + fi + if (( ${#DB_ROOT_PASSWORD} > 32 )); then + print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" + fi + if [[ -n "$DB_USER" ]]; then + if is_boolean_yes "$DB_ENABLE_LDAP" && [[ -n "$DB_PASSWORD" ]]; then + warn "You enabled LDAP authentication. '$DB_USER' user will be authentication using LDAP, the password set at the environment variable $(get_env_var PASSWORD) will be ignored" + elif ! is_boolean_yes "$DB_ENABLE_LDAP" && [[ -z "$DB_PASSWORD" ]]; then + empty_password_error "$(get_env_var PASSWORD)" + fi + fi + fi + fi + + if [[ -n "$DB_GALERA_FORCE_SAFETOBOOTSTRAP" ]] && ! is_yes_no_value "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then + print_validation_error "The allowed values for $(get_env_var GALERA_FORCE_SAFETOBOOTSTRAP) are yes or no." + fi + + if [[ -z "$DB_GALERA_CLUSTER_NAME" ]]; then + print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_NAME)." + fi + + if [[ -z "$(get_galera_cluster_address_value)" ]]; then + print_validation_error "Galera cluster cannot be created without setting the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS). If you are bootstrapping a new Galera cluster, set the environment variable $(get_env_var GALERA_CLUSTER_ADDRESS)=yes." + fi + + if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "$(get_env_var ROOT_PASSWORD)" + fi + if [[ "${DB_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "$(get_env_var PASSWORD)" + fi + + if is_boolean_yes "$DB_ENABLE_LDAP" && { [[ -z "${LDAP_URI}" ]] || [[ -z "${LDAP_BASE}" ]] || [[ -z "${LDAP_BIND_DN}" ]] || [[ -z "${LDAP_BIND_PASSWORD}" ]]; }; then + print_validation_error "The LDAP configuration is required when LDAP authentication is enabled. Set the environment variables LDAP_URI, LDAP_BASE, LDAP_BIND_DN and LDAP_BIND_PASSWORD with the LDAP configuration." + fi + + if is_boolean_yes "$DB_ENABLE_TLS"; then + if [[ -z "${DB_TLS_CERT_FILE}" ]] || [[ -z "${DB_TLS_KEY_FILE}" ]] || [[ -z "${DB_TLS_CA_FILE}" ]]; then + print_validation_error "The TLS cert file, key and CA are required when TLS is enabled. Set the environment variables TLS_CERT_FILE, TLS_KEY_FILE and TLS_CA_FILE with the path to each file." + fi + if [[ ! -f "${DB_TLS_CERT_FILE}" ]]; then + print_validation_error "The TLS_CERT file ${DB_TLS_CERT_FILE} must exist." + fi + if [[ ! -f "${DB_TLS_KEY_FILE}" ]]; then + print_validation_error "The TLS_KEY file ${DB_TLS_KEY_FILE} must exist." + fi + if [[ ! -f "${DB_TLS_CA_FILE}" ]]; then + print_validation_error "The TLS_CA file ${DB_TLS_CA_FILE} must exist." + fi + fi + + collation_env_var="$(get_env_var COLLATION)" + is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Creates MySQL/MariaDB configuration file +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_create_default_config() { + debug "Creating main configuration file" + cat > "$DB_CONF_FILE" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" + else + warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." + fi + fi + + if [[ -e "$DB_DATA_DIR/mysql" ]]; then + info "Persisted data detected. Restoring" + + if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then + if is_boolean_yes "$DB_GALERA_FORCE_SAFETOBOOTSTRAP"; then + set_safe_to_bootstrap + fi + if ! is_safe_to_bootstrap; then + error "It is not safe to bootstrap form this node ('safe_to_bootstrap=0' is set in 'grastate.dat'). If you want to force bootstrap, set the environment variable MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP=yes" + exit 1 + fi + fi + + return + else + # initialization should not be performed on non-primary nodes of a galera cluster + if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then + debug "Cleaning data directory to ensure successfully initialization" + rm -rf "${DB_DATA_DIR:?}"/* + mariadb_install_db + mysql_start_bg + debug "Deleting all users to avoid issues with galera configuration" + mysql_execute "mysql" </dev/null + hostname + fi +} + +######################## +# Check for user override of wsrep_node_address +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# String with node address +######################### +get_node_address() { + if [[ -n "$DB_GALERA_NODE_ADDRESS" ]]; then + echo "$DB_GALERA_NODE_ADDRESS" + else + # In some environments, the network may not be fully set up when starting the initialization + # So, to avoid issues, we retry the 'hostname' command until it succeeds (for a few minutes) + local -r retries="60" + local -r seconds="5" + retry_while "hostname -i" "$retries" "$seconds" >/dev/null + # prefer IPv6 over IPv4 if available + # This works by pulling any IPv4 addresses encountered into hold space and emitting it only when the EOF line is encountered + printf '%s\nEOF' "$(hostname -i | tr ' ' '\n')" | sed '/:/{;q;};/^EOF$/{;g;q;};h;d' + fi +} + +######################## +# Starts MySQL/MariaDB in the background and waits until it's ready +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_start_bg() { + local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") + + # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized + flags+=("--bind-address=127.0.0.1") + + # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable + read -r -a db_extra_flags <<< "$(mysql_extra_flags)" + [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") + + # Do not start as root, to avoid permission issues + am_i_root && flags+=("--user=${DB_DAEMON_USER}") + + # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection + flags+=("--skip-slave-start") + flags+=("$@") + + is_mysql_running && return + + info "Starting $DB_FLAVOR in background" + debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" & + + # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command + # users are not configured on slave nodes during initialization due to --skip-slave-start + wait_for_mysql + + # Wait for WSREP to be ready. If WSREP is not ready, we cannot do any transactions, thus cannot + # create any users, and WSREP instantly kills MariaDB if doing so + wait_for_wsrep + + # Special configuration flag for system with slow disks that could take more time + # in initializing + if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then + debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" + sleep "${DB_INIT_SLEEP_TIME}" + fi +} + +######################## +# Wait for WSREP to be ready to do transactions +# Arguments: +# None +# Returns: +# None +######################## +wait_for_wsrep() { + local -r retries=300 + local -r sleep_time=2 + if ! retry_while is_wsrep_ready "$retries" "$sleep_time"; then + error "WSREP did not become ready" + return 1 + fi +} + +######################## +# Checks for WSREP to be ready to do transactions +# Arguments: +# None +# Returns: +# Boolean +######################## +is_wsrep_ready() { + debug "Checking if WSREP is ready" + is_ready="$(mysql_execute_print_output "mysql" "root" <> "$custom_conf_file" + cat "$old_custom_conf_file" >> "$custom_conf_file" + fi + if am_i_root; then + [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" + rm -rf "$DB_VOLUME_DIR/conf" + else + warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" + fi +} + +######################## +# Ensure a db user exists with the given password for the '%' host +# Globals: +# DB_* +# Flags: +# -p|--password - database password +# -u|--user - database user +# --auth-plugin - authentication plugin +# --use-ldap - authenticate user via LDAP +# --host - database host +# --port - database host +# Arguments: +# $1 - database user +# Returns: +# None +######################### +mysql_ensure_user_exists() { + local -r user="${1:?user is required}" + local password="" + local auth_plugin="" + local use_ldap="no" + local hosts + local auth_string="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -p|--password) + shift + password="${1:?missing database password}" + ;; + --auth-plugin) + shift + auth_plugin="${1:?missing authentication plugin}" + ;; + --use-ldap) + use_ldap="yes" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if is_boolean_yes "$use_ldap"; then + auth_string="identified via pam using '$DB_FLAVOR'" + elif [[ -n "$password" ]]; then + if [[ -n "$auth_plugin" ]]; then + auth_string="identified with $auth_plugin by '$password'" + else + auth_string="identified by '$password'" + fi + fi + debug "creating database user \'$user\'" + + local -a mysql_execute_cmd=("mysql_execute") + local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") + if [[ -n "$db_host" && -n "$db_port" ]]; then + mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") + fi + + local mysql_create_user_cmd + [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ + # Views have a definer user, in this case set to 'root', which needs to exist for the view to work + # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html + # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed + if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then + alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 + return 1 + ;; + esac + shift + done + + local -a mysql_execute_cmd=("mysql_execute") + [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + + local -a create_database_args=() + [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") + [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") + + debug "Creating database $database" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$user") + [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") + [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") + if is_boolean_yes "$use_ldap"; then + flags+=("--use-ldap") + elif [[ -n "$password" ]]; then + flags+=("-p" "$password") + [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") + fi + mysql_ensure_user_exists "${flags[@]}" +} + +######################## +# Optionally create the given database, and then optionally give a user +# full privileges on the database. +# Flags: +# -u|--user - database user +# --character-set - character set +# --collation - collation +# --host - database host +# --port - database port +# Arguments: +# $1 - database name +# Returns: +# None +######################### +mysql_ensure_optional_database_exists() { + local -r database="${1:?database is missing}" + local character_set="" + local collate="" + local user="" + local privileges="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + --character-set) + shift + character_set="${1:?missing character set}" + ;; + --collate) + shift + collate="${1:?missing collate}" + ;; + -u|--user) + shift + user="${1:?missing database user}" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + --privileges) + shift + privileges="${1:?missing privileges}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$database") + [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") + [[ -n "$collate" ]] && flags+=("--collate" "$collate") + [[ -n "$db_host" ]] && flags+=("--host" "$db_host") + [[ -n "$db_port" ]] && flags+=("--port" "$db_port") + mysql_ensure_database_exists "${flags[@]}" + + if [[ -n "$user" ]]; then + mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" + fi +} + +######################## +# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") +# Globals: +# DB_* +# Arguments: +# $1 - MySQL variable name +# $2 - Value to assign to the MySQL variable +# $3 - Section in the MySQL configuration file the key is located (default: mysqld) +# $4 - Configuration file (default: "$BD_CONF_FILE") +# Returns: +# None +######################### +mysql_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + read -r -a sections <<<"${3:-mysqld}" + local -r ignore_inline_comments="${4:-no}" + local -r file="${5:-"$DB_CONF_FILE"}" + info "Setting ${key} option" + debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" + # Check if the configuration exists in the file + for section in "${sections[@]}"; do + if is_boolean_yes "$ignore_inline_comments"; then + ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" + else + ini-file set --section "$section" --key "$key" --value "$value" "$file" + fi + done +} + +######################## +# Update MySQL/MariaDB configuration file with user custom inputs +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_update_custom_config() { + # Persisted configuration files from old versions + ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration + + # User injected custom configuration + if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then + debug "Injecting custom configuration from my_custom.conf" + cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" + fi + + ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" + ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" + ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" + ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" + ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" + ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" + ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" + ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" + ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Find the path to the libjemalloc library file +# Globals: +# None +# Arguments: +# None +# Returns: +# Path to a libjemalloc shared object file +######################### +find_jemalloc_lib() { + local -a locations=( "/usr/lib" "/usr/lib64" ) + local -r pattern='libjemalloc.so.[0-9]' + local path + for dir in "${locations[@]}"; do + # Find the first element matching the pattern and quit + [[ ! -d "$dir" ]] && continue + path="$(find "$dir" -name "$pattern" -print -quit)" + [[ -n "$path" ]] && break + done + echo "${path:-}" +} + +######################## +# Execute a reliable health check against the current mysql instance +# Globals: +# DB_ROOT_USER, DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD +# Arguments: +# None +# Returns: +# mysqladmin output +######################### +mysql_healthcheck() { + local args=("-u${DB_ROOT_USER}" "-h0.0.0.0") + local root_password + + root_password="$(get_master_env_var_value ROOT_PASSWORD)" + if [[ -n "$root_password" ]]; then + args+=("-p${root_password}") + fi + + mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status +} + +######################## +# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# mysql client flavor +######################### +mysql_client_flavor() { + if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then + echo "mariadb" + else + echo "mysql" + fi +} + +######################## +# Prints extra options for MySQL client calls (i.e. SSL options) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# List of options to pass to "mysql" CLI +######################### +mysql_client_extra_opts() { + # Helper to get the proper value for the MySQL client environment variable + mysql_client_env_value() { + local env_name="MYSQL_CLIENT_${1:?missing name}" + if [[ -n "${!env_name:-}" ]]; then + echo "${!env_name:-}" + else + env_name="DB_CLIENT_${1}" + echo "${!env_name:-}" + fi + } + local -a opts=() + local key value + if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=REQUIRED") + else + opts+=("--ssl=TRUE") + fi + # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined + for key in ca key cert; do + value="$(mysql_client_env_value "SSL_${key^^}_FILE")" + [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") + done + else + # Skip SSL validation + if [[ "$(mysql_client_flavor)" = "mariadb" ]]; then + # SSL connections are enabled by default in MariaDB >=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi + fi + echo "${opts[@]:-}" +} diff --git a/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh new file mode 100644 index 0000000000000..54c504fe8d2c8 --- /dev/null +++ b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh @@ -0,0 +1,264 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for mariadb + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-mariadb}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +mariadb_env_vars=( + ALLOW_EMPTY_PASSWORD + MARIADB_AUTHENTICATION_PLUGIN + MARIADB_ROOT_USER + MARIADB_ROOT_PASSWORD + MARIADB_USER + MARIADB_PASSWORD + MARIADB_DATABASE + MARIADB_MASTER_HOST + MARIADB_MASTER_PORT_NUMBER + MARIADB_MASTER_ROOT_USER + MARIADB_MASTER_ROOT_PASSWORD + MARIADB_MASTER_DELAY + MARIADB_REPLICATION_USER + MARIADB_REPLICATION_PASSWORD + MARIADB_PORT_NUMBER + MARIADB_REPLICATION_MODE + MARIADB_REPLICATION_SLAVE_DUMP + MARIADB_EXTRA_FLAGS + MARIADB_INIT_SLEEP_TIME + MARIADB_CHARACTER_SET + MARIADB_COLLATE + MARIADB_BIND_ADDRESS + MARIADB_SQL_MODE + MARIADB_UPGRADE + MARIADB_SKIP_TEST_DB + MARIADB_CLIENT_ENABLE_SSL + MARIADB_CLIENT_SSL_CA_FILE + MARIADB_CLIENT_SSL_CERT_FILE + MARIADB_CLIENT_SSL_KEY_FILE + MARIADB_CLIENT_EXTRA_FLAGS + MARIADB_STARTUP_WAIT_RETRIES + MARIADB_STARTUP_WAIT_SLEEP_TIME + MARIADB_ENABLE_SLOW_QUERY + MARIADB_LONG_QUERY_TIME + MARIADB_GALERA_CONF_DIR + MARIADB_GALERA_MOUNTED_CONF_DIR + MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP + MARIADB_GALERA_CLUSTER_BOOTSTRAP + MARIADB_GALERA_CLUSTER_ADDRESS + MARIADB_GALERA_CLUSTER_NAME + MARIADB_GALERA_NODE_NAME + MARIADB_GALERA_NODE_ADDRESS + MARIADB_GALERA_SST_METHOD + MARIADB_GALERA_MARIABACKUP_USER + MARIADB_GALERA_MARIABACKUP_PASSWORD + MARIADB_ENABLE_LDAP + MARIADB_ENABLE_TLS + MARIADB_TLS_CERT_FILE + MARIADB_TLS_KEY_FILE + MARIADB_TLS_CA_FILE + MARIADB_REPLICATION_USER + MARIADB_REPLICATION_PASSWORD + DB_ENABLE_SLOW_QUERY + DB_LONG_QUERY_TIME +) +for env_var in "${mariadb_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset mariadb_env_vars +export DB_FLAVOR="mariadb" + +# Paths +export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" +export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" +export DB_DATA_DIR="${DB_VOLUME_DIR}/data" +export DB_BIN_DIR="${DB_BASE_DIR}/bin" +export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" +export DB_CONF_DIR="${DB_BASE_DIR}/conf" +export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" +export DB_LOGS_DIR="${DB_BASE_DIR}/logs" +export DB_TMP_DIR="${DB_BASE_DIR}/tmp" +export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" +export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" +export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" +export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" + +# System users (when running with a privileged user) +export DB_DAEMON_USER="mysql" +export DB_DAEMON_GROUP="mysql" + +# Default configuration (build-time) +export MARIADB_DEFAULT_PORT_NUMBER="3306" +export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time +export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" +export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time +export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" +export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time + +# MariaDB Galera authentication. +export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" +export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" +export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" +export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" +export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization +export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" +export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization +export MARIADB_USER="${MARIADB_USER:-}" +export DB_USER="$MARIADB_USER" # only used during the first initialization +export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" +export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization +export MARIADB_DATABASE="${MARIADB_DATABASE:-}" +export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization +export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" +export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization +export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" +export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization +export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" +export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization +export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" +export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization +export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" +export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization +export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" +export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization +export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" +export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization + +# Settings +export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" +export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" +export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" +export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" +export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" +export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" +export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" +export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" +export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" +export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" +export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" +export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" +# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE +MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" +export MARIADB_COLLATE="${MARIADB_COLLATE:-}" +export DB_COLLATE="$MARIADB_COLLATE" +export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" +export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" +export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" +export DB_SQL_MODE="$MARIADB_SQL_MODE" +export MARIADB_UPGRADE="${MARIADB_UPGRADE:-AUTO}" +export DB_UPGRADE="$MARIADB_UPGRADE" +export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" +export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" +export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" +export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" +export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" +export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" +export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" +export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" +export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" +export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" +export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" +export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" +export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" +export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" +export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" +export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" +MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" +export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" +export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" +MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" +export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" +export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" + +# Galera paths +export MARIADB_GALERA_GRASTATE_FILE="${DB_DATA_DIR}/grastate.dat" +export DB_GALERA_GRASTATE_FILE="$MARIADB_GALERA_GRASTATE_FILE" +export MARIADB_GALERA_BOOTSTRAP_DIR="${DB_VOLUME_DIR}/.bootstrap" +export DB_GALERA_BOOTSTRAP_DIR="$MARIADB_GALERA_BOOTSTRAP_DIR" +export MARIADB_GALERA_BOOTSTRAP_FILE="${DB_GALERA_BOOTSTRAP_DIR}/done" +export DB_GALERA_BOOTSTRAP_FILE="$MARIADB_GALERA_BOOTSTRAP_FILE" + +# Galera build-time defaults for cluster configuration +export MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS="gcomm://" +export DB_GALERA_DEFAULT_CLUSTER_ADDRESS="$MARIADB_GALERA_DEFAULT_CLUSTER_ADDRESS" +export MARIADB_GALERA_DEFAULT_CLUSTER_NAME="galera" +export DB_GALERA_DEFAULT_CLUSTER_NAME="$MARIADB_GALERA_DEFAULT_CLUSTER_NAME" +export MARIADB_GALERA_DEFAULT_NODE_NAME="" +export DB_GALERA_DEFAULT_NODE_NAME="$MARIADB_GALERA_DEFAULT_NODE_NAME" +export MARIADB_GALERA_DEFAULT_NODE_ADDRESS="" +export DB_GALERA_DEFAULT_NODE_ADDRESS="$MARIADB_GALERA_DEFAULT_NODE_ADDRESS" +export MARIADB_GALERA_DEFAULT_SST_METHOD="mariabackup" +export DB_GALERA_DEFAULT_SST_METHOD="$MARIADB_GALERA_DEFAULT_SST_METHOD" +export MARIADB_GALERA_DEFAULT_MARIABACKUP_USER="mariabackup" +export DB_GALERA_DEFAULT_MARIABACKUP_USER="$MARIADB_GALERA_DEFAULT_MARIABACKUP_USER" +export MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="" +export DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD="$MARIADB_GALERA_DEFAULT_MARIABACKUP_PASSWORD" + +# Galera cluster configuration. +export MARIADB_GALERA_CONF_DIR="${MARIADB_GALERA_CONF_DIR:-/opt/bitnami/mariadb/conf}" +export DB_GALERA_CONF_DIR="$MARIADB_GALERA_CONF_DIR" +export MARIADB_GALERA_MOUNTED_CONF_DIR="${MARIADB_GALERA_MOUNTED_CONF_DIR:-/bitnami/conf}" +export DB_GALERA_MOUNTED_CONF_DIR="$MARIADB_GALERA_MOUNTED_CONF_DIR" +export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP="${MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP:-}" +export DB_GALERA_FORCE_SAFETOBOOTSTRAP="$MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP" +export MARIADB_GALERA_CLUSTER_BOOTSTRAP="${MARIADB_GALERA_CLUSTER_BOOTSTRAP:-}" +export DB_GALERA_CLUSTER_BOOTSTRAP="$MARIADB_GALERA_CLUSTER_BOOTSTRAP" +export MARIADB_GALERA_CLUSTER_ADDRESS="${MARIADB_GALERA_CLUSTER_ADDRESS:-}" +export DB_GALERA_CLUSTER_ADDRESS="$MARIADB_GALERA_CLUSTER_ADDRESS" +export MARIADB_GALERA_CLUSTER_NAME="${MARIADB_GALERA_CLUSTER_NAME:-$DB_GALERA_DEFAULT_CLUSTER_NAME}" +export DB_GALERA_CLUSTER_NAME="$MARIADB_GALERA_CLUSTER_NAME" +export MARIADB_GALERA_NODE_NAME="${MARIADB_GALERA_NODE_NAME:-}" +export DB_GALERA_NODE_NAME="$MARIADB_GALERA_NODE_NAME" +export MARIADB_GALERA_NODE_ADDRESS="${MARIADB_GALERA_NODE_ADDRESS:-}" +export DB_GALERA_NODE_ADDRESS="$MARIADB_GALERA_NODE_ADDRESS" +export MARIADB_GALERA_SST_METHOD="${MARIADB_GALERA_SST_METHOD:-$DB_GALERA_DEFAULT_SST_METHOD}" +export DB_GALERA_SST_METHOD="$MARIADB_GALERA_SST_METHOD" +export MARIADB_GALERA_MARIABACKUP_USER="${MARIADB_GALERA_MARIABACKUP_USER:-$DB_GALERA_DEFAULT_MARIABACKUP_USER}" +export DB_GALERA_MARIABACKUP_USER="$MARIADB_GALERA_MARIABACKUP_USER" +export MARIADB_GALERA_MARIABACKUP_PASSWORD="${MARIADB_GALERA_MARIABACKUP_PASSWORD:-$DB_GALERA_DEFAULT_MARIABACKUP_PASSWORD}" +export DB_GALERA_MARIABACKUP_PASSWORD="$MARIADB_GALERA_MARIABACKUP_PASSWORD" + +# LDAP +export MARIADB_ENABLE_LDAP="${MARIADB_ENABLE_LDAP:-no}" +export DB_ENABLE_LDAP="$MARIADB_ENABLE_LDAP" + +# SSL/TLS configuration +export MARIADB_ENABLE_TLS="${MARIADB_ENABLE_TLS:-no}" +export DB_ENABLE_TLS="$MARIADB_ENABLE_TLS" +export MARIADB_TLS_CERT_FILE="${MARIADB_TLS_CERT_FILE:-}" +export DB_TLS_CERT_FILE="$MARIADB_TLS_CERT_FILE" +export MARIADB_TLS_KEY_FILE="${MARIADB_TLS_KEY_FILE:-}" +export DB_TLS_KEY_FILE="$MARIADB_TLS_KEY_FILE" +export MARIADB_TLS_CA_FILE="${MARIADB_TLS_CA_FILE:-}" +export DB_TLS_CA_FILE="$MARIADB_TLS_CA_FILE" +export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-monitor}" +export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization +export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-monitor}" +export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization + +# Custom environment variables may be defined below diff --git a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh similarity index 100% rename from bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh rename to bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/entrypoint.sh diff --git a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh similarity index 100% rename from bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh rename to bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/healthcheck.sh diff --git a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh similarity index 100% rename from bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh rename to bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/postunpack.sh diff --git a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh similarity index 100% rename from bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh rename to bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/run.sh diff --git a/bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh b/bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh similarity index 100% rename from bitnami/mariadb-galera/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh rename to bitnami/mariadb-galera/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-galera/setup.sh diff --git a/bitnami/mariadb-galera/11.4/debian-12/tags-info.yaml b/bitnami/mariadb-galera/11.4/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..c5a1c50f193fa --- /dev/null +++ b/bitnami/mariadb-galera/11.4/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "11.4" +- 11.4-debian-12 +- 11.4.4 +- latest diff --git a/bitnami/mariadb-galera/11.6/README.md b/bitnami/mariadb-galera/11.6/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb-galera/11.6/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb-galera/README.md b/bitnami/mariadb-galera/README.md index 31b120d289cd8..6eae33a7d3051 100644 --- a/bitnami/mariadb-galera/README.md +++ b/bitnami/mariadb-galera/README.md @@ -26,7 +26,7 @@ docker run --name mariadb \ * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use MariaDB Galera in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use MariaDB Galera in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy MariaDB Galera in Kubernetes? @@ -36,13 +36,19 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links > NOTE: Debian 9 and Oracle Linux 7 images have been deprecated in favor of Debian 10 images. Bitnami will not longer publish new Docker images based on Debian 9 or Oracle Linux 7. -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -197,6 +203,7 @@ docker-compose up -d | `MARIADB_COLLATE` | MariaDB Galera collation to use. | `nil` | | `MARIADB_BIND_ADDRESS` | MariaDB Galera bind address. | `nil` | | `MARIADB_SQL_MODE` | MariaDB Galera Server SQL modes to enable. | `nil` | +| `MARIADB_UPGRADE` | MariaDB Galera upgrade option. | `AUTO` | | `MARIADB_SKIP_TEST_DB` | Whether to skip creating the test database. | `no` | | `MARIADB_CLIENT_ENABLE_SSL` | Whether to force SSL for connections to the MariaDB Galera database. | `no` | | `MARIADB_CLIENT_SSL_CA_FILE` | Path to CA certificate to use for SSL connections to the MariaDB Galera database server. | `nil` | @@ -801,7 +808,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/mariadb-galera/docker-compose-ldap.yml b/bitnami/mariadb-galera/docker-compose-ldap.yml index 10caaa4caf143..793b6d99f362b 100644 --- a/bitnami/mariadb-galera/docker-compose-ldap.yml +++ b/bitnami/mariadb-galera/docker-compose-ldap.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2.1' - services: mariadb-galera: - image: docker.io/bitnami/mariadb-galera:11.3 + image: docker.io/bitnami/mariadb-galera:11.4 ports: - '3306:3306' - '4444:4444' diff --git a/bitnami/mariadb-galera/docker-compose.yml b/bitnami/mariadb-galera/docker-compose.yml index 3fbdca8935449..fa186ff7fc2eb 100644 --- a/bitnami/mariadb-galera/docker-compose.yml +++ b/bitnami/mariadb-galera/docker-compose.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2.1' - services: mariadb-galera: - image: docker.io/bitnami/mariadb-galera:11.3 + image: docker.io/bitnami/mariadb-galera:11.4 ports: - '3306:3306' - '4444:4444' diff --git a/bitnami/mariadb/10.11/README.md b/bitnami/mariadb/10.11/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb/10.11/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb/10.11/debian-12/Dockerfile b/bitnami/mariadb/10.11/debian-12/Dockerfile index 725a19bf5ac4d..d2d5c5cc0441e 100644 --- a/bitnami/mariadb/10.11/debian-12/Dockerfile +++ b/bitnami/mariadb/10.11/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T08:40:15Z" \ + org.opencontainers.image.created="2025-01-08T22:40:50Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.11.8-debian-12-r0" \ + org.opencontainers.image.ref.name="10.11.10-debian-12-r3" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ org.opencontainers.image.title="mariadb" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.11.8" + org.opencontainers.image.version="10.11.10" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps psmisc zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-10.11.8-0-linux-${OS_ARCH}-debian-12" \ + "ini-file-1.4.7-8-linux-${OS_ARCH}-debian-12" \ + "mariadb-10.11.10-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN mkdir /docker-entrypoint-initdb.d COPY rootfs / RUN /opt/bitnami/scripts/mariadb/postunpack.sh -ENV APP_VERSION="10.11.8" \ +ENV APP_VERSION="10.11.10" \ BITNAMI_APP_NAME="mariadb" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" diff --git a/bitnami/mariadb/10.11/debian-12/docker-compose-replication.yml b/bitnami/mariadb/10.11/debian-12/docker-compose-replication.yml new file mode 100644 index 0000000000000..03e523f97b952 --- /dev/null +++ b/bitnami/mariadb/10.11/debian-12/docker-compose-replication.yml @@ -0,0 +1,49 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + mariadb-master: + image: docker.io/bitnami/mariadb:10.11 + ports: + - '3306' + volumes: + - 'mariadb_master_data:/bitnami/mariadb' + environment: + - MARIADB_REPLICATION_MODE=master + - MARIADB_REPLICATION_USER=repl_user + - MARIADB_USER=my_user + - MARIADB_DATABASE=my_database + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - MARIADB_ROOT_PASSWORD=my_root_password + healthcheck: + test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] + interval: 15s + timeout: 5s + retries: 6 + + mariadb-slave: + image: docker.io/bitnami/mariadb:10.11 + ports: + - '3306' + depends_on: + - mariadb-master + environment: + - MARIADB_REPLICATION_MODE=slave + - MARIADB_REPLICATION_USER=repl_user + - MARIADB_USER=my_user + - MARIADB_DATABASE=my_database + - MARIADB_MASTER_HOST=mariadb-master + - MARIADB_MASTER_PORT_NUMBER=3306 + - MARIADB_MASTER_ROOT_PASSWORD=my_root_password + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + healthcheck: + test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] + interval: 15s + timeout: 5s + retries: 6 + +volumes: + mariadb_master_data: + driver: local diff --git a/bitnami/mariadb/10.11/debian-12/docker-compose.yml b/bitnami/mariadb/10.11/debian-12/docker-compose.yml index 3419297abaf37..cbd9cb79f8be3 100644 --- a/bitnami/mariadb/10.11/debian-12/docker-compose.yml +++ b/bitnami/mariadb/10.11/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2.1' - services: mariadb: image: docker.io/bitnami/mariadb:10.11 diff --git a/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 86519fd19f926..b1441396c42b0 100644 --- a/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.4.6-13" + "version": "1.4.7-8" }, "mariadb": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "10.11.8-0" + "version": "10.11.10-0" } } \ No newline at end of file diff --git a/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/mariadb/10.11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/mariadb/10.11/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/10.11/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh index 0a93e3b77f673..9d6bd864f4513 100644 --- a/bitnami/mariadb/10.11/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh +++ b/bitnami/mariadb/10.11/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh @@ -185,47 +185,38 @@ EOF # None ######################### mysql_exec_initial_dump() { - info "MySQL dump master data start..." + local -r dump_file="${DB_DATA_DIR}/dump_all_databases.sql" - info "LOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'FLUSH TABLES WITH READ LOCK;' + info "MariaDB dump master data start..." + debug "Lock master databases for write operations" + echo "FLUSH TABLES WITH READ LOCK;" | mysql_remote_execute "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "mysql" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD" - info "SHOW MASTER STATUS..." - read -r MYSQL_FILE MYSQL_POSITION <<< "$(mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'SHOW MASTER STATUS;' | awk 'NR==1 {print $1, $2}')" - info "File: $MYSQL_FILE and Position: $MYSQL_POSITION" + read -r log_file log_position <<< "$(echo "SHOW MASTER STATUS;" | mysql_remote_execute_print_output "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "mysql" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD" | awk 'NR==1 {print $1, $2}')" + debug "File: $log_file and Position: $log_position" - info "Start dump process databases" + debug "Start dump process databases" + mysqldump --verbose --all-databases -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" > "$dump_file" + debug "Finish dump databases" - FILE_LOCATION="$DB_DATA_DIR/dump_all_databases.sql" - - mysqldump --verbose --all-databases -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" > "$FILE_LOCATION" - - info "Finish dump databases" - - info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;' - - info "Start import dump databases" - mysql_execute < "$FILE_LOCATION" - info "Finish import dump databases" + debug "Unlock master databases for write operations" + echo "UNLOCK TABLES;" | mysql_remote_execute "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "mysql" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD" + debug "Start import dump databases" + mysql_execute < "$dump_file" mysql_execute "mysql" <=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi fi echo "${opts[@]:-}" } diff --git a/bitnami/mariadb/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh index 15c1253263343..3fe87ab875092 100644 --- a/bitnami/mariadb/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ b/bitnami/mariadb/10.11/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh @@ -47,6 +47,7 @@ mariadb_env_vars=( MARIADB_COLLATE MARIADB_BIND_ADDRESS MARIADB_SQL_MODE + MARIADB_UPGRADE MARIADB_SKIP_TEST_DB MARIADB_CLIENT_ENABLE_SSL MARIADB_CLIENT_SSL_CA_FILE @@ -151,6 +152,8 @@ export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" export DB_SQL_MODE="$MARIADB_SQL_MODE" +export MARIADB_UPGRADE="${MARIADB_UPGRADE:-AUTO}" +export DB_UPGRADE="$MARIADB_UPGRADE" export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" diff --git a/bitnami/mariadb/10.11/debian-12/tags-info.yaml b/bitnami/mariadb/10.11/debian-12/tags-info.yaml index 784d68931b6bc..3e280dc001ad4 100644 --- a/bitnami/mariadb/10.11/debian-12/tags-info.yaml +++ b/bitnami/mariadb/10.11/debian-12/tags-info.yaml @@ -1,4 +1,4 @@ rolling-tags: - "10.11" - 10.11-debian-12 -- 10.11.8 +- 10.11.10 diff --git a/bitnami/mariadb/10.4/debian-12/Dockerfile b/bitnami/mariadb/10.4/debian-12/Dockerfile deleted file mode 100644 index 9706da98f438e..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T08:31:58Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.4.34-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ - org.opencontainers.image.title="mariadb" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.4.34" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libffi8 libgcc-s1 libgmp10 libgnutls30 libhogweed6 libicu72 libidn2-0 libjemalloc2 liblzma5 libncurses6 libnettle8 libp11-kit0 libpam0g libstdc++6 libtasn1-6 libtinfo6 libunistring2 libxml2 procps psmisc zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-10.4.34-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb/postunpack.sh -ENV APP_VERSION="10.4.34" \ - BITNAMI_APP_NAME="mariadb" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb/run.sh" ] diff --git a/bitnami/mariadb/10.4/debian-12/docker-compose.yml b/bitnami/mariadb/10.4/debian-12/docker-compose.yml deleted file mode 100644 index 2acb2785fd459..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb: - image: docker.io/bitnami/mariadb:10.4 - ports: - - '3306:3306' - volumes: - - 'mariadb_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_data: - driver: local diff --git a/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 1f854b430ed4e..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.4.34-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb/10.4/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb/10.4/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb/10.4/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb/10.4/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh deleted file mode 100644 index 0a93e3b77f673..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh +++ /dev/null @@ -1,1428 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL library - -# shellcheck disable=SC1090,SC1091,SC2119,SC2120 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libversion.sh - -######################## -# Configure database extra start flags -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Array with extra flags to use -######################### -mysql_extra_flags() { - local randNumber - local -a dbExtraFlags=() - # shellcheck disable=SC2153 - read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" - dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") - if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") - elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then - dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") - fi - fi - - [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") - - echo "${dbExtraFlags[@]:-}" -} - -######################## -# Validate settings in MYSQL_*/MARIADB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_validate() { - info "Validating settings in MYSQL_*/MARIADB_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - if [[ "$DB_REPLICATION_MODE" = "master" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then - empty_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if (( ${#DB_ROOT_PASSWORD} > 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - if [[ -z "$DB_MASTER_HOST" ]]; then - print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" - fi - else - print_validation_error "Invalid replication mode. Available options are 'master/slave'" - fi - else - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then - print_validation_error "root user is already created in the database and you can't use it as username for user creation." - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "$FILE_LOCATION" - - info "Finish dump databases" - - info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;' - - info "Start import dump databases" - mysql_execute < "$FILE_LOCATION" - info "Finish import dump databases" - - mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then - echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" - fi - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Using persisted data" - # mysql_upgrade requires the server to be running - [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" - # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html - mysql_upgrade - else - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - info "Installing database" - mysql_install_db - mysql_start_bg - wait_for_mysql_access - # we delete existing users and create new ones with stricter access - # commands can still be executed until we restart or run 'flush privileges' - info "Configuring authentication" - mysql_execute "mysql" <=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for mysql common - -######################## -# Extract mysql version from version string -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Version string -######################### -mysql_get_version() { - local ver_string - local -a ver_split - - ver_string=$("${DB_BIN_DIR}/mysql" "--version") - read -r -a ver_split <<< "$ver_string" - - if [[ "$ver_string" = *" Distrib "* ]]; then - echo "${ver_split[4]::-1}" - else - echo "${ver_split[2]}" - fi -} - -######################## -# Gets an environment variable name based on the suffix -# Globals: -# DB_FLAVOR -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var() { - local -r id="${1:?id is required}" - local -r prefix="${DB_FLAVOR//-/_}" - echo "${prefix^^}_${id}" -} - -######################## -# Gets an environment variable value for the master node and based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable value -######################### -get_master_env_var_value() { - local envVar - - PREFIX="" - [[ "${DB_REPLICATION_MODE:-}" = "slave" ]] && PREFIX="MASTER_" - envVar="$(get_env_var "${PREFIX}${1}_FILE")" - if [[ -f "${!envVar:-}" ]]; then - echo "$(< "${!envVar}")" - else - envVar="$(get_env_var "${PREFIX}${1}")" - echo "${!envVar:-}" - fi -} - -######################## -# Execute an arbitrary query/queries against the running MySQL/MariaDB service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra MySQL CLI options -# Returns: -# None -mysql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-root}" - local -r pass="${3:-}" - local -a opts extra_opts - read -r -a opts <<< "${@:4}" - read -r -a extra_opts <<< "$(mysql_client_extra_opts)" - - # Process mysql CLI arguments - local -a args=() - if [[ -f "$DB_CONF_FILE" ]]; then - args+=("--defaults-file=${DB_CONF_FILE}") - fi - args+=("-N" "-u" "$user") - [[ -n "$db" ]] && args+=("$db") - [[ -n "$pass" ]] && args+=("-p$pass") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}") - - # Obtain the command specified via stdin - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - local mysql_cmd - mysql_cmd="$(> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 15c1253263343..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb/10.4/debian-12/tags-info.yaml b/bitnami/mariadb/10.4/debian-12/tags-info.yaml deleted file mode 100644 index f4cf6afb1a0fe..0000000000000 --- a/bitnami/mariadb/10.4/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "10.4" -- 10.4-debian-12 -- 10.4.34 diff --git a/bitnami/mariadb/10.5/README.md b/bitnami/mariadb/10.5/README.md new file mode 100644 index 0000000000000..0bd6cabe4976d --- /dev/null +++ b/bitnami/mariadb/10.5/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. \ No newline at end of file diff --git a/bitnami/mariadb/10.5/debian-12/Dockerfile b/bitnami/mariadb/10.5/debian-12/Dockerfile deleted file mode 100644 index 34cbbebfad148..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T09:28:55Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.5.25-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ - org.opencontainers.image.title="mariadb" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.5.25" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps psmisc zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-10.5.25-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb/postunpack.sh -ENV APP_VERSION="10.5.25" \ - BITNAMI_APP_NAME="mariadb" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb/run.sh" ] diff --git a/bitnami/mariadb/10.5/debian-12/docker-compose.yml b/bitnami/mariadb/10.5/debian-12/docker-compose.yml deleted file mode 100644 index 0a081a9c8bf99..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb: - image: docker.io/bitnami/mariadb:10.5 - ports: - - '3306:3306' - volumes: - - 'mariadb_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_data: - driver: local diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 1d374a575c4fa..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.5.25-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 1c69e0e48a5d0..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 970d624179642..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - [ -d "${dir}" ] || mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - find -L "$p" -printf "" - if [[ -n $dir_mode ]]; then - find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" - fi - if [[ -n $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" - elif [[ -n $user ]] && [[ -z $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}" - elif [[ -z $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chgrp "${group}" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index f3a5fe7868eed..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index 450f05bd823ff..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index 9d908c48579b9..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,657 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# --name - Distro name -# --pretty-name - Distro pretty name -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - --name) - get_os_release_metadata NAME - ;; - --pretty-name) - get_os_release_metadata PRETTY_NAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - numeric) - filter="0-9" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - alphanumeric+special|special+alphanumeric) - # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters - # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9:@.,/+!=' - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Get boot time -# Globals: -# None -# Arguments: -# None -# Returns: -# Boot time metadata -######################### -get_boot_time() { - stat /proc --format=%Y -} - -######################## -# Get machine ID -# Globals: -# None -# Arguments: -# None -# Returns: -# Machine ID -######################### -get_machine_id() { - local machine_id - if [[ -f /etc/machine-id ]]; then - machine_id="$(cat /etc/machine-id)" - fi - if [[ -z "$machine_id" ]]; then - # Fallback to the boot-time, which will at least ensure a unique ID in the current session - machine_id="$(get_boot_time)" - fi - echo "$machine_id" -} - -######################## -# Get the root partition's disk device ID (e.g. /dev/sda1) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root partition disk ID -######################### -get_disk_device_id() { - local device_id="" - if grep -q ^/dev /proc/mounts; then - device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" - fi - # If it could not be autodetected, fallback to /dev/sda1 as a default - if [[ -z "$device_id" || ! -b "$device_id" ]]; then - device_id="/dev/sda1" - fi - echo "$device_id" -} - -######################## -# Get the root disk device ID (e.g. /dev/sda) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk ID -######################### -get_root_disk_device_id() { - get_disk_device_id | sed -E 's/p?[0-9]+$//' -} - -######################## -# Get the root disk size in bytes -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk size in bytes -######################### -get_root_disk_size() { - fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 18445e7d27fa3..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index 1f9b33096b026..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat < "${logrotate_conf_dir}/${service_name}" -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} - -######################## -# Generate a Systemd configuration file -# Arguments: -# $1 - Service name -# Flags: -# --custom-service-content - Custom content to add to the [service] block -# --environment - Environment variable to define (multiple --environment options may be passed) -# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) -# --exec-start - Start command (required) -# --exec-start-pre - Pre-start command (optional) -# --exec-start-post - Post-start command (optional) -# --exec-stop - Stop command (optional) -# --exec-reload - Reload command (optional) -# --group - System group to start the service with -# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) -# --restart - When to restart the Systemd service after being stopped (defaults to always) -# --pid-file - Service PID file -# --standard-output - File where to print stdout output -# --standard-error - File where to print stderr output -# --success-exit-status - Exit code that indicates a successful shutdown -# --type - Systemd unit type (defaults to forking) -# --user - System user to start the service with -# --working-directory - Working directory at which to start the service -# Returns: -# None -######################### -generate_systemd_conf() { - local -r service_name="${1:?service name is missing}" - local -r systemd_units_dir="/etc/systemd/system" - local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" - # Default values - local name="$service_name" - local type="forking" - local user="" - local group="" - local environment="" - local environment_file="" - local exec_start="" - local exec_start_pre="" - local exec_start_post="" - local exec_stop="" - local exec_reload="" - local restart="always" - local pid_file="" - local standard_output="journal" - local standard_error="" - local limits_content="" - local success_exit_status="" - local custom_service_content="" - local working_directory="" - # Parse CLI flags - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --name \ - | --type \ - | --user \ - | --group \ - | --exec-start \ - | --exec-stop \ - | --exec-reload \ - | --restart \ - | --pid-file \ - | --standard-output \ - | --standard-error \ - | --success-exit-status \ - | --custom-service-content \ - | --working-directory \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "$var_name"="${1:?"${var_name} value is missing"}" - ;; - --limit-*) - [[ -n "$limits_content" ]] && limits_content+=$'\n' - var_name="${1//--limit-}" - shift - limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" - ;; - --exec-start-pre) - shift - [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' - exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" - ;; - --exec-start-post) - shift - [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' - exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" - ;; - --environment) - shift - # It is possible to add multiple environment lines - [[ -n "$environment" ]] && environment+=$'\n' - environment+="Environment=${1:?"--environment value is missing"}" - ;; - --environment-file) - shift - # It is possible to add multiple environment-file lines - [[ -n "$environment_file" ]] && environment_file+=$'\n' - environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - # Validate inputs - local error="no" - if [[ -z "$exec_start" ]]; then - error "The --exec-start option is required" - error="yes" - fi - if [[ "$error" != "no" ]]; then - return 1 - fi - # Generate the Systemd unit - cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" - fi - if [[ -n "$exec_start_pre" ]]; then - # This variable may contain multiple ExecStartPre= directives - cat >> "$service_file" <<< "$exec_start_pre" - fi - if [[ -n "$exec_start" ]]; then - cat >> "$service_file" <<< "ExecStart=${exec_start}" - fi - if [[ -n "$exec_start_post" ]]; then - # This variable may contain multiple ExecStartPost= directives - cat >> "$service_file" <<< "$exec_start_post" - fi - # Optional stop and reload commands - if [[ -n "$exec_stop" ]]; then - cat >> "$service_file" <<< "ExecStop=${exec_stop}" - fi - if [[ -n "$exec_reload" ]]; then - cat >> "$service_file" <<< "ExecReload=${exec_reload}" - fi - # User and group - if [[ -n "$user" ]]; then - cat >> "$service_file" <<< "User=${user}" - fi - if [[ -n "$group" ]]; then - cat >> "$service_file" <<< "Group=${group}" - fi - # PID file allows to determine if the main process is running properly (for Restart=always) - if [[ -n "$pid_file" ]]; then - cat >> "$service_file" <<< "PIDFile=${pid_file}" - fi - if [[ -n "$restart" ]]; then - cat >> "$service_file" <<< "Restart=${restart}" - fi - # Environment flags - if [[ -n "$environment" ]]; then - # This variable may contain multiple Environment= directives - cat >> "$service_file" <<< "$environment" - fi - if [[ -n "$environment_file" ]]; then - # This variable may contain multiple EnvironmentFile= directives - cat >> "$service_file" <<< "$environment_file" - fi - # Logging - if [[ -n "$standard_output" ]]; then - cat >> "$service_file" <<< "StandardOutput=${standard_output}" - fi - if [[ -n "$standard_error" ]]; then - cat >> "$service_file" <<< "StandardError=${standard_error}" - fi - if [[ -n "$custom_service_content" ]]; then - # This variable may contain multiple miscellaneous directives - cat >> "$service_file" <<< "$custom_service_content" - fi - if [[ -n "$success_exit_status" ]]; then - cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv6() { - local ip="${1:?ip is missing}" - local stat=1 - local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' - local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' - - if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then - stat=0 - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 or IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ip() { - local ip="${1:?ip is missing}" - local stat=1 - - if validate_ipv4 "$ip"; then - stat=0 - else - stat=$(validate_ipv6 "$ip") - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f0d5a5cd33892..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[j]="${BASH_REMATCH[$i]}" - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index acb84fc2339bb..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl start "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" - fi -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl stop "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" - fi -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl restart "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" - fi -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl reload "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" - fi -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb/10.5/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb/10.5/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb/10.5/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh deleted file mode 100644 index 0a93e3b77f673..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh +++ /dev/null @@ -1,1428 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL library - -# shellcheck disable=SC1090,SC1091,SC2119,SC2120 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libversion.sh - -######################## -# Configure database extra start flags -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Array with extra flags to use -######################### -mysql_extra_flags() { - local randNumber - local -a dbExtraFlags=() - # shellcheck disable=SC2153 - read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" - dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") - if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") - elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then - dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") - fi - fi - - [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") - - echo "${dbExtraFlags[@]:-}" -} - -######################## -# Validate settings in MYSQL_*/MARIADB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_validate() { - info "Validating settings in MYSQL_*/MARIADB_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - if [[ "$DB_REPLICATION_MODE" = "master" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then - empty_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if (( ${#DB_ROOT_PASSWORD} > 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - if [[ -z "$DB_MASTER_HOST" ]]; then - print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" - fi - else - print_validation_error "Invalid replication mode. Available options are 'master/slave'" - fi - else - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then - print_validation_error "root user is already created in the database and you can't use it as username for user creation." - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "$FILE_LOCATION" - - info "Finish dump databases" - - info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;' - - info "Start import dump databases" - mysql_execute < "$FILE_LOCATION" - info "Finish import dump databases" - - mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then - echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" - fi - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Using persisted data" - # mysql_upgrade requires the server to be running - [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" - # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html - mysql_upgrade - else - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - info "Installing database" - mysql_install_db - mysql_start_bg - wait_for_mysql_access - # we delete existing users and create new ones with stricter access - # commands can still be executed until we restart or run 'flush privileges' - info "Configuring authentication" - mysql_execute "mysql" <=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for mysql common - -######################## -# Extract mysql version from version string -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Version string -######################### -mysql_get_version() { - local ver_string - local -a ver_split - - ver_string=$("${DB_BIN_DIR}/mysql" "--version") - read -r -a ver_split <<< "$ver_string" - - if [[ "$ver_string" = *" Distrib "* ]]; then - echo "${ver_split[4]::-1}" - else - echo "${ver_split[2]}" - fi -} - -######################## -# Gets an environment variable name based on the suffix -# Globals: -# DB_FLAVOR -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var() { - local -r id="${1:?id is required}" - local -r prefix="${DB_FLAVOR//-/_}" - echo "${prefix^^}_${id}" -} - -######################## -# Gets an environment variable value for the master node and based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable value -######################### -get_master_env_var_value() { - local envVar - - PREFIX="" - [[ "${DB_REPLICATION_MODE:-}" = "slave" ]] && PREFIX="MASTER_" - envVar="$(get_env_var "${PREFIX}${1}_FILE")" - if [[ -f "${!envVar:-}" ]]; then - echo "$(< "${!envVar}")" - else - envVar="$(get_env_var "${PREFIX}${1}")" - echo "${!envVar:-}" - fi -} - -######################## -# Execute an arbitrary query/queries against the running MySQL/MariaDB service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra MySQL CLI options -# Returns: -# None -mysql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-root}" - local -r pass="${3:-}" - local -a opts extra_opts - read -r -a opts <<< "${@:4}" - read -r -a extra_opts <<< "$(mysql_client_extra_opts)" - - # Process mysql CLI arguments - local -a args=() - if [[ -f "$DB_CONF_FILE" ]]; then - args+=("--defaults-file=${DB_CONF_FILE}") - fi - args+=("-N" "-u" "$user") - [[ -n "$db" ]] && args+=("$db") - [[ -n "$pass" ]] && args+=("-p$pass") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}") - - # Obtain the command specified via stdin - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - local mysql_cmd - mysql_cmd="$(> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 15c1253263343..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh b/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh deleted file mode 100755 index 5daeb16c64943..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/mariadb/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh b/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh deleted file mode 100755 index 60211b1057f6e..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadb.sh - -# Load MySQL environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh b/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh deleted file mode 100755 index ee8217ffb401c..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf "/proc/1/fd/1" "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh b/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh deleted file mode 100755 index 97f5d80c226f0..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -info "** Starting MariaDB **" -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh b/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh deleted file mode 100755 index 9dcc55c047ade..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb/10.5/debian-12/tags-info.yaml b/bitnami/mariadb/10.5/debian-12/tags-info.yaml deleted file mode 100644 index 8e9f78d61cc7c..0000000000000 --- a/bitnami/mariadb/10.5/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "10.5" -- 10.5-debian-12 -- 10.5.25 diff --git a/bitnami/mariadb/10.6/README.md b/bitnami/mariadb/10.6/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb/10.6/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb/10.6/debian-12/Dockerfile b/bitnami/mariadb/10.6/debian-12/Dockerfile deleted file mode 100644 index e263e11684c17..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T08:56:16Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="10.6.18-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ - org.opencontainers.image.title="mariadb" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="10.6.18" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps psmisc zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-10.6.18-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb/postunpack.sh -ENV APP_VERSION="10.6.18" \ - BITNAMI_APP_NAME="mariadb" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb/run.sh" ] diff --git a/bitnami/mariadb/10.6/debian-12/docker-compose.yml b/bitnami/mariadb/10.6/debian-12/docker-compose.yml deleted file mode 100644 index 21299e46c74e4..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb: - image: docker.io/bitnami/mariadb:10.6 - ports: - - '3306:3306' - volumes: - - 'mariadb_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_data: - driver: local diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 4131e3a326188..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "10.6.18-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 1c69e0e48a5d0..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 970d624179642..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - [ -d "${dir}" ] || mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - find -L "$p" -printf "" - if [[ -n $dir_mode ]]; then - find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" - fi - if [[ -n $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" - elif [[ -n $user ]] && [[ -z $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}" - elif [[ -z $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chgrp "${group}" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index f3a5fe7868eed..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index 450f05bd823ff..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index 9d908c48579b9..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,657 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# --name - Distro name -# --pretty-name - Distro pretty name -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - --name) - get_os_release_metadata NAME - ;; - --pretty-name) - get_os_release_metadata PRETTY_NAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - numeric) - filter="0-9" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - alphanumeric+special|special+alphanumeric) - # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters - # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9:@.,/+!=' - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Get boot time -# Globals: -# None -# Arguments: -# None -# Returns: -# Boot time metadata -######################### -get_boot_time() { - stat /proc --format=%Y -} - -######################## -# Get machine ID -# Globals: -# None -# Arguments: -# None -# Returns: -# Machine ID -######################### -get_machine_id() { - local machine_id - if [[ -f /etc/machine-id ]]; then - machine_id="$(cat /etc/machine-id)" - fi - if [[ -z "$machine_id" ]]; then - # Fallback to the boot-time, which will at least ensure a unique ID in the current session - machine_id="$(get_boot_time)" - fi - echo "$machine_id" -} - -######################## -# Get the root partition's disk device ID (e.g. /dev/sda1) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root partition disk ID -######################### -get_disk_device_id() { - local device_id="" - if grep -q ^/dev /proc/mounts; then - device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" - fi - # If it could not be autodetected, fallback to /dev/sda1 as a default - if [[ -z "$device_id" || ! -b "$device_id" ]]; then - device_id="/dev/sda1" - fi - echo "$device_id" -} - -######################## -# Get the root disk device ID (e.g. /dev/sda) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk ID -######################### -get_root_disk_device_id() { - get_disk_device_id | sed -E 's/p?[0-9]+$//' -} - -######################## -# Get the root disk size in bytes -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk size in bytes -######################### -get_root_disk_size() { - fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 18445e7d27fa3..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index 1f9b33096b026..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat < "${logrotate_conf_dir}/${service_name}" -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} - -######################## -# Generate a Systemd configuration file -# Arguments: -# $1 - Service name -# Flags: -# --custom-service-content - Custom content to add to the [service] block -# --environment - Environment variable to define (multiple --environment options may be passed) -# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) -# --exec-start - Start command (required) -# --exec-start-pre - Pre-start command (optional) -# --exec-start-post - Post-start command (optional) -# --exec-stop - Stop command (optional) -# --exec-reload - Reload command (optional) -# --group - System group to start the service with -# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) -# --restart - When to restart the Systemd service after being stopped (defaults to always) -# --pid-file - Service PID file -# --standard-output - File where to print stdout output -# --standard-error - File where to print stderr output -# --success-exit-status - Exit code that indicates a successful shutdown -# --type - Systemd unit type (defaults to forking) -# --user - System user to start the service with -# --working-directory - Working directory at which to start the service -# Returns: -# None -######################### -generate_systemd_conf() { - local -r service_name="${1:?service name is missing}" - local -r systemd_units_dir="/etc/systemd/system" - local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" - # Default values - local name="$service_name" - local type="forking" - local user="" - local group="" - local environment="" - local environment_file="" - local exec_start="" - local exec_start_pre="" - local exec_start_post="" - local exec_stop="" - local exec_reload="" - local restart="always" - local pid_file="" - local standard_output="journal" - local standard_error="" - local limits_content="" - local success_exit_status="" - local custom_service_content="" - local working_directory="" - # Parse CLI flags - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --name \ - | --type \ - | --user \ - | --group \ - | --exec-start \ - | --exec-stop \ - | --exec-reload \ - | --restart \ - | --pid-file \ - | --standard-output \ - | --standard-error \ - | --success-exit-status \ - | --custom-service-content \ - | --working-directory \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "$var_name"="${1:?"${var_name} value is missing"}" - ;; - --limit-*) - [[ -n "$limits_content" ]] && limits_content+=$'\n' - var_name="${1//--limit-}" - shift - limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" - ;; - --exec-start-pre) - shift - [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' - exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" - ;; - --exec-start-post) - shift - [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' - exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" - ;; - --environment) - shift - # It is possible to add multiple environment lines - [[ -n "$environment" ]] && environment+=$'\n' - environment+="Environment=${1:?"--environment value is missing"}" - ;; - --environment-file) - shift - # It is possible to add multiple environment-file lines - [[ -n "$environment_file" ]] && environment_file+=$'\n' - environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - # Validate inputs - local error="no" - if [[ -z "$exec_start" ]]; then - error "The --exec-start option is required" - error="yes" - fi - if [[ "$error" != "no" ]]; then - return 1 - fi - # Generate the Systemd unit - cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" - fi - if [[ -n "$exec_start_pre" ]]; then - # This variable may contain multiple ExecStartPre= directives - cat >> "$service_file" <<< "$exec_start_pre" - fi - if [[ -n "$exec_start" ]]; then - cat >> "$service_file" <<< "ExecStart=${exec_start}" - fi - if [[ -n "$exec_start_post" ]]; then - # This variable may contain multiple ExecStartPost= directives - cat >> "$service_file" <<< "$exec_start_post" - fi - # Optional stop and reload commands - if [[ -n "$exec_stop" ]]; then - cat >> "$service_file" <<< "ExecStop=${exec_stop}" - fi - if [[ -n "$exec_reload" ]]; then - cat >> "$service_file" <<< "ExecReload=${exec_reload}" - fi - # User and group - if [[ -n "$user" ]]; then - cat >> "$service_file" <<< "User=${user}" - fi - if [[ -n "$group" ]]; then - cat >> "$service_file" <<< "Group=${group}" - fi - # PID file allows to determine if the main process is running properly (for Restart=always) - if [[ -n "$pid_file" ]]; then - cat >> "$service_file" <<< "PIDFile=${pid_file}" - fi - if [[ -n "$restart" ]]; then - cat >> "$service_file" <<< "Restart=${restart}" - fi - # Environment flags - if [[ -n "$environment" ]]; then - # This variable may contain multiple Environment= directives - cat >> "$service_file" <<< "$environment" - fi - if [[ -n "$environment_file" ]]; then - # This variable may contain multiple EnvironmentFile= directives - cat >> "$service_file" <<< "$environment_file" - fi - # Logging - if [[ -n "$standard_output" ]]; then - cat >> "$service_file" <<< "StandardOutput=${standard_output}" - fi - if [[ -n "$standard_error" ]]; then - cat >> "$service_file" <<< "StandardError=${standard_error}" - fi - if [[ -n "$custom_service_content" ]]; then - # This variable may contain multiple miscellaneous directives - cat >> "$service_file" <<< "$custom_service_content" - fi - if [[ -n "$success_exit_status" ]]; then - cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv6() { - local ip="${1:?ip is missing}" - local stat=1 - local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' - local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' - - if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then - stat=0 - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 or IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ip() { - local ip="${1:?ip is missing}" - local stat=1 - - if validate_ipv4 "$ip"; then - stat=0 - else - stat=$(validate_ipv6 "$ip") - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f0d5a5cd33892..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[j]="${BASH_REMATCH[$i]}" - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index acb84fc2339bb..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl start "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" - fi -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl stop "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" - fi -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl restart "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" - fi -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl reload "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" - fi -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb/10.6/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb/10.6/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb/10.6/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh deleted file mode 100644 index 0a93e3b77f673..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh +++ /dev/null @@ -1,1428 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL library - -# shellcheck disable=SC1090,SC1091,SC2119,SC2120 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libversion.sh - -######################## -# Configure database extra start flags -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Array with extra flags to use -######################### -mysql_extra_flags() { - local randNumber - local -a dbExtraFlags=() - # shellcheck disable=SC2153 - read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" - dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") - if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") - elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then - dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") - fi - fi - - [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") - - echo "${dbExtraFlags[@]:-}" -} - -######################## -# Validate settings in MYSQL_*/MARIADB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_validate() { - info "Validating settings in MYSQL_*/MARIADB_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - if [[ "$DB_REPLICATION_MODE" = "master" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then - empty_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if (( ${#DB_ROOT_PASSWORD} > 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - if [[ -z "$DB_MASTER_HOST" ]]; then - print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" - fi - else - print_validation_error "Invalid replication mode. Available options are 'master/slave'" - fi - else - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then - print_validation_error "root user is already created in the database and you can't use it as username for user creation." - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "$FILE_LOCATION" - - info "Finish dump databases" - - info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;' - - info "Start import dump databases" - mysql_execute < "$FILE_LOCATION" - info "Finish import dump databases" - - mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then - echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" - fi - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Using persisted data" - # mysql_upgrade requires the server to be running - [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" - # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html - mysql_upgrade - else - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - info "Installing database" - mysql_install_db - mysql_start_bg - wait_for_mysql_access - # we delete existing users and create new ones with stricter access - # commands can still be executed until we restart or run 'flush privileges' - info "Configuring authentication" - mysql_execute "mysql" <=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for mysql common - -######################## -# Extract mysql version from version string -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Version string -######################### -mysql_get_version() { - local ver_string - local -a ver_split - - ver_string=$("${DB_BIN_DIR}/mysql" "--version") - read -r -a ver_split <<< "$ver_string" - - if [[ "$ver_string" = *" Distrib "* ]]; then - echo "${ver_split[4]::-1}" - else - echo "${ver_split[2]}" - fi -} - -######################## -# Gets an environment variable name based on the suffix -# Globals: -# DB_FLAVOR -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var() { - local -r id="${1:?id is required}" - local -r prefix="${DB_FLAVOR//-/_}" - echo "${prefix^^}_${id}" -} - -######################## -# Gets an environment variable value for the master node and based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable value -######################### -get_master_env_var_value() { - local envVar - - PREFIX="" - [[ "${DB_REPLICATION_MODE:-}" = "slave" ]] && PREFIX="MASTER_" - envVar="$(get_env_var "${PREFIX}${1}_FILE")" - if [[ -f "${!envVar:-}" ]]; then - echo "$(< "${!envVar}")" - else - envVar="$(get_env_var "${PREFIX}${1}")" - echo "${!envVar:-}" - fi -} - -######################## -# Execute an arbitrary query/queries against the running MySQL/MariaDB service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra MySQL CLI options -# Returns: -# None -mysql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-root}" - local -r pass="${3:-}" - local -a opts extra_opts - read -r -a opts <<< "${@:4}" - read -r -a extra_opts <<< "$(mysql_client_extra_opts)" - - # Process mysql CLI arguments - local -a args=() - if [[ -f "$DB_CONF_FILE" ]]; then - args+=("--defaults-file=${DB_CONF_FILE}") - fi - args+=("-N" "-u" "$user") - [[ -n "$db" ]] && args+=("$db") - [[ -n "$pass" ]] && args+=("-p$pass") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}") - - # Obtain the command specified via stdin - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - local mysql_cmd - mysql_cmd="$(> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 15c1253263343..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh b/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh deleted file mode 100755 index 5daeb16c64943..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/mariadb/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh b/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh deleted file mode 100755 index 60211b1057f6e..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadb.sh - -# Load MySQL environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh b/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh deleted file mode 100755 index ee8217ffb401c..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf "/proc/1/fd/1" "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh b/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh deleted file mode 100755 index 97f5d80c226f0..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -info "** Starting MariaDB **" -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh b/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh deleted file mode 100755 index 9dcc55c047ade..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb/10.6/debian-12/tags-info.yaml b/bitnami/mariadb/10.6/debian-12/tags-info.yaml deleted file mode 100644 index 7112b81f86269..0000000000000 --- a/bitnami/mariadb/10.6/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "10.6" -- 10.6-debian-12 -- 10.6.18 diff --git a/bitnami/mariadb/11.0/debian-12/Dockerfile b/bitnami/mariadb/11.0/debian-12/Dockerfile deleted file mode 100644 index f48f9c5a1ee35..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T08:56:21Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.0.6-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ - org.opencontainers.image.title="mariadb" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.0.6" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps psmisc zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-11.0.6-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb/postunpack.sh -ENV APP_VERSION="11.0.6" \ - BITNAMI_APP_NAME="mariadb" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb/run.sh" ] diff --git a/bitnami/mariadb/11.0/debian-12/docker-compose.yml b/bitnami/mariadb/11.0/debian-12/docker-compose.yml deleted file mode 100644 index ce90760349236..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb: - image: docker.io/bitnami/mariadb:11.0 - ports: - - '3306:3306' - volumes: - - 'mariadb_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_data: - driver: local diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 3f8269ba35ae4..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.0.6-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 1c69e0e48a5d0..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 970d624179642..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - [ -d "${dir}" ] || mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - find -L "$p" -printf "" - if [[ -n $dir_mode ]]; then - find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" - fi - if [[ -n $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" - elif [[ -n $user ]] && [[ -z $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}" - elif [[ -z $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chgrp "${group}" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index f3a5fe7868eed..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index 450f05bd823ff..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index 9d908c48579b9..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,657 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# --name - Distro name -# --pretty-name - Distro pretty name -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - --name) - get_os_release_metadata NAME - ;; - --pretty-name) - get_os_release_metadata PRETTY_NAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - numeric) - filter="0-9" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - alphanumeric+special|special+alphanumeric) - # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters - # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9:@.,/+!=' - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Get boot time -# Globals: -# None -# Arguments: -# None -# Returns: -# Boot time metadata -######################### -get_boot_time() { - stat /proc --format=%Y -} - -######################## -# Get machine ID -# Globals: -# None -# Arguments: -# None -# Returns: -# Machine ID -######################### -get_machine_id() { - local machine_id - if [[ -f /etc/machine-id ]]; then - machine_id="$(cat /etc/machine-id)" - fi - if [[ -z "$machine_id" ]]; then - # Fallback to the boot-time, which will at least ensure a unique ID in the current session - machine_id="$(get_boot_time)" - fi - echo "$machine_id" -} - -######################## -# Get the root partition's disk device ID (e.g. /dev/sda1) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root partition disk ID -######################### -get_disk_device_id() { - local device_id="" - if grep -q ^/dev /proc/mounts; then - device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" - fi - # If it could not be autodetected, fallback to /dev/sda1 as a default - if [[ -z "$device_id" || ! -b "$device_id" ]]; then - device_id="/dev/sda1" - fi - echo "$device_id" -} - -######################## -# Get the root disk device ID (e.g. /dev/sda) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk ID -######################### -get_root_disk_device_id() { - get_disk_device_id | sed -E 's/p?[0-9]+$//' -} - -######################## -# Get the root disk size in bytes -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk size in bytes -######################### -get_root_disk_size() { - fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 18445e7d27fa3..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index 1f9b33096b026..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat < "${logrotate_conf_dir}/${service_name}" -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} - -######################## -# Generate a Systemd configuration file -# Arguments: -# $1 - Service name -# Flags: -# --custom-service-content - Custom content to add to the [service] block -# --environment - Environment variable to define (multiple --environment options may be passed) -# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) -# --exec-start - Start command (required) -# --exec-start-pre - Pre-start command (optional) -# --exec-start-post - Post-start command (optional) -# --exec-stop - Stop command (optional) -# --exec-reload - Reload command (optional) -# --group - System group to start the service with -# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) -# --restart - When to restart the Systemd service after being stopped (defaults to always) -# --pid-file - Service PID file -# --standard-output - File where to print stdout output -# --standard-error - File where to print stderr output -# --success-exit-status - Exit code that indicates a successful shutdown -# --type - Systemd unit type (defaults to forking) -# --user - System user to start the service with -# --working-directory - Working directory at which to start the service -# Returns: -# None -######################### -generate_systemd_conf() { - local -r service_name="${1:?service name is missing}" - local -r systemd_units_dir="/etc/systemd/system" - local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" - # Default values - local name="$service_name" - local type="forking" - local user="" - local group="" - local environment="" - local environment_file="" - local exec_start="" - local exec_start_pre="" - local exec_start_post="" - local exec_stop="" - local exec_reload="" - local restart="always" - local pid_file="" - local standard_output="journal" - local standard_error="" - local limits_content="" - local success_exit_status="" - local custom_service_content="" - local working_directory="" - # Parse CLI flags - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --name \ - | --type \ - | --user \ - | --group \ - | --exec-start \ - | --exec-stop \ - | --exec-reload \ - | --restart \ - | --pid-file \ - | --standard-output \ - | --standard-error \ - | --success-exit-status \ - | --custom-service-content \ - | --working-directory \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "$var_name"="${1:?"${var_name} value is missing"}" - ;; - --limit-*) - [[ -n "$limits_content" ]] && limits_content+=$'\n' - var_name="${1//--limit-}" - shift - limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" - ;; - --exec-start-pre) - shift - [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' - exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" - ;; - --exec-start-post) - shift - [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' - exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" - ;; - --environment) - shift - # It is possible to add multiple environment lines - [[ -n "$environment" ]] && environment+=$'\n' - environment+="Environment=${1:?"--environment value is missing"}" - ;; - --environment-file) - shift - # It is possible to add multiple environment-file lines - [[ -n "$environment_file" ]] && environment_file+=$'\n' - environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - # Validate inputs - local error="no" - if [[ -z "$exec_start" ]]; then - error "The --exec-start option is required" - error="yes" - fi - if [[ "$error" != "no" ]]; then - return 1 - fi - # Generate the Systemd unit - cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" - fi - if [[ -n "$exec_start_pre" ]]; then - # This variable may contain multiple ExecStartPre= directives - cat >> "$service_file" <<< "$exec_start_pre" - fi - if [[ -n "$exec_start" ]]; then - cat >> "$service_file" <<< "ExecStart=${exec_start}" - fi - if [[ -n "$exec_start_post" ]]; then - # This variable may contain multiple ExecStartPost= directives - cat >> "$service_file" <<< "$exec_start_post" - fi - # Optional stop and reload commands - if [[ -n "$exec_stop" ]]; then - cat >> "$service_file" <<< "ExecStop=${exec_stop}" - fi - if [[ -n "$exec_reload" ]]; then - cat >> "$service_file" <<< "ExecReload=${exec_reload}" - fi - # User and group - if [[ -n "$user" ]]; then - cat >> "$service_file" <<< "User=${user}" - fi - if [[ -n "$group" ]]; then - cat >> "$service_file" <<< "Group=${group}" - fi - # PID file allows to determine if the main process is running properly (for Restart=always) - if [[ -n "$pid_file" ]]; then - cat >> "$service_file" <<< "PIDFile=${pid_file}" - fi - if [[ -n "$restart" ]]; then - cat >> "$service_file" <<< "Restart=${restart}" - fi - # Environment flags - if [[ -n "$environment" ]]; then - # This variable may contain multiple Environment= directives - cat >> "$service_file" <<< "$environment" - fi - if [[ -n "$environment_file" ]]; then - # This variable may contain multiple EnvironmentFile= directives - cat >> "$service_file" <<< "$environment_file" - fi - # Logging - if [[ -n "$standard_output" ]]; then - cat >> "$service_file" <<< "StandardOutput=${standard_output}" - fi - if [[ -n "$standard_error" ]]; then - cat >> "$service_file" <<< "StandardError=${standard_error}" - fi - if [[ -n "$custom_service_content" ]]; then - # This variable may contain multiple miscellaneous directives - cat >> "$service_file" <<< "$custom_service_content" - fi - if [[ -n "$success_exit_status" ]]; then - cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv6() { - local ip="${1:?ip is missing}" - local stat=1 - local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' - local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' - - if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then - stat=0 - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 or IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ip() { - local ip="${1:?ip is missing}" - local stat=1 - - if validate_ipv4 "$ip"; then - stat=0 - else - stat=$(validate_ipv6 "$ip") - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f0d5a5cd33892..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[j]="${BASH_REMATCH[$i]}" - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index acb84fc2339bb..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl start "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" - fi -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl stop "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" - fi -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl restart "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" - fi -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl reload "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" - fi -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb/11.0/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb/11.0/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb/11.0/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh deleted file mode 100644 index 0a93e3b77f673..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh +++ /dev/null @@ -1,1428 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL library - -# shellcheck disable=SC1090,SC1091,SC2119,SC2120 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libversion.sh - -######################## -# Configure database extra start flags -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Array with extra flags to use -######################### -mysql_extra_flags() { - local randNumber - local -a dbExtraFlags=() - # shellcheck disable=SC2153 - read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" - dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") - if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") - elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then - dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") - fi - fi - - [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") - - echo "${dbExtraFlags[@]:-}" -} - -######################## -# Validate settings in MYSQL_*/MARIADB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_validate() { - info "Validating settings in MYSQL_*/MARIADB_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - if [[ "$DB_REPLICATION_MODE" = "master" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then - empty_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if (( ${#DB_ROOT_PASSWORD} > 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - if [[ -z "$DB_MASTER_HOST" ]]; then - print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" - fi - else - print_validation_error "Invalid replication mode. Available options are 'master/slave'" - fi - else - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then - print_validation_error "root user is already created in the database and you can't use it as username for user creation." - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "$FILE_LOCATION" - - info "Finish dump databases" - - info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;' - - info "Start import dump databases" - mysql_execute < "$FILE_LOCATION" - info "Finish import dump databases" - - mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then - echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" - fi - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Using persisted data" - # mysql_upgrade requires the server to be running - [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" - # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html - mysql_upgrade - else - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - info "Installing database" - mysql_install_db - mysql_start_bg - wait_for_mysql_access - # we delete existing users and create new ones with stricter access - # commands can still be executed until we restart or run 'flush privileges' - info "Configuring authentication" - mysql_execute "mysql" <=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for mysql common - -######################## -# Extract mysql version from version string -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Version string -######################### -mysql_get_version() { - local ver_string - local -a ver_split - - ver_string=$("${DB_BIN_DIR}/mysql" "--version") - read -r -a ver_split <<< "$ver_string" - - if [[ "$ver_string" = *" Distrib "* ]]; then - echo "${ver_split[4]::-1}" - else - echo "${ver_split[2]}" - fi -} - -######################## -# Gets an environment variable name based on the suffix -# Globals: -# DB_FLAVOR -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var() { - local -r id="${1:?id is required}" - local -r prefix="${DB_FLAVOR//-/_}" - echo "${prefix^^}_${id}" -} - -######################## -# Gets an environment variable value for the master node and based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable value -######################### -get_master_env_var_value() { - local envVar - - PREFIX="" - [[ "${DB_REPLICATION_MODE:-}" = "slave" ]] && PREFIX="MASTER_" - envVar="$(get_env_var "${PREFIX}${1}_FILE")" - if [[ -f "${!envVar:-}" ]]; then - echo "$(< "${!envVar}")" - else - envVar="$(get_env_var "${PREFIX}${1}")" - echo "${!envVar:-}" - fi -} - -######################## -# Execute an arbitrary query/queries against the running MySQL/MariaDB service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra MySQL CLI options -# Returns: -# None -mysql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-root}" - local -r pass="${3:-}" - local -a opts extra_opts - read -r -a opts <<< "${@:4}" - read -r -a extra_opts <<< "$(mysql_client_extra_opts)" - - # Process mysql CLI arguments - local -a args=() - if [[ -f "$DB_CONF_FILE" ]]; then - args+=("--defaults-file=${DB_CONF_FILE}") - fi - args+=("-N" "-u" "$user") - [[ -n "$db" ]] && args+=("$db") - [[ -n "$pass" ]] && args+=("-p$pass") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}") - - # Obtain the command specified via stdin - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - local mysql_cmd - mysql_cmd="$(> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 15c1253263343..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh b/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh deleted file mode 100755 index 5daeb16c64943..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/mariadb/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh b/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh deleted file mode 100755 index 60211b1057f6e..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadb.sh - -# Load MySQL environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh b/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh deleted file mode 100755 index ee8217ffb401c..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf "/proc/1/fd/1" "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh b/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh deleted file mode 100755 index 97f5d80c226f0..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -info "** Starting MariaDB **" -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh b/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh deleted file mode 100755 index 9dcc55c047ade..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb/11.0/debian-12/tags-info.yaml b/bitnami/mariadb/11.0/debian-12/tags-info.yaml deleted file mode 100644 index 4d8cd7049b942..0000000000000 --- a/bitnami/mariadb/11.0/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "11.0" -- 11.0-debian-12 -- 11.0.6 diff --git a/bitnami/mariadb/11.1/debian-12/Dockerfile b/bitnami/mariadb/11.1/debian-12/Dockerfile deleted file mode 100644 index 2acf3d440c20d..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T09:17:48Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.1.5-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ - org.opencontainers.image.title="mariadb" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.1.5" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps psmisc zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-11.1.5-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb/postunpack.sh -ENV APP_VERSION="11.1.5" \ - BITNAMI_APP_NAME="mariadb" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb/run.sh" ] diff --git a/bitnami/mariadb/11.1/debian-12/docker-compose.yml b/bitnami/mariadb/11.1/debian-12/docker-compose.yml deleted file mode 100644 index 5742a1b809dd3..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb: - image: docker.io/bitnami/mariadb:11.1 - ports: - - '3306:3306' - volumes: - - 'mariadb_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_data: - driver: local diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 9086dc495084a..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.1.5-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 1c69e0e48a5d0..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 970d624179642..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - [ -d "${dir}" ] || mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - find -L "$p" -printf "" - if [[ -n $dir_mode ]]; then - find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" - fi - if [[ -n $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" - elif [[ -n $user ]] && [[ -z $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}" - elif [[ -z $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chgrp "${group}" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index f3a5fe7868eed..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index 450f05bd823ff..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index 9d908c48579b9..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,657 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# --name - Distro name -# --pretty-name - Distro pretty name -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - --name) - get_os_release_metadata NAME - ;; - --pretty-name) - get_os_release_metadata PRETTY_NAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - numeric) - filter="0-9" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - alphanumeric+special|special+alphanumeric) - # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters - # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9:@.,/+!=' - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Get boot time -# Globals: -# None -# Arguments: -# None -# Returns: -# Boot time metadata -######################### -get_boot_time() { - stat /proc --format=%Y -} - -######################## -# Get machine ID -# Globals: -# None -# Arguments: -# None -# Returns: -# Machine ID -######################### -get_machine_id() { - local machine_id - if [[ -f /etc/machine-id ]]; then - machine_id="$(cat /etc/machine-id)" - fi - if [[ -z "$machine_id" ]]; then - # Fallback to the boot-time, which will at least ensure a unique ID in the current session - machine_id="$(get_boot_time)" - fi - echo "$machine_id" -} - -######################## -# Get the root partition's disk device ID (e.g. /dev/sda1) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root partition disk ID -######################### -get_disk_device_id() { - local device_id="" - if grep -q ^/dev /proc/mounts; then - device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" - fi - # If it could not be autodetected, fallback to /dev/sda1 as a default - if [[ -z "$device_id" || ! -b "$device_id" ]]; then - device_id="/dev/sda1" - fi - echo "$device_id" -} - -######################## -# Get the root disk device ID (e.g. /dev/sda) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk ID -######################### -get_root_disk_device_id() { - get_disk_device_id | sed -E 's/p?[0-9]+$//' -} - -######################## -# Get the root disk size in bytes -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk size in bytes -######################### -get_root_disk_size() { - fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 18445e7d27fa3..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index 1f9b33096b026..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat < "${logrotate_conf_dir}/${service_name}" -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} - -######################## -# Generate a Systemd configuration file -# Arguments: -# $1 - Service name -# Flags: -# --custom-service-content - Custom content to add to the [service] block -# --environment - Environment variable to define (multiple --environment options may be passed) -# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) -# --exec-start - Start command (required) -# --exec-start-pre - Pre-start command (optional) -# --exec-start-post - Post-start command (optional) -# --exec-stop - Stop command (optional) -# --exec-reload - Reload command (optional) -# --group - System group to start the service with -# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) -# --restart - When to restart the Systemd service after being stopped (defaults to always) -# --pid-file - Service PID file -# --standard-output - File where to print stdout output -# --standard-error - File where to print stderr output -# --success-exit-status - Exit code that indicates a successful shutdown -# --type - Systemd unit type (defaults to forking) -# --user - System user to start the service with -# --working-directory - Working directory at which to start the service -# Returns: -# None -######################### -generate_systemd_conf() { - local -r service_name="${1:?service name is missing}" - local -r systemd_units_dir="/etc/systemd/system" - local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" - # Default values - local name="$service_name" - local type="forking" - local user="" - local group="" - local environment="" - local environment_file="" - local exec_start="" - local exec_start_pre="" - local exec_start_post="" - local exec_stop="" - local exec_reload="" - local restart="always" - local pid_file="" - local standard_output="journal" - local standard_error="" - local limits_content="" - local success_exit_status="" - local custom_service_content="" - local working_directory="" - # Parse CLI flags - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --name \ - | --type \ - | --user \ - | --group \ - | --exec-start \ - | --exec-stop \ - | --exec-reload \ - | --restart \ - | --pid-file \ - | --standard-output \ - | --standard-error \ - | --success-exit-status \ - | --custom-service-content \ - | --working-directory \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "$var_name"="${1:?"${var_name} value is missing"}" - ;; - --limit-*) - [[ -n "$limits_content" ]] && limits_content+=$'\n' - var_name="${1//--limit-}" - shift - limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" - ;; - --exec-start-pre) - shift - [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' - exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" - ;; - --exec-start-post) - shift - [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' - exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" - ;; - --environment) - shift - # It is possible to add multiple environment lines - [[ -n "$environment" ]] && environment+=$'\n' - environment+="Environment=${1:?"--environment value is missing"}" - ;; - --environment-file) - shift - # It is possible to add multiple environment-file lines - [[ -n "$environment_file" ]] && environment_file+=$'\n' - environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - # Validate inputs - local error="no" - if [[ -z "$exec_start" ]]; then - error "The --exec-start option is required" - error="yes" - fi - if [[ "$error" != "no" ]]; then - return 1 - fi - # Generate the Systemd unit - cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" - fi - if [[ -n "$exec_start_pre" ]]; then - # This variable may contain multiple ExecStartPre= directives - cat >> "$service_file" <<< "$exec_start_pre" - fi - if [[ -n "$exec_start" ]]; then - cat >> "$service_file" <<< "ExecStart=${exec_start}" - fi - if [[ -n "$exec_start_post" ]]; then - # This variable may contain multiple ExecStartPost= directives - cat >> "$service_file" <<< "$exec_start_post" - fi - # Optional stop and reload commands - if [[ -n "$exec_stop" ]]; then - cat >> "$service_file" <<< "ExecStop=${exec_stop}" - fi - if [[ -n "$exec_reload" ]]; then - cat >> "$service_file" <<< "ExecReload=${exec_reload}" - fi - # User and group - if [[ -n "$user" ]]; then - cat >> "$service_file" <<< "User=${user}" - fi - if [[ -n "$group" ]]; then - cat >> "$service_file" <<< "Group=${group}" - fi - # PID file allows to determine if the main process is running properly (for Restart=always) - if [[ -n "$pid_file" ]]; then - cat >> "$service_file" <<< "PIDFile=${pid_file}" - fi - if [[ -n "$restart" ]]; then - cat >> "$service_file" <<< "Restart=${restart}" - fi - # Environment flags - if [[ -n "$environment" ]]; then - # This variable may contain multiple Environment= directives - cat >> "$service_file" <<< "$environment" - fi - if [[ -n "$environment_file" ]]; then - # This variable may contain multiple EnvironmentFile= directives - cat >> "$service_file" <<< "$environment_file" - fi - # Logging - if [[ -n "$standard_output" ]]; then - cat >> "$service_file" <<< "StandardOutput=${standard_output}" - fi - if [[ -n "$standard_error" ]]; then - cat >> "$service_file" <<< "StandardError=${standard_error}" - fi - if [[ -n "$custom_service_content" ]]; then - # This variable may contain multiple miscellaneous directives - cat >> "$service_file" <<< "$custom_service_content" - fi - if [[ -n "$success_exit_status" ]]; then - cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv6() { - local ip="${1:?ip is missing}" - local stat=1 - local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' - local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' - - if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then - stat=0 - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 or IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ip() { - local ip="${1:?ip is missing}" - local stat=1 - - if validate_ipv4 "$ip"; then - stat=0 - else - stat=$(validate_ipv6 "$ip") - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f0d5a5cd33892..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[j]="${BASH_REMATCH[$i]}" - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index acb84fc2339bb..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl start "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" - fi -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl stop "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" - fi -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl restart "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" - fi -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl reload "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" - fi -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb/11.1/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb/11.1/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb/11.1/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh deleted file mode 100644 index 0a93e3b77f673..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh +++ /dev/null @@ -1,1428 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL library - -# shellcheck disable=SC1090,SC1091,SC2119,SC2120 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libversion.sh - -######################## -# Configure database extra start flags -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Array with extra flags to use -######################### -mysql_extra_flags() { - local randNumber - local -a dbExtraFlags=() - # shellcheck disable=SC2153 - read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" - dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") - if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") - elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then - dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") - fi - fi - - [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") - - echo "${dbExtraFlags[@]:-}" -} - -######################## -# Validate settings in MYSQL_*/MARIADB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_validate() { - info "Validating settings in MYSQL_*/MARIADB_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - if [[ "$DB_REPLICATION_MODE" = "master" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then - empty_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if (( ${#DB_ROOT_PASSWORD} > 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - if [[ -z "$DB_MASTER_HOST" ]]; then - print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" - fi - else - print_validation_error "Invalid replication mode. Available options are 'master/slave'" - fi - else - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then - print_validation_error "root user is already created in the database and you can't use it as username for user creation." - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "$FILE_LOCATION" - - info "Finish dump databases" - - info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;' - - info "Start import dump databases" - mysql_execute < "$FILE_LOCATION" - info "Finish import dump databases" - - mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then - echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" - fi - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Using persisted data" - # mysql_upgrade requires the server to be running - [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" - # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html - mysql_upgrade - else - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - info "Installing database" - mysql_install_db - mysql_start_bg - wait_for_mysql_access - # we delete existing users and create new ones with stricter access - # commands can still be executed until we restart or run 'flush privileges' - info "Configuring authentication" - mysql_execute "mysql" <=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for mysql common - -######################## -# Extract mysql version from version string -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Version string -######################### -mysql_get_version() { - local ver_string - local -a ver_split - - ver_string=$("${DB_BIN_DIR}/mysql" "--version") - read -r -a ver_split <<< "$ver_string" - - if [[ "$ver_string" = *" Distrib "* ]]; then - echo "${ver_split[4]::-1}" - else - echo "${ver_split[2]}" - fi -} - -######################## -# Gets an environment variable name based on the suffix -# Globals: -# DB_FLAVOR -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var() { - local -r id="${1:?id is required}" - local -r prefix="${DB_FLAVOR//-/_}" - echo "${prefix^^}_${id}" -} - -######################## -# Gets an environment variable value for the master node and based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable value -######################### -get_master_env_var_value() { - local envVar - - PREFIX="" - [[ "${DB_REPLICATION_MODE:-}" = "slave" ]] && PREFIX="MASTER_" - envVar="$(get_env_var "${PREFIX}${1}_FILE")" - if [[ -f "${!envVar:-}" ]]; then - echo "$(< "${!envVar}")" - else - envVar="$(get_env_var "${PREFIX}${1}")" - echo "${!envVar:-}" - fi -} - -######################## -# Execute an arbitrary query/queries against the running MySQL/MariaDB service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra MySQL CLI options -# Returns: -# None -mysql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-root}" - local -r pass="${3:-}" - local -a opts extra_opts - read -r -a opts <<< "${@:4}" - read -r -a extra_opts <<< "$(mysql_client_extra_opts)" - - # Process mysql CLI arguments - local -a args=() - if [[ -f "$DB_CONF_FILE" ]]; then - args+=("--defaults-file=${DB_CONF_FILE}") - fi - args+=("-N" "-u" "$user") - [[ -n "$db" ]] && args+=("$db") - [[ -n "$pass" ]] && args+=("-p$pass") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}") - - # Obtain the command specified via stdin - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - local mysql_cmd - mysql_cmd="$(> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 15c1253263343..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh b/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh deleted file mode 100755 index 5daeb16c64943..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/mariadb/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh b/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh deleted file mode 100755 index 60211b1057f6e..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadb.sh - -# Load MySQL environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh b/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh deleted file mode 100755 index ee8217ffb401c..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf "/proc/1/fd/1" "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh b/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh deleted file mode 100755 index 97f5d80c226f0..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -info "** Starting MariaDB **" -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh b/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh deleted file mode 100755 index 9dcc55c047ade..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb/11.1/debian-12/tags-info.yaml b/bitnami/mariadb/11.1/debian-12/tags-info.yaml deleted file mode 100644 index 20d7940429d67..0000000000000 --- a/bitnami/mariadb/11.1/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "11.1" -- 11.1-debian-12 -- 11.1.5 diff --git a/bitnami/mariadb/11.2/README.md b/bitnami/mariadb/11.2/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb/11.2/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb/11.2/debian-12/Dockerfile b/bitnami/mariadb/11.2/debian-12/Dockerfile deleted file mode 100644 index 318be5795fe0f..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-17T09:42:23Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.2.4-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ - org.opencontainers.image.title="mariadb" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.2.4" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps psmisc zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-11.2.4-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb/postunpack.sh -ENV APP_VERSION="11.2.4" \ - BITNAMI_APP_NAME="mariadb" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb/run.sh" ] diff --git a/bitnami/mariadb/11.2/debian-12/docker-compose.yml b/bitnami/mariadb/11.2/debian-12/docker-compose.yml deleted file mode 100644 index 1d571dd54190f..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb: - image: docker.io/bitnami/mariadb:11.2 - ports: - - '3306:3306' - volumes: - - 'mariadb_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_data: - driver: local diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index a715f87352ff2..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.2.4-0" - } -} \ No newline at end of file diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 1c69e0e48a5d0..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 970d624179642..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - [ -d "${dir}" ] || mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - find -L "$p" -printf "" - if [[ -n $dir_mode ]]; then - find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" - fi - if [[ -n $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" - elif [[ -n $user ]] && [[ -z $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}" - elif [[ -z $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chgrp "${group}" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index f3a5fe7868eed..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index 450f05bd823ff..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 90652245c2a74..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index 9d908c48579b9..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,657 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# --name - Distro name -# --pretty-name - Distro pretty name -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - --name) - get_os_release_metadata NAME - ;; - --pretty-name) - get_os_release_metadata PRETTY_NAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - numeric) - filter="0-9" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - alphanumeric+special|special+alphanumeric) - # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters - # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9:@.,/+!=' - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Get boot time -# Globals: -# None -# Arguments: -# None -# Returns: -# Boot time metadata -######################### -get_boot_time() { - stat /proc --format=%Y -} - -######################## -# Get machine ID -# Globals: -# None -# Arguments: -# None -# Returns: -# Machine ID -######################### -get_machine_id() { - local machine_id - if [[ -f /etc/machine-id ]]; then - machine_id="$(cat /etc/machine-id)" - fi - if [[ -z "$machine_id" ]]; then - # Fallback to the boot-time, which will at least ensure a unique ID in the current session - machine_id="$(get_boot_time)" - fi - echo "$machine_id" -} - -######################## -# Get the root partition's disk device ID (e.g. /dev/sda1) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root partition disk ID -######################### -get_disk_device_id() { - local device_id="" - if grep -q ^/dev /proc/mounts; then - device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" - fi - # If it could not be autodetected, fallback to /dev/sda1 as a default - if [[ -z "$device_id" || ! -b "$device_id" ]]; then - device_id="/dev/sda1" - fi - echo "$device_id" -} - -######################## -# Get the root disk device ID (e.g. /dev/sda) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk ID -######################### -get_root_disk_device_id() { - get_disk_device_id | sed -E 's/p?[0-9]+$//' -} - -######################## -# Get the root disk size in bytes -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk size in bytes -######################### -get_root_disk_size() { - fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 18445e7d27fa3..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index 1f9b33096b026..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat < "${logrotate_conf_dir}/${service_name}" -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} - -######################## -# Generate a Systemd configuration file -# Arguments: -# $1 - Service name -# Flags: -# --custom-service-content - Custom content to add to the [service] block -# --environment - Environment variable to define (multiple --environment options may be passed) -# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) -# --exec-start - Start command (required) -# --exec-start-pre - Pre-start command (optional) -# --exec-start-post - Post-start command (optional) -# --exec-stop - Stop command (optional) -# --exec-reload - Reload command (optional) -# --group - System group to start the service with -# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) -# --restart - When to restart the Systemd service after being stopped (defaults to always) -# --pid-file - Service PID file -# --standard-output - File where to print stdout output -# --standard-error - File where to print stderr output -# --success-exit-status - Exit code that indicates a successful shutdown -# --type - Systemd unit type (defaults to forking) -# --user - System user to start the service with -# --working-directory - Working directory at which to start the service -# Returns: -# None -######################### -generate_systemd_conf() { - local -r service_name="${1:?service name is missing}" - local -r systemd_units_dir="/etc/systemd/system" - local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" - # Default values - local name="$service_name" - local type="forking" - local user="" - local group="" - local environment="" - local environment_file="" - local exec_start="" - local exec_start_pre="" - local exec_start_post="" - local exec_stop="" - local exec_reload="" - local restart="always" - local pid_file="" - local standard_output="journal" - local standard_error="" - local limits_content="" - local success_exit_status="" - local custom_service_content="" - local working_directory="" - # Parse CLI flags - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --name \ - | --type \ - | --user \ - | --group \ - | --exec-start \ - | --exec-stop \ - | --exec-reload \ - | --restart \ - | --pid-file \ - | --standard-output \ - | --standard-error \ - | --success-exit-status \ - | --custom-service-content \ - | --working-directory \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "$var_name"="${1:?"${var_name} value is missing"}" - ;; - --limit-*) - [[ -n "$limits_content" ]] && limits_content+=$'\n' - var_name="${1//--limit-}" - shift - limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" - ;; - --exec-start-pre) - shift - [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' - exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" - ;; - --exec-start-post) - shift - [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' - exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" - ;; - --environment) - shift - # It is possible to add multiple environment lines - [[ -n "$environment" ]] && environment+=$'\n' - environment+="Environment=${1:?"--environment value is missing"}" - ;; - --environment-file) - shift - # It is possible to add multiple environment-file lines - [[ -n "$environment_file" ]] && environment_file+=$'\n' - environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - # Validate inputs - local error="no" - if [[ -z "$exec_start" ]]; then - error "The --exec-start option is required" - error="yes" - fi - if [[ "$error" != "no" ]]; then - return 1 - fi - # Generate the Systemd unit - cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" - fi - if [[ -n "$exec_start_pre" ]]; then - # This variable may contain multiple ExecStartPre= directives - cat >> "$service_file" <<< "$exec_start_pre" - fi - if [[ -n "$exec_start" ]]; then - cat >> "$service_file" <<< "ExecStart=${exec_start}" - fi - if [[ -n "$exec_start_post" ]]; then - # This variable may contain multiple ExecStartPost= directives - cat >> "$service_file" <<< "$exec_start_post" - fi - # Optional stop and reload commands - if [[ -n "$exec_stop" ]]; then - cat >> "$service_file" <<< "ExecStop=${exec_stop}" - fi - if [[ -n "$exec_reload" ]]; then - cat >> "$service_file" <<< "ExecReload=${exec_reload}" - fi - # User and group - if [[ -n "$user" ]]; then - cat >> "$service_file" <<< "User=${user}" - fi - if [[ -n "$group" ]]; then - cat >> "$service_file" <<< "Group=${group}" - fi - # PID file allows to determine if the main process is running properly (for Restart=always) - if [[ -n "$pid_file" ]]; then - cat >> "$service_file" <<< "PIDFile=${pid_file}" - fi - if [[ -n "$restart" ]]; then - cat >> "$service_file" <<< "Restart=${restart}" - fi - # Environment flags - if [[ -n "$environment" ]]; then - # This variable may contain multiple Environment= directives - cat >> "$service_file" <<< "$environment" - fi - if [[ -n "$environment_file" ]]; then - # This variable may contain multiple EnvironmentFile= directives - cat >> "$service_file" <<< "$environment_file" - fi - # Logging - if [[ -n "$standard_output" ]]; then - cat >> "$service_file" <<< "StandardOutput=${standard_output}" - fi - if [[ -n "$standard_error" ]]; then - cat >> "$service_file" <<< "StandardError=${standard_error}" - fi - if [[ -n "$custom_service_content" ]]; then - # This variable may contain multiple miscellaneous directives - cat >> "$service_file" <<< "$custom_service_content" - fi - if [[ -n "$success_exit_status" ]]; then - cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv6() { - local ip="${1:?ip is missing}" - local stat=1 - local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' - local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' - - if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then - stat=0 - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 or IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ip() { - local ip="${1:?ip is missing}" - local stat=1 - - if validate_ipv4 "$ip"; then - stat=0 - else - stat=$(validate_ipv6 "$ip") - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f0d5a5cd33892..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[j]="${BASH_REMATCH[$i]}" - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index acb84fc2339bb..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl start "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" - fi -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl stop "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" - fi -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl restart "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" - fi -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl reload "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" - fi -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb/11.2/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb/11.2/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb/11.2/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh deleted file mode 100644 index 0a93e3b77f673..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh +++ /dev/null @@ -1,1428 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL library - -# shellcheck disable=SC1090,SC1091,SC2119,SC2120 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libversion.sh - -######################## -# Configure database extra start flags -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Array with extra flags to use -######################### -mysql_extra_flags() { - local randNumber - local -a dbExtraFlags=() - # shellcheck disable=SC2153 - read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" - dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") - if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") - elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then - dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") - fi - fi - - [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") - - echo "${dbExtraFlags[@]:-}" -} - -######################## -# Validate settings in MYSQL_*/MARIADB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_validate() { - info "Validating settings in MYSQL_*/MARIADB_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - if [[ "$DB_REPLICATION_MODE" = "master" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then - empty_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if (( ${#DB_ROOT_PASSWORD} > 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - if [[ -z "$DB_MASTER_HOST" ]]; then - print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" - fi - else - print_validation_error "Invalid replication mode. Available options are 'master/slave'" - fi - else - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then - print_validation_error "root user is already created in the database and you can't use it as username for user creation." - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "$FILE_LOCATION" - - info "Finish dump databases" - - info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;' - - info "Start import dump databases" - mysql_execute < "$FILE_LOCATION" - info "Finish import dump databases" - - mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then - echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" - fi - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Using persisted data" - # mysql_upgrade requires the server to be running - [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" - # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html - mysql_upgrade - else - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - info "Installing database" - mysql_install_db - mysql_start_bg - wait_for_mysql_access - # we delete existing users and create new ones with stricter access - # commands can still be executed until we restart or run 'flush privileges' - info "Configuring authentication" - mysql_execute "mysql" <=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for mysql common - -######################## -# Extract mysql version from version string -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Version string -######################### -mysql_get_version() { - local ver_string - local -a ver_split - - ver_string=$("${DB_BIN_DIR}/mysql" "--version") - read -r -a ver_split <<< "$ver_string" - - if [[ "$ver_string" = *" Distrib "* ]]; then - echo "${ver_split[4]::-1}" - else - echo "${ver_split[2]}" - fi -} - -######################## -# Gets an environment variable name based on the suffix -# Globals: -# DB_FLAVOR -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var() { - local -r id="${1:?id is required}" - local -r prefix="${DB_FLAVOR//-/_}" - echo "${prefix^^}_${id}" -} - -######################## -# Gets an environment variable value for the master node and based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable value -######################### -get_master_env_var_value() { - local envVar - - PREFIX="" - [[ "${DB_REPLICATION_MODE:-}" = "slave" ]] && PREFIX="MASTER_" - envVar="$(get_env_var "${PREFIX}${1}_FILE")" - if [[ -f "${!envVar:-}" ]]; then - echo "$(< "${!envVar}")" - else - envVar="$(get_env_var "${PREFIX}${1}")" - echo "${!envVar:-}" - fi -} - -######################## -# Execute an arbitrary query/queries against the running MySQL/MariaDB service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra MySQL CLI options -# Returns: -# None -mysql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-root}" - local -r pass="${3:-}" - local -a opts extra_opts - read -r -a opts <<< "${@:4}" - read -r -a extra_opts <<< "$(mysql_client_extra_opts)" - - # Process mysql CLI arguments - local -a args=() - if [[ -f "$DB_CONF_FILE" ]]; then - args+=("--defaults-file=${DB_CONF_FILE}") - fi - args+=("-N" "-u" "$user") - [[ -n "$db" ]] && args+=("$db") - [[ -n "$pass" ]] && args+=("-p$pass") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}") - - # Obtain the command specified via stdin - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - local mysql_cmd - mysql_cmd="$(> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 15c1253263343..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh b/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh deleted file mode 100755 index 5daeb16c64943..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/mariadb/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh b/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh deleted file mode 100755 index 60211b1057f6e..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadb.sh - -# Load MySQL environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh b/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh deleted file mode 100755 index ee8217ffb401c..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf "/proc/1/fd/1" "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh b/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh deleted file mode 100755 index 97f5d80c226f0..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -info "** Starting MariaDB **" -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh b/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh deleted file mode 100755 index 9dcc55c047ade..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb/11.2/debian-12/tags-info.yaml b/bitnami/mariadb/11.2/debian-12/tags-info.yaml deleted file mode 100644 index 3877e38ad87d6..0000000000000 --- a/bitnami/mariadb/11.2/debian-12/tags-info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -rolling-tags: -- "11.2" -- 11.2-debian-12 -- 11.2.4 diff --git a/bitnami/mariadb/11.3/debian-12/Dockerfile b/bitnami/mariadb/11.3/debian-12/Dockerfile deleted file mode 100644 index 1c93f5cc14f3c..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-06-03T08:50:45Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="11.3.2-debian-12-r6" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ - org.opencontainers.image.title="mariadb" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="11.3.2" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps psmisc zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "mariadb-11.3.2-3-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN mkdir /docker-entrypoint-initdb.d - -COPY rootfs / -RUN /opt/bitnami/scripts/mariadb/postunpack.sh -ENV APP_VERSION="11.3.2" \ - BITNAMI_APP_NAME="mariadb" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" - -EXPOSE 3306 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mariadb/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mariadb/run.sh" ] diff --git a/bitnami/mariadb/11.3/debian-12/docker-compose.yml b/bitnami/mariadb/11.3/debian-12/docker-compose.yml deleted file mode 100644 index 30e05c80010de..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/docker-compose.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2.1' - -services: - mariadb: - image: docker.io/bitnami/mariadb:11.3 - ports: - - '3306:3306' - volumes: - - 'mariadb_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_data: - driver: local diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index e3ef74ce873ae..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "ini-file": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.4.6-13" - }, - "mariadb": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.3.2-3" - } -} \ No newline at end of file diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 1c69e0e48a5d0..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 970d624179642..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - [ -d "${dir}" ] || mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - find -L "$p" -printf "" - if [[ -n $dir_mode ]]; then - find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" - fi - if [[ -n $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" - elif [[ -n $user ]] && [[ -z $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}" - elif [[ -z $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chgrp "${group}" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index f3a5fe7868eed..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index 450f05bd823ff..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index 9d908c48579b9..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,657 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# --name - Distro name -# --pretty-name - Distro pretty name -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - --name) - get_os_release_metadata NAME - ;; - --pretty-name) - get_os_release_metadata PRETTY_NAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - numeric) - filter="0-9" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - alphanumeric+special|special+alphanumeric) - # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters - # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9:@.,/+!=' - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Get boot time -# Globals: -# None -# Arguments: -# None -# Returns: -# Boot time metadata -######################### -get_boot_time() { - stat /proc --format=%Y -} - -######################## -# Get machine ID -# Globals: -# None -# Arguments: -# None -# Returns: -# Machine ID -######################### -get_machine_id() { - local machine_id - if [[ -f /etc/machine-id ]]; then - machine_id="$(cat /etc/machine-id)" - fi - if [[ -z "$machine_id" ]]; then - # Fallback to the boot-time, which will at least ensure a unique ID in the current session - machine_id="$(get_boot_time)" - fi - echo "$machine_id" -} - -######################## -# Get the root partition's disk device ID (e.g. /dev/sda1) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root partition disk ID -######################### -get_disk_device_id() { - local device_id="" - if grep -q ^/dev /proc/mounts; then - device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" - fi - # If it could not be autodetected, fallback to /dev/sda1 as a default - if [[ -z "$device_id" || ! -b "$device_id" ]]; then - device_id="/dev/sda1" - fi - echo "$device_id" -} - -######################## -# Get the root disk device ID (e.g. /dev/sda) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk ID -######################### -get_root_disk_device_id() { - get_disk_device_id | sed -E 's/p?[0-9]+$//' -} - -######################## -# Get the root disk size in bytes -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk size in bytes -######################### -get_root_disk_size() { - fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 18445e7d27fa3..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index 1f9b33096b026..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat < "${logrotate_conf_dir}/${service_name}" -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} - -######################## -# Generate a Systemd configuration file -# Arguments: -# $1 - Service name -# Flags: -# --custom-service-content - Custom content to add to the [service] block -# --environment - Environment variable to define (multiple --environment options may be passed) -# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) -# --exec-start - Start command (required) -# --exec-start-pre - Pre-start command (optional) -# --exec-start-post - Post-start command (optional) -# --exec-stop - Stop command (optional) -# --exec-reload - Reload command (optional) -# --group - System group to start the service with -# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) -# --restart - When to restart the Systemd service after being stopped (defaults to always) -# --pid-file - Service PID file -# --standard-output - File where to print stdout output -# --standard-error - File where to print stderr output -# --success-exit-status - Exit code that indicates a successful shutdown -# --type - Systemd unit type (defaults to forking) -# --user - System user to start the service with -# --working-directory - Working directory at which to start the service -# Returns: -# None -######################### -generate_systemd_conf() { - local -r service_name="${1:?service name is missing}" - local -r systemd_units_dir="/etc/systemd/system" - local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" - # Default values - local name="$service_name" - local type="forking" - local user="" - local group="" - local environment="" - local environment_file="" - local exec_start="" - local exec_start_pre="" - local exec_start_post="" - local exec_stop="" - local exec_reload="" - local restart="always" - local pid_file="" - local standard_output="journal" - local standard_error="" - local limits_content="" - local success_exit_status="" - local custom_service_content="" - local working_directory="" - # Parse CLI flags - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --name \ - | --type \ - | --user \ - | --group \ - | --exec-start \ - | --exec-stop \ - | --exec-reload \ - | --restart \ - | --pid-file \ - | --standard-output \ - | --standard-error \ - | --success-exit-status \ - | --custom-service-content \ - | --working-directory \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "$var_name"="${1:?"${var_name} value is missing"}" - ;; - --limit-*) - [[ -n "$limits_content" ]] && limits_content+=$'\n' - var_name="${1//--limit-}" - shift - limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" - ;; - --exec-start-pre) - shift - [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' - exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" - ;; - --exec-start-post) - shift - [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' - exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" - ;; - --environment) - shift - # It is possible to add multiple environment lines - [[ -n "$environment" ]] && environment+=$'\n' - environment+="Environment=${1:?"--environment value is missing"}" - ;; - --environment-file) - shift - # It is possible to add multiple environment-file lines - [[ -n "$environment_file" ]] && environment_file+=$'\n' - environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - # Validate inputs - local error="no" - if [[ -z "$exec_start" ]]; then - error "The --exec-start option is required" - error="yes" - fi - if [[ "$error" != "no" ]]; then - return 1 - fi - # Generate the Systemd unit - cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" - fi - if [[ -n "$exec_start_pre" ]]; then - # This variable may contain multiple ExecStartPre= directives - cat >> "$service_file" <<< "$exec_start_pre" - fi - if [[ -n "$exec_start" ]]; then - cat >> "$service_file" <<< "ExecStart=${exec_start}" - fi - if [[ -n "$exec_start_post" ]]; then - # This variable may contain multiple ExecStartPost= directives - cat >> "$service_file" <<< "$exec_start_post" - fi - # Optional stop and reload commands - if [[ -n "$exec_stop" ]]; then - cat >> "$service_file" <<< "ExecStop=${exec_stop}" - fi - if [[ -n "$exec_reload" ]]; then - cat >> "$service_file" <<< "ExecReload=${exec_reload}" - fi - # User and group - if [[ -n "$user" ]]; then - cat >> "$service_file" <<< "User=${user}" - fi - if [[ -n "$group" ]]; then - cat >> "$service_file" <<< "Group=${group}" - fi - # PID file allows to determine if the main process is running properly (for Restart=always) - if [[ -n "$pid_file" ]]; then - cat >> "$service_file" <<< "PIDFile=${pid_file}" - fi - if [[ -n "$restart" ]]; then - cat >> "$service_file" <<< "Restart=${restart}" - fi - # Environment flags - if [[ -n "$environment" ]]; then - # This variable may contain multiple Environment= directives - cat >> "$service_file" <<< "$environment" - fi - if [[ -n "$environment_file" ]]; then - # This variable may contain multiple EnvironmentFile= directives - cat >> "$service_file" <<< "$environment_file" - fi - # Logging - if [[ -n "$standard_output" ]]; then - cat >> "$service_file" <<< "StandardOutput=${standard_output}" - fi - if [[ -n "$standard_error" ]]; then - cat >> "$service_file" <<< "StandardError=${standard_error}" - fi - if [[ -n "$custom_service_content" ]]; then - # This variable may contain multiple miscellaneous directives - cat >> "$service_file" <<< "$custom_service_content" - fi - if [[ -n "$success_exit_status" ]]; then - cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv6() { - local ip="${1:?ip is missing}" - local stat=1 - local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' - local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' - - if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then - stat=0 - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 or IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ip() { - local ip="${1:?ip is missing}" - local stat=1 - - if validate_ipv4 "$ip"; then - stat=0 - else - stat=$(validate_ipv6 "$ip") - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f0d5a5cd33892..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[j]="${BASH_REMATCH[$i]}" - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index acb84fc2339bb..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl start "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" - fi -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl stop "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" - fi -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl restart "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" - fi -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl reload "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" - fi -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb/11.3/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mariadb/11.3/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb/11.3/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh deleted file mode 100644 index 0a93e3b77f673..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh +++ /dev/null @@ -1,1428 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MySQL library - -# shellcheck disable=SC1090,SC1091,SC2119,SC2120 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libversion.sh - -######################## -# Configure database extra start flags -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Array with extra flags to use -######################### -mysql_extra_flags() { - local randNumber - local -a dbExtraFlags=() - # shellcheck disable=SC2153 - read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" - dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") - if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") - elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then - dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") - fi - fi - - [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") - - echo "${dbExtraFlags[@]:-}" -} - -######################## -# Validate settings in MYSQL_*/MARIADB_* environment variables -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_validate() { - info "Validating settings in MYSQL_*/MARIADB_* env vars" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - empty_password_enabled_warn() { - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - backslash_password_error() { - print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" - } - - if [[ -n "$DB_REPLICATION_MODE" ]]; then - if [[ "$DB_REPLICATION_MODE" = "master" ]]; then - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then - empty_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if (( ${#DB_ROOT_PASSWORD} > 32 )); then - print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then - if [[ -z "$DB_MASTER_HOST" ]]; then - print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" - fi - else - print_validation_error "Invalid replication mode. Available options are 'master/slave'" - fi - else - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - empty_password_enabled_warn - else - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then - empty_password_error "$(get_env_var PASSWORD)" - fi - fi - fi - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" - fi - if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then - print_validation_error "root user is already created in the database and you can't use it as username for user creation." - fi - if [[ "${DB_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var PASSWORD)" - fi - if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" - fi - - collation_env_var="$(get_env_var COLLATION)" - is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Creates MySQL/MariaDB configuration file -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_create_default_config() { - debug "Creating main configuration file" - cat > "$DB_CONF_FILE" < "$FILE_LOCATION" - - info "Finish dump databases" - - info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..." - mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;' - - info "Start import dump databases" - mysql_execute < "$FILE_LOCATION" - info "Finish import dump databases" - - mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" - if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then - echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" - fi - else - warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." - fi - fi - - if [[ -e "$DB_DATA_DIR/mysql" ]]; then - info "Using persisted data" - # mysql_upgrade requires the server to be running - [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" - # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html - mysql_upgrade - else - debug "Cleaning data directory to ensure successfully initialization" - rm -rf "${DB_DATA_DIR:?}"/* - info "Installing database" - mysql_install_db - mysql_start_bg - wait_for_mysql_access - # we delete existing users and create new ones with stricter access - # commands can still be executed until we restart or run 'flush privileges' - info "Configuring authentication" - mysql_execute "mysql" <=8 depends on this command - # users are not configured on slave nodes during initialization due to --skip-slave-start - wait_for_mysql - - # Special configuration flag for system with slow disks that could take more time - # in initializing - if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then - debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" - sleep "${DB_INIT_SLEEP_TIME}" - fi -} - -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for mysql common - -######################## -# Extract mysql version from version string -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# Version string -######################### -mysql_get_version() { - local ver_string - local -a ver_split - - ver_string=$("${DB_BIN_DIR}/mysql" "--version") - read -r -a ver_split <<< "$ver_string" - - if [[ "$ver_string" = *" Distrib "* ]]; then - echo "${ver_split[4]::-1}" - else - echo "${ver_split[2]}" - fi -} - -######################## -# Gets an environment variable name based on the suffix -# Globals: -# DB_FLAVOR -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable name -######################### -get_env_var() { - local -r id="${1:?id is required}" - local -r prefix="${DB_FLAVOR//-/_}" - echo "${prefix^^}_${id}" -} - -######################## -# Gets an environment variable value for the master node and based on the suffix -# Arguments: -# $1 - environment variable suffix -# Returns: -# environment variable value -######################### -get_master_env_var_value() { - local envVar - - PREFIX="" - [[ "${DB_REPLICATION_MODE:-}" = "slave" ]] && PREFIX="MASTER_" - envVar="$(get_env_var "${PREFIX}${1}_FILE")" - if [[ -f "${!envVar:-}" ]]; then - echo "$(< "${!envVar}")" - else - envVar="$(get_env_var "${PREFIX}${1}")" - echo "${!envVar:-}" - fi -} - -######################## -# Execute an arbitrary query/queries against the running MySQL/MariaDB service and print to stdout -# Stdin: -# Query/queries to execute -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# $1 - Database where to run the queries -# $2 - User to run queries -# $3 - Password -# $4 - Extra MySQL CLI options -# Returns: -# None -mysql_execute_print_output() { - local -r db="${1:-}" - local -r user="${2:-root}" - local -r pass="${3:-}" - local -a opts extra_opts - read -r -a opts <<< "${@:4}" - read -r -a extra_opts <<< "$(mysql_client_extra_opts)" - - # Process mysql CLI arguments - local -a args=() - if [[ -f "$DB_CONF_FILE" ]]; then - args+=("--defaults-file=${DB_CONF_FILE}") - fi - args+=("-N" "-u" "$user") - [[ -n "$db" ]] && args+=("$db") - [[ -n "$pass" ]] && args+=("-p$pass") - [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") - [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}") - - # Obtain the command specified via stdin - if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then - local mysql_cmd - mysql_cmd="$(> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh deleted file mode 100644 index 15c1253263343..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for mariadb - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-mariadb}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -mariadb_env_vars=( - ALLOW_EMPTY_PASSWORD - MARIADB_AUTHENTICATION_PLUGIN - MARIADB_ROOT_USER - MARIADB_ROOT_PASSWORD - MARIADB_USER - MARIADB_PASSWORD - MARIADB_DATABASE - MARIADB_MASTER_HOST - MARIADB_MASTER_PORT_NUMBER - MARIADB_MASTER_ROOT_USER - MARIADB_MASTER_ROOT_PASSWORD - MARIADB_MASTER_DELAY - MARIADB_REPLICATION_USER - MARIADB_REPLICATION_PASSWORD - MARIADB_PORT_NUMBER - MARIADB_REPLICATION_MODE - MARIADB_REPLICATION_SLAVE_DUMP - MARIADB_EXTRA_FLAGS - MARIADB_INIT_SLEEP_TIME - MARIADB_CHARACTER_SET - MARIADB_COLLATE - MARIADB_BIND_ADDRESS - MARIADB_SQL_MODE - MARIADB_SKIP_TEST_DB - MARIADB_CLIENT_ENABLE_SSL - MARIADB_CLIENT_SSL_CA_FILE - MARIADB_CLIENT_SSL_CERT_FILE - MARIADB_CLIENT_SSL_KEY_FILE - MARIADB_CLIENT_EXTRA_FLAGS - MARIADB_STARTUP_WAIT_RETRIES - MARIADB_STARTUP_WAIT_SLEEP_TIME - MARIADB_ENABLE_SLOW_QUERY - MARIADB_LONG_QUERY_TIME - DB_ENABLE_SLOW_QUERY - DB_LONG_QUERY_TIME -) -for env_var in "${mariadb_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset mariadb_env_vars -export DB_FLAVOR="mariadb" - -# Paths -export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" -export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" -export DB_DATA_DIR="${DB_VOLUME_DIR}/data" -export DB_BIN_DIR="${DB_BASE_DIR}/bin" -export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" -export DB_CONF_DIR="${DB_BASE_DIR}/conf" -export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" -export DB_LOGS_DIR="${DB_BASE_DIR}/logs" -export DB_TMP_DIR="${DB_BASE_DIR}/tmp" -export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" -export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" -export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" -export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" - -# System users (when running with a privileged user) -export DB_DAEMON_USER="mysql" -export DB_DAEMON_GROUP="mysql" - -# Default configuration (build-time) -export MARIADB_DEFAULT_PORT_NUMBER="3306" -export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time -export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" -export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time -export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" -export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time - -# MariaDB authentication. -export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" -export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" -export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" -export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" -export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization -export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" -export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_USER="${MARIADB_USER:-}" -export DB_USER="$MARIADB_USER" # only used during the first initialization -export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" -export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization -export MARIADB_DATABASE="${MARIADB_DATABASE:-}" -export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization -export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" -export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization -export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" -export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization -export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" -export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization -export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" -export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization -export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" -export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization -export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" -export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization -export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" -export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization - -# Settings -export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" -export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" -export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" -export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" -export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" -export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" -export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" -export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" -export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" -export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" -export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" -export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" -# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE -MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" -export MARIADB_COLLATE="${MARIADB_COLLATE:-}" -export DB_COLLATE="$MARIADB_COLLATE" -export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" -export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" -export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" -export DB_SQL_MODE="$MARIADB_SQL_MODE" -export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" -export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" -export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" -export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" -export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" -export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" -export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" -export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" -export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" -export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" -export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" -export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" -export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" -export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" -export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" -export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" -MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" -export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" -export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" -MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" -export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" -export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" - -# Custom environment variables may be defined below diff --git a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh b/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh deleted file mode 100755 index 5daeb16c64943..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/mariadb/conf) -debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR" -cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR" - -if [[ "$1" = "/opt/bitnami/scripts/mariadb/run.sh" ]]; then - info "** Starting MariaDB setup **" - /opt/bitnami/scripts/mariadb/setup.sh - info "** MariaDB setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh b/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh deleted file mode 100755 index 60211b1057f6e..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libmariadb.sh - -# Load MySQL environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -mysql_healthcheck diff --git a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh b/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh deleted file mode 100755 index ee8217ffb401c..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Configure MariaDB options based on build-time defaults -info "Configuring default MariaDB options" -ensure_dir_exists "$DB_CONF_DIR" -mysql_create_default_config - -for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_CONF_DIR" "$DB_DEFAULT_CONF_DIR" "${DB_CONF_DIR}/bitnami" "$DB_VOLUME_DIR" "$DB_DATA_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Fix to avoid issues detecting plugins in mysql_install_db -ln -sf "$DB_BASE_DIR/plugin" "$DB_BASE_DIR/lib/plugin" - -# Redirect all logging to stdout -ln -sf "/proc/1/fd/1" "$DB_LOGS_DIR/mysqld.log" - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR" diff --git a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh b/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh deleted file mode 100755 index 97f5d80c226f0..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# mysqld_safe does not allow logging to stdout/stderr, so we stick with mysqld -EXEC="${DB_SBIN_DIR}/mysqld" - -flags=("--defaults-file=${DB_CONF_DIR}/my.cnf" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}") -[[ -z "${DB_PID_FILE:-}" ]] || flags+=("--pid-file=${DB_PID_FILE}") - -# Add flags specified via the 'DB_EXTRA_FLAGS' environment variable -read -r -a db_extra_flags <<< "$(mysql_extra_flags)" -[[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}") - -# Add flags passed to this script -flags+=("$@") - -# Fix for MDEV-16183 - mysqld_safe already does this, but we are using mysqld -LD_PRELOAD="$(find_jemalloc_lib)${LD_PRELOAD:+ "$LD_PRELOAD"}" -export LD_PRELOAD - -info "** Starting MariaDB **" -if am_i_root; then - exec_as_user "$DB_DAEMON_USER" "$EXEC" "${flags[@]}" -else - exec "$EXEC" "${flags[@]}" -fi diff --git a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh b/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh deleted file mode 100755 index 9dcc55c047ade..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libmariadb.sh - -# Load MariaDB environment variables -. /opt/bitnami/scripts/mariadb-env.sh - -# Ensure mysql unix socket file does not exist -rm -rf "${DB_SOCKET_FILE}.lock" -# Ensure MariaDB environment variables settings are valid -mysql_validate -# Ensure MariaDB is stopped when this script ends. -trap "mysql_stop" EXIT -if am_i_root; then - # Ensure 'daemon' user exists when running as 'root' - ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP" - # Fix logging issue when running as root - chmod o+w "$(readlink /dev/stdout)" -fi -# Ensure MariaDB is initialized -mysql_initialize -# Allow running custom initialization scripts -mysql_custom_scripts 'init' -# Allow running custom start scripts -mysql_custom_scripts 'start' -# Stop MariaDB before flagging it as fully initialized. -# Relying only on the trap defined above could produce a race condition. -mysql_stop diff --git a/bitnami/mariadb/11.3/debian-12/tags-info.yaml b/bitnami/mariadb/11.3/debian-12/tags-info.yaml deleted file mode 100644 index 56b196c7c3d30..0000000000000 --- a/bitnami/mariadb/11.3/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "11.3" -- 11.3-debian-12 -- 11.3.2 -- latest diff --git a/bitnami/mariadb/11.4/debian-12/Dockerfile b/bitnami/mariadb/11.4/debian-12/Dockerfile new file mode 100644 index 0000000000000..62cb3dcce0bb8 --- /dev/null +++ b/bitnami/mariadb/11.4/debian-12/Dockerfile @@ -0,0 +1,61 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2025-01-08T22:46:43Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="11.4.4-debian-12-r3" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb" \ + org.opencontainers.image.title="mariadb" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="11.4.4" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages ca-certificates curl libaio1 libaudit1 libcap-ng0 libcrypt1 libgcc-s1 libicu72 liblzma5 libncurses6 libpam0g libssl3 libstdc++6 libtinfo6 libxml2 procps psmisc zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "ini-file-1.4.7-8-linux-${OS_ARCH}-debian-12" \ + "mariadb-11.4.4-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN mkdir /docker-entrypoint-initdb.d + +COPY rootfs / +RUN /opt/bitnami/scripts/mariadb/postunpack.sh +ENV APP_VERSION="11.4.4" \ + BITNAMI_APP_NAME="mariadb" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/common/sbin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH" + +EXPOSE 3306 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/mariadb/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/mariadb/run.sh" ] diff --git a/bitnami/mariadb/11.4/debian-12/docker-compose.yml b/bitnami/mariadb/11.4/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..befe8e69c849d --- /dev/null +++ b/bitnami/mariadb/11.4/debian-12/docker-compose.yml @@ -0,0 +1,22 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + mariadb: + image: docker.io/bitnami/mariadb:11.4 + ports: + - '3306:3306' + volumes: + - 'mariadb_data:/bitnami/mariadb' + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + healthcheck: + test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] + interval: 15s + timeout: 5s + retries: 6 + +volumes: + mariadb_data: + driver: local diff --git a/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..876819190c891 --- /dev/null +++ b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,14 @@ +{ + "ini-file": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.4.7-8" + }, + "mariadb": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.4.4-0" + } +} \ No newline at end of file diff --git a/bitnami/haproxy/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt similarity index 100% rename from bitnami/haproxy/2/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt diff --git a/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..00d053b5215aa --- /dev/null +++ b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." + info "" +} + diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh diff --git a/bitnami/postgresql-repmgr/16/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh similarity index 100% rename from bitnami/postgresql-repmgr/16/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh diff --git a/bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh similarity index 100% rename from bitnami/java/11/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh rename to bitnami/mariadb/11.4/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh diff --git a/bitnami/haproxy/2/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mariadb/11.4/debian-12/prebuildfs/usr/sbin/install_packages similarity index 100% rename from bitnami/haproxy/2/debian-12/prebuildfs/usr/sbin/install_packages rename to bitnami/mariadb/11.4/debian-12/prebuildfs/usr/sbin/install_packages diff --git a/bitnami/haproxy/2/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mariadb/11.4/debian-12/prebuildfs/usr/sbin/run-script similarity index 100% rename from bitnami/haproxy/2/debian-12/prebuildfs/usr/sbin/run-script rename to bitnami/mariadb/11.4/debian-12/prebuildfs/usr/sbin/run-script diff --git a/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh new file mode 100644 index 0000000000000..9d6bd864f4513 --- /dev/null +++ b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/libmariadb.sh @@ -0,0 +1,1417 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami MySQL library + +# shellcheck disable=SC1090,SC1091,SC2119,SC2120 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh + +######################## +# Configure database extra start flags +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# Array with extra flags to use +######################### +mysql_extra_flags() { + local randNumber + local -a dbExtraFlags=() + # shellcheck disable=SC2153 + read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS" + + if [[ -n "$DB_REPLICATION_MODE" ]]; then + randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')" + dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1") + if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then + dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1") + elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then + dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1") + fi + fi + + [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}") + + echo "${dbExtraFlags[@]:-}" +} + +######################## +# Validate settings in MYSQL_*/MARIADB_* environment variables +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_validate() { + info "Validating settings in MYSQL_*/MARIADB_* env vars" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + empty_password_enabled_warn() { + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + } + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + backslash_password_error() { + print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" + } + + if [[ -n "$DB_REPLICATION_MODE" ]]; then + if [[ "$DB_REPLICATION_MODE" = "master" ]]; then + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then + empty_password_error "$(get_env_var REPLICATION_PASSWORD)" + fi + if [[ -z "$DB_ROOT_PASSWORD" ]]; then + empty_password_error "$(get_env_var ROOT_PASSWORD)" + fi + if (( ${#DB_ROOT_PASSWORD} > 32 )); then + print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)" + fi + if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then + empty_password_error "$(get_env_var PASSWORD)" + fi + fi + elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then + if [[ -z "$DB_MASTER_HOST" ]]; then + print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running" + fi + else + print_validation_error "Invalid replication mode. Available options are 'master/slave'" + fi + else + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -z "$DB_ROOT_PASSWORD" ]]; then + empty_password_error "$(get_env_var ROOT_PASSWORD)" + fi + if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then + empty_password_error "$(get_env_var PASSWORD)" + fi + fi + fi + if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "$(get_env_var ROOT_PASSWORD)" + fi + if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then + print_validation_error "root user is already created in the database and you can't use it as username for user creation." + fi + if [[ "${DB_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "$(get_env_var PASSWORD)" + fi + if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "$(get_env_var REPLICATION_PASSWORD)" + fi + + collation_env_var="$(get_env_var COLLATION)" + is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead." + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Creates MySQL/MariaDB configuration file +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_create_default_config() { + debug "Creating main configuration file" + cat > "$DB_CONF_FILE" < "$dump_file" + debug "Finish dump databases" + + debug "Unlock master databases for write operations" + echo "UNLOCK TABLES;" | mysql_remote_execute "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "mysql" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD" + + debug "Start import dump databases" + mysql_execute < "$dump_file" + mysql_execute "mysql" < "${DB_CONF_DIR}/bitnami/my_custom.cnf" + if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then + echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}" + fi + else + warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable." + fi + fi + + if [[ -e "$DB_DATA_DIR/mysql" ]]; then + info "Using persisted data" + # mysql_upgrade requires the server to be running + [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes" + # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html + mariadb_upgrade + else + debug "Cleaning data directory to ensure successfully initialization" + rm -rf "${DB_DATA_DIR:?}"/* + info "Installing database" + mariadb_install_db + mysql_start_bg + wait_for_mysql_access + # we delete existing users and create new ones with stricter access + # commands can still be executed until we restart or run 'flush privileges' + info "Configuring authentication" + mysql_execute "mysql" <=8 depends on this command + # users are not configured on slave nodes during initialization due to --skip-slave-start + wait_for_mysql + + # Special configuration flag for system with slow disks that could take more time + # in initializing + if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then + debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization" + sleep "${DB_INIT_SLEEP_TIME}" + fi +} + +######################## +# Initialize database data +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mariadb_install_db() { + local command="${DB_BIN_DIR}/mysql_install_db" + local -a args=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}") + + # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable + read -r -a db_extra_flags <<< "$(mysql_extra_flags)" + [[ "${#db_extra_flags[@]}" -gt 0 ]] && args+=("${db_extra_flags[@]}") + + am_i_root && args=("${args[@]}" "--user=$DB_DAEMON_USER") + args+=("--auth-root-authentication-method=normal") + # Feature available only in MariaDB 10.5+ + # ref: https://mariadb.com/kb/en/mysql_install_db/#not-creating-the-test-database-and-anonymous-user + if [[ ! "$(mysql_get_version)" =~ ^10\.[01234]\. ]]; then + is_boolean_yes "$DB_SKIP_TEST_DB" && args+=("--skip-test-db") + fi + + debug_execute "$command" "${args[@]}" +} + +######################## +# Upgrade Database Schema +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mariadb_upgrade() { + local -a args=("--defaults-file=${DB_CONF_FILE}" "-u" "$DB_ROOT_USER") + info "Running mysql_upgrade" + mysql_start_bg + is_boolean_yes "${ROOT_AUTH_ENABLED:-false}" && args+=("-p$(get_master_env_var_value ROOT_PASSWORD)") + [[ "${DB_UPGRADE}" == "FORCE" ]] && args+=("--force") + debug_execute "${DB_BIN_DIR}/mysql_upgrade" "${args[@]}" || echo "This installation is already upgraded" +} + +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for mysql common + +######################## +# Extract mysql version from version string +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# Version string +######################### +mysql_get_version() { + local ver_string + local -a ver_split + + ver_string=$("${DB_BIN_DIR}/mysql" "--version") + read -r -a ver_split <<< "$ver_string" + + if [[ "$ver_string" = *" Distrib "* ]]; then + echo "${ver_split[4]::-1}" + else + echo "${ver_split[2]}" + fi +} + +######################## +# Gets an environment variable name based on the suffix +# Globals: +# DB_FLAVOR +# Arguments: +# $1 - environment variable suffix +# Returns: +# environment variable name +######################### +get_env_var() { + local -r id="${1:?id is required}" + local -r prefix="${DB_FLAVOR//-/_}" + echo "${prefix^^}_${id}" +} + +######################## +# Gets an environment variable value for the master node and based on the suffix +# Arguments: +# $1 - environment variable suffix +# Returns: +# environment variable value +######################### +get_master_env_var_value() { + local envVar + + PREFIX="" + [[ "${DB_REPLICATION_MODE:-}" = "slave" ]] && PREFIX="MASTER_" + envVar="$(get_env_var "${PREFIX}${1}_FILE")" + if [[ -f "${!envVar:-}" ]]; then + echo "$(< "${!envVar}")" + else + envVar="$(get_env_var "${PREFIX}${1}")" + echo "${!envVar:-}" + fi +} + +######################## +# Execute an arbitrary query/queries against the running MySQL/MariaDB service and print to stdout +# Stdin: +# Query/queries to execute +# Globals: +# BITNAMI_DEBUG +# DB_* +# Arguments: +# $1 - Database where to run the queries +# $2 - User to run queries +# $3 - Password +# $4 - Extra MySQL CLI options +# Returns: +# None +mysql_execute_print_output() { + local -r db="${1:-}" + local -r user="${2:-root}" + local -r pass="${3:-}" + local -a opts extra_opts + read -r -a opts <<< "${@:4}" + read -r -a extra_opts <<< "$(mysql_client_extra_opts)" + + # Process mysql CLI arguments + local -a args=() + if [[ -f "$DB_CONF_FILE" ]]; then + args+=("--defaults-file=${DB_CONF_FILE}") + fi + args+=("-N" "-u" "$user") + [[ -n "$db" ]] && args+=("$db") + [[ -n "$pass" ]] && args+=("-p$pass") + [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}") + [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}") + + # Obtain the command specified via stdin + if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then + local mysql_cmd + mysql_cmd="$(> "$custom_conf_file" + cat "$old_custom_conf_file" >> "$custom_conf_file" + fi + if am_i_root; then + [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" + rm -rf "$DB_VOLUME_DIR/conf" + else + warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" + fi +} + +######################## +# Ensure a db user exists with the given password for the '%' host +# Globals: +# DB_* +# Flags: +# -p|--password - database password +# -u|--user - database user +# --auth-plugin - authentication plugin +# --use-ldap - authenticate user via LDAP +# --host - database host +# --port - database host +# Arguments: +# $1 - database user +# Returns: +# None +######################### +mysql_ensure_user_exists() { + local -r user="${1:?user is required}" + local password="" + local auth_plugin="" + local use_ldap="no" + local hosts + local auth_string="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -p|--password) + shift + password="${1:?missing database password}" + ;; + --auth-plugin) + shift + auth_plugin="${1:?missing authentication plugin}" + ;; + --use-ldap) + use_ldap="yes" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if is_boolean_yes "$use_ldap"; then + auth_string="identified via pam using '$DB_FLAVOR'" + elif [[ -n "$password" ]]; then + if [[ -n "$auth_plugin" ]]; then + auth_string="identified with $auth_plugin by '$password'" + else + auth_string="identified by '$password'" + fi + fi + debug "creating database user \'$user\'" + + local -a mysql_execute_cmd=("mysql_execute") + local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") + if [[ -n "$db_host" && -n "$db_port" ]]; then + mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") + fi + + local mysql_create_user_cmd + [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ + # Views have a definer user, in this case set to 'root', which needs to exist for the view to work + # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html + # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed + if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then + alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 + return 1 + ;; + esac + shift + done + + local -a mysql_execute_cmd=("mysql_execute") + [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + + local -a create_database_args=() + [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") + [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") + + debug "Creating database $database" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$user") + [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") + [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") + if is_boolean_yes "$use_ldap"; then + flags+=("--use-ldap") + elif [[ -n "$password" ]]; then + flags+=("-p" "$password") + [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") + fi + mysql_ensure_user_exists "${flags[@]}" +} + +######################## +# Optionally create the given database, and then optionally give a user +# full privileges on the database. +# Flags: +# -u|--user - database user +# --character-set - character set +# --collation - collation +# --host - database host +# --port - database port +# Arguments: +# $1 - database name +# Returns: +# None +######################### +mysql_ensure_optional_database_exists() { + local -r database="${1:?database is missing}" + local character_set="" + local collate="" + local user="" + local privileges="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + --character-set) + shift + character_set="${1:?missing character set}" + ;; + --collate) + shift + collate="${1:?missing collate}" + ;; + -u|--user) + shift + user="${1:?missing database user}" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + --privileges) + shift + privileges="${1:?missing privileges}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$database") + [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") + [[ -n "$collate" ]] && flags+=("--collate" "$collate") + [[ -n "$db_host" ]] && flags+=("--host" "$db_host") + [[ -n "$db_port" ]] && flags+=("--port" "$db_port") + mysql_ensure_database_exists "${flags[@]}" + + if [[ -n "$user" ]]; then + mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" + fi +} + +######################## +# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") +# Globals: +# DB_* +# Arguments: +# $1 - MySQL variable name +# $2 - Value to assign to the MySQL variable +# $3 - Section in the MySQL configuration file the key is located (default: mysqld) +# $4 - Configuration file (default: "$BD_CONF_FILE") +# Returns: +# None +######################### +mysql_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + read -r -a sections <<<"${3:-mysqld}" + local -r ignore_inline_comments="${4:-no}" + local -r file="${5:-"$DB_CONF_FILE"}" + info "Setting ${key} option" + debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" + # Check if the configuration exists in the file + for section in "${sections[@]}"; do + if is_boolean_yes "$ignore_inline_comments"; then + ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" + else + ini-file set --section "$section" --key "$key" --value "$value" "$file" + fi + done +} + +######################## +# Update MySQL/MariaDB configuration file with user custom inputs +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_update_custom_config() { + # Persisted configuration files from old versions + ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration + + # User injected custom configuration + if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then + debug "Injecting custom configuration from my_custom.conf" + cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" + fi + + ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" + ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" + ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" + ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" + ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" + ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" + ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" + ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" + ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Find the path to the libjemalloc library file +# Globals: +# None +# Arguments: +# None +# Returns: +# Path to a libjemalloc shared object file +######################### +find_jemalloc_lib() { + local -a locations=( "/usr/lib" "/usr/lib64" ) + local -r pattern='libjemalloc.so.[0-9]' + local path + for dir in "${locations[@]}"; do + # Find the first element matching the pattern and quit + [[ ! -d "$dir" ]] && continue + path="$(find "$dir" -name "$pattern" -print -quit)" + [[ -n "$path" ]] && break + done + echo "${path:-}" +} + +######################## +# Execute a reliable health check against the current mysql instance +# Globals: +# DB_ROOT_USER, DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD +# Arguments: +# None +# Returns: +# mysqladmin output +######################### +mysql_healthcheck() { + local args=("-u${DB_ROOT_USER}" "-h0.0.0.0") + local root_password + + root_password="$(get_master_env_var_value ROOT_PASSWORD)" + if [[ -n "$root_password" ]]; then + args+=("-p${root_password}") + fi + + mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status +} + +######################## +# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# mysql client flavor +######################### +mysql_client_flavor() { + if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then + echo "mariadb" + else + echo "mysql" + fi +} + +######################## +# Prints extra options for MySQL client calls (i.e. SSL options) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# List of options to pass to "mysql" CLI +######################### +mysql_client_extra_opts() { + # Helper to get the proper value for the MySQL client environment variable + mysql_client_env_value() { + local env_name="MYSQL_CLIENT_${1:?missing name}" + if [[ -n "${!env_name:-}" ]]; then + echo "${!env_name:-}" + else + env_name="DB_CLIENT_${1}" + echo "${!env_name:-}" + fi + } + local -a opts=() + local key value + if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=REQUIRED") + else + opts+=("--ssl=TRUE") + fi + # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined + for key in ca key cert; do + value="$(mysql_client_env_value "SSL_${key^^}_FILE")" + [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") + done + else + # Skip SSL validation + if [[ "$(mysql_client_flavor)" = "mariadb" ]]; then + # SSL connections are enabled by default in MariaDB >=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi + fi + echo "${opts[@]:-}" +} diff --git a/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh new file mode 100644 index 0000000000000..3fe87ab875092 --- /dev/null +++ b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh @@ -0,0 +1,180 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for mariadb + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-mariadb}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +mariadb_env_vars=( + ALLOW_EMPTY_PASSWORD + MARIADB_AUTHENTICATION_PLUGIN + MARIADB_ROOT_USER + MARIADB_ROOT_PASSWORD + MARIADB_USER + MARIADB_PASSWORD + MARIADB_DATABASE + MARIADB_MASTER_HOST + MARIADB_MASTER_PORT_NUMBER + MARIADB_MASTER_ROOT_USER + MARIADB_MASTER_ROOT_PASSWORD + MARIADB_MASTER_DELAY + MARIADB_REPLICATION_USER + MARIADB_REPLICATION_PASSWORD + MARIADB_PORT_NUMBER + MARIADB_REPLICATION_MODE + MARIADB_REPLICATION_SLAVE_DUMP + MARIADB_EXTRA_FLAGS + MARIADB_INIT_SLEEP_TIME + MARIADB_CHARACTER_SET + MARIADB_COLLATE + MARIADB_BIND_ADDRESS + MARIADB_SQL_MODE + MARIADB_UPGRADE + MARIADB_SKIP_TEST_DB + MARIADB_CLIENT_ENABLE_SSL + MARIADB_CLIENT_SSL_CA_FILE + MARIADB_CLIENT_SSL_CERT_FILE + MARIADB_CLIENT_SSL_KEY_FILE + MARIADB_CLIENT_EXTRA_FLAGS + MARIADB_STARTUP_WAIT_RETRIES + MARIADB_STARTUP_WAIT_SLEEP_TIME + MARIADB_ENABLE_SLOW_QUERY + MARIADB_LONG_QUERY_TIME + DB_ENABLE_SLOW_QUERY + DB_LONG_QUERY_TIME +) +for env_var in "${mariadb_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset mariadb_env_vars +export DB_FLAVOR="mariadb" + +# Paths +export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mariadb" +export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mariadb" +export DB_DATA_DIR="${DB_VOLUME_DIR}/data" +export DB_BIN_DIR="${DB_BASE_DIR}/bin" +export DB_SBIN_DIR="${DB_BASE_DIR}/sbin" +export DB_CONF_DIR="${DB_BASE_DIR}/conf" +export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default" +export DB_LOGS_DIR="${DB_BASE_DIR}/logs" +export DB_TMP_DIR="${DB_BASE_DIR}/tmp" +export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf" +export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid" +export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock" +export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" + +# System users (when running with a privileged user) +export DB_DAEMON_USER="mysql" +export DB_DAEMON_GROUP="mysql" + +# Default configuration (build-time) +export MARIADB_DEFAULT_PORT_NUMBER="3306" +export DB_DEFAULT_PORT_NUMBER="$MARIADB_DEFAULT_PORT_NUMBER" # only used at build time +export MARIADB_DEFAULT_CHARACTER_SET="utf8mb4" +export DB_DEFAULT_CHARACTER_SET="$MARIADB_DEFAULT_CHARACTER_SET" # only used at build time +export MARIADB_DEFAULT_BIND_ADDRESS="0.0.0.0" +export DB_DEFAULT_BIND_ADDRESS="$MARIADB_DEFAULT_BIND_ADDRESS" # only used at build time + +# MariaDB authentication. +export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" +export MARIADB_AUTHENTICATION_PLUGIN="${MARIADB_AUTHENTICATION_PLUGIN:-}" +export DB_AUTHENTICATION_PLUGIN="$MARIADB_AUTHENTICATION_PLUGIN" +export MARIADB_ROOT_USER="${MARIADB_ROOT_USER:-root}" +export DB_ROOT_USER="$MARIADB_ROOT_USER" # only used during the first initialization +export MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-}" +export DB_ROOT_PASSWORD="$MARIADB_ROOT_PASSWORD" # only used during the first initialization +export MARIADB_USER="${MARIADB_USER:-}" +export DB_USER="$MARIADB_USER" # only used during the first initialization +export MARIADB_PASSWORD="${MARIADB_PASSWORD:-}" +export DB_PASSWORD="$MARIADB_PASSWORD" # only used during the first initialization +export MARIADB_DATABASE="${MARIADB_DATABASE:-}" +export DB_DATABASE="$MARIADB_DATABASE" # only used during the first initialization +export MARIADB_MASTER_HOST="${MARIADB_MASTER_HOST:-}" +export DB_MASTER_HOST="$MARIADB_MASTER_HOST" # only used during the first initialization +export MARIADB_MASTER_PORT_NUMBER="${MARIADB_MASTER_PORT_NUMBER:-3306}" +export DB_MASTER_PORT_NUMBER="$MARIADB_MASTER_PORT_NUMBER" # only used during the first initialization +export MARIADB_MASTER_ROOT_USER="${MARIADB_MASTER_ROOT_USER:-root}" +export DB_MASTER_ROOT_USER="$MARIADB_MASTER_ROOT_USER" # only used during the first initialization +export MARIADB_MASTER_ROOT_PASSWORD="${MARIADB_MASTER_ROOT_PASSWORD:-}" +export DB_MASTER_ROOT_PASSWORD="$MARIADB_MASTER_ROOT_PASSWORD" # only used during the first initialization +export MARIADB_MASTER_DELAY="${MARIADB_MASTER_DELAY:-0}" +export DB_MASTER_DELAY="$MARIADB_MASTER_DELAY" # only used during the first initialization +export MARIADB_REPLICATION_USER="${MARIADB_REPLICATION_USER:-}" +export DB_REPLICATION_USER="$MARIADB_REPLICATION_USER" # only used during the first initialization +export MARIADB_REPLICATION_PASSWORD="${MARIADB_REPLICATION_PASSWORD:-}" +export DB_REPLICATION_PASSWORD="$MARIADB_REPLICATION_PASSWORD" # only used during the first initialization + +# Settings +export MARIADB_PORT_NUMBER="${MARIADB_PORT_NUMBER:-}" +export DB_PORT_NUMBER="$MARIADB_PORT_NUMBER" +export MARIADB_REPLICATION_MODE="${MARIADB_REPLICATION_MODE:-}" +export DB_REPLICATION_MODE="$MARIADB_REPLICATION_MODE" +export MARIADB_REPLICATION_SLAVE_DUMP="${MARIADB_REPLICATION_SLAVE_DUMP:-false}" +export DB_REPLICATION_SLAVE_DUMP="$MARIADB_REPLICATION_SLAVE_DUMP" +export MARIADB_EXTRA_FLAGS="${MARIADB_EXTRA_FLAGS:-}" +export DB_EXTRA_FLAGS="$MARIADB_EXTRA_FLAGS" +export MARIADB_INIT_SLEEP_TIME="${MARIADB_INIT_SLEEP_TIME:-}" +export DB_INIT_SLEEP_TIME="$MARIADB_INIT_SLEEP_TIME" +export MARIADB_CHARACTER_SET="${MARIADB_CHARACTER_SET:-}" +export DB_CHARACTER_SET="$MARIADB_CHARACTER_SET" +# MARIADB_COLLATION is deprecated in favor of MARIADB_COLLATE +MARIADB_COLLATE="${MARIADB_COLLATE:-"${MARIADB_COLLATION:-}"}" +export MARIADB_COLLATE="${MARIADB_COLLATE:-}" +export DB_COLLATE="$MARIADB_COLLATE" +export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}" +export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS" +export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}" +export DB_SQL_MODE="$MARIADB_SQL_MODE" +export MARIADB_UPGRADE="${MARIADB_UPGRADE:-AUTO}" +export DB_UPGRADE="$MARIADB_UPGRADE" +export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}" +export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB" +export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}" +export DB_CLIENT_ENABLE_SSL="$MARIADB_CLIENT_ENABLE_SSL" +export MARIADB_CLIENT_SSL_CA_FILE="${MARIADB_CLIENT_SSL_CA_FILE:-}" +export DB_CLIENT_SSL_CA_FILE="$MARIADB_CLIENT_SSL_CA_FILE" +export MARIADB_CLIENT_SSL_CERT_FILE="${MARIADB_CLIENT_SSL_CERT_FILE:-}" +export DB_CLIENT_SSL_CERT_FILE="$MARIADB_CLIENT_SSL_CERT_FILE" +export MARIADB_CLIENT_SSL_KEY_FILE="${MARIADB_CLIENT_SSL_KEY_FILE:-}" +export DB_CLIENT_SSL_KEY_FILE="$MARIADB_CLIENT_SSL_KEY_FILE" +export MARIADB_CLIENT_EXTRA_FLAGS="${MARIADB_CLIENT_EXTRA_FLAGS:-no}" +export DB_CLIENT_EXTRA_FLAGS="$MARIADB_CLIENT_EXTRA_FLAGS" +export MARIADB_STARTUP_WAIT_RETRIES="${MARIADB_STARTUP_WAIT_RETRIES:-300}" +export DB_STARTUP_WAIT_RETRIES="$MARIADB_STARTUP_WAIT_RETRIES" +export MARIADB_STARTUP_WAIT_SLEEP_TIME="${MARIADB_STARTUP_WAIT_SLEEP_TIME:-2}" +export DB_STARTUP_WAIT_SLEEP_TIME="$MARIADB_STARTUP_WAIT_SLEEP_TIME" +MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-"${DB_ENABLE_SLOW_QUERY:-}"}" +export MARIADB_ENABLE_SLOW_QUERY="${MARIADB_ENABLE_SLOW_QUERY:-0}" +export DB_ENABLE_SLOW_QUERY="$MARIADB_ENABLE_SLOW_QUERY" +MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-"${DB_LONG_QUERY_TIME:-}"}" +export MARIADB_LONG_QUERY_TIME="${MARIADB_LONG_QUERY_TIME:-10.0}" +export DB_LONG_QUERY_TIME="$MARIADB_LONG_QUERY_TIME" + +# Custom environment variables may be defined below diff --git a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh similarity index 100% rename from bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh rename to bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/entrypoint.sh diff --git a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh similarity index 100% rename from bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh rename to bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/healthcheck.sh diff --git a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh similarity index 100% rename from bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh rename to bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/postunpack.sh diff --git a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh similarity index 100% rename from bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh rename to bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/run.sh diff --git a/bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh b/bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh similarity index 100% rename from bitnami/mariadb/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh rename to bitnami/mariadb/11.4/debian-12/rootfs/opt/bitnami/scripts/mariadb/setup.sh diff --git a/bitnami/mariadb/11.4/debian-12/tags-info.yaml b/bitnami/mariadb/11.4/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..c5a1c50f193fa --- /dev/null +++ b/bitnami/mariadb/11.4/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "11.4" +- 11.4-debian-12 +- 11.4.4 +- latest diff --git a/bitnami/mariadb/11.6/README.md b/bitnami/mariadb/11.6/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mariadb/11.6/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mariadb/README.md b/bitnami/mariadb/README.md index c0bcf2c2b5301..2059ab2355835 100644 --- a/bitnami/mariadb/README.md +++ b/bitnami/mariadb/README.md @@ -24,7 +24,7 @@ docker run --name mariadb -e ALLOW_EMPTY_PASSWORD=yes bitnami/mariadb:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy MariaDB in Kubernetes? @@ -34,11 +34,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -197,6 +203,7 @@ docker-compose up -d | `MARIADB_COLLATE` | MariaDB collation to use. | `nil` | | `MARIADB_BIND_ADDRESS` | MariaDB bind address. | `nil` | | `MARIADB_SQL_MODE` | MariaDB Server SQL modes to enable. | `nil` | +| `MARIADB_UPGRADE` | MariaDB upgrade option. | `AUTO` | | `MARIADB_SKIP_TEST_DB` | Whether to skip creating the test database. | `no` | | `MARIADB_CLIENT_ENABLE_SSL` | Whether to force SSL for connections to the MariaDB database. | `no` | | `MARIADB_CLIENT_SSL_CA_FILE` | Path to CA certificate to use for SSL connections to the MariaDB database server. | `nil` | @@ -721,6 +728,8 @@ or using Docker Compose: docker-compose up mariadb ``` +> **Note**: Automatic upgrade behavior at startup can be forced setting the env var `MARIADB_UPGRADE` to `FORCE` (that will run `mysql_upgrade --force`) + ## Useful Links * [Create An AMP Development Environment With Bitnami Containers @@ -730,7 +739,11 @@ docker-compose up mariadb ## Notable Changes -### 10.2.41-debian-10-r12, 10.3.32-debian-10-r13, 10.4.22-debian-10-r13, 10.5.13-debian-10-r14, 10.6.5-debian-10-r13, 10.3.38-r5-debian-11, 10.4.28-r5-debian-11, 10.5.19-r5-debian-11, 10.6.12-r5-debian-11, 10.7.8-r5-debian-11, 10.8.7-r5-debian-11, 10.9.5-r5-debian-11 and 10.10.3-r6-debian-11 +### 10.4.34-debian-12-r4, 10.5.25-debian-12-r4, 10.6.18-debian-12-r4, 10.11.8-debian-12-r4, 11.1.5-debian-12-r4, 11.2.4-debian-12-r3, 11.3.2-debian-12-r8 + +* `mysql_upgrade` can be forced at startup setting the env var `MARIADB_UPGRADE` to `FORCE`. + +### 10.2.41-debian-10-r12, 10.3.32-debian-10-r13, 10.4.22-debian-10-r13, 10.5.13-debian-10-r14, 10.6.5-debian-10-r13, 10.3.38-debian-11-r5, 10.4.28-debian-11-r5, 10.5.19-debian-11-r5, 10.6.12-debian-11-r5, 10.7.8-debian-11-r5, 10.8.7-debian-11-r5, 10.9.5-debian-11-r5 and 10.10.3-debian-11-r6 * The command `mysql_upgrade` no longer includes the flag `--force`. Nonetheless, it can be enabled by using the [mysql_upgrade] option group in the MariaDB configuration. @@ -801,7 +814,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/mariadb/docker-compose-replication.yml b/bitnami/mariadb/docker-compose-replication.yml index 72cee6597dc78..ec924e7016f1d 100644 --- a/bitnami/mariadb/docker-compose-replication.yml +++ b/bitnami/mariadb/docker-compose-replication.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2.1' - services: mariadb-master: - image: docker.io/bitnami/mariadb:11.3 + image: docker.io/bitnami/mariadb:11.4 ports: - '3306' volumes: @@ -25,7 +23,7 @@ services: retries: 6 mariadb-slave: - image: docker.io/bitnami/mariadb:11.3 + image: docker.io/bitnami/mariadb:11.4 ports: - '3306' depends_on: diff --git a/bitnami/mariadb/docker-compose.yml b/bitnami/mariadb/docker-compose.yml index 30e05c80010de..befe8e69c849d 100644 --- a/bitnami/mariadb/docker-compose.yml +++ b/bitnami/mariadb/docker-compose.yml @@ -1,11 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2.1' - services: mariadb: - image: docker.io/bitnami/mariadb:11.3 + image: docker.io/bitnami/mariadb:11.4 ports: - '3306:3306' volumes: diff --git a/bitnami/mastodon/4/debian-12/Dockerfile b/bitnami/mastodon/4/debian-12/Dockerfile index 13920d6da4565..b9a7c20eb7912 100644 --- a/bitnami/mastodon/4/debian-12/Dockerfile +++ b/bitnami/mastodon/4/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-30T15:32:10Z" \ + org.opencontainers.image.created="2025-01-11T18:25:47Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mastodon/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="4.2.9-debian-12-r0" \ + org.opencontainers.image.ref.name="4.3.2-debian-12-r2" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mastodon" \ org.opencontainers.image.title="mastodon" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="4.2.9" + org.opencontainers.image.version="4.3.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -25,21 +26,21 @@ ENV HOME="/" \ COPY prebuildfs / SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] # Install required system packages and dependencies -RUN install_packages acl ca-certificates curl ffmpeg file imagemagick libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libcurl4 libedit2 libffi8 libgcc-s1 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libicu72 libidn12 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.5-0 liblz4-1 liblzma5 libmd0 libncursesw6 libnettle8 libnghttp2-14 libnsl2 libp11-kit0 libpcre2-8-0 libpq5 libpsl5 libreadline-dev libreadline8 librtmp1 libsasl2-2 libsqlite3-0 libssh2-1 libssl-dev libssl3 libstdc++6 libtasn1-6 libtinfo6 libtirpc3 libunistring2 libuuid1 libxml2 libxslt1.1 libyaml-0-2 libyaml-dev libzstd1 procps sqlite3 zlib1g +RUN install_packages acl ca-certificates curl ffmpeg file imagemagick libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libcurl4 libedit2 libffi8 libgcc-s1 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libicu72 libidn12 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.5-0 liblz4-1 liblzma5 libmd0 libncursesw6 libnettle8 libnghttp2-14 libp11-kit0 libpcre2-8-0 libpq5 libpsl5 libreadline-dev libreadline8 librtmp1 libsasl2-2 libsqlite3-0 libssh2-1 libssl-dev libssl3 libstdc++6 libtasn1-6 libtinfo6 libunistring2 libuuid1 libxml2 libxslt1.1 libyaml-0-2 libyaml-dev libzstd1 procps sqlite3 zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.11.9-10-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "ruby-3.2.4-10-linux-${OS_ARCH}-debian-12" \ - "redis-client-7.0.15-4-linux-${OS_ARCH}-debian-12" \ - "postgresql-client-16.3.0-2-linux-${OS_ARCH}-debian-12" \ - "node-20.14.0-0-linux-${OS_ARCH}-debian-12" \ - "mastodon-4.2.9-0-linux-${OS_ARCH}-debian-12" \ + "python-3.13.1-1-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "ruby-3.2.6-0-linux-${OS_ARCH}-debian-12" \ + "redis-client-7.4.2-0-linux-${OS_ARCH}-debian-12" \ + "postgresql-client-17.2.0-0-linux-${OS_ARCH}-debian-12" \ + "node-22.13.0-1-linux-${OS_ARCH}-debian-12" \ + "mastodon-4.3.2-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -52,7 +53,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/mastodon/postunpack.sh -ENV APP_VERSION="4.2.9" \ +ENV APP_VERSION="4.3.2" \ BITNAMI_APP_NAME="mastodon" \ PATH="/opt/bitnami/python/bin:/opt/bitnami/common/bin:/opt/bitnami/ruby/bin:/opt/bitnami/redis/bin:/opt/bitnami/postgresql/bin:/opt/bitnami/node/bin:/opt/bitnami/mastodon/bin:$PATH" diff --git a/bitnami/mastodon/4/debian-12/docker-compose.yml b/bitnami/mastodon/4/debian-12/docker-compose.yml index 42ff00d7ccf14..17eb990ef0fa0 100644 --- a/bitnami/mastodon/4/debian-12/docker-compose.yml +++ b/bitnami/mastodon/4/debian-12/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: @@ -12,13 +11,13 @@ services: - POSTGRESQL_USERNAME=bn_mastodon - POSTGRESQL_PASSWORD=bitnami1 redis: - image: docker.io/bitnami/redis:7.0 + image: docker.io/bitnami/redis:latest volumes: - 'redis_data:/bitnami/redis' environment: - ALLOW_EMPTY_PASSWORD=yes elasticsearch: - image: docker.io/bitnami/elasticsearch:8 + image: docker.io/bitnami/elasticsearch:latest volumes: - 'elasticsearch_data:/bitnami/elasticsearch/data' environment: diff --git a/bitnami/mastodon/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mastodon/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 7e21810f41c3f..fb66b18a174fb 100644 --- a/bitnami/mastodon/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/mastodon/4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,42 +3,42 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.2.9-0" + "version": "4.3.2-0" }, "node": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "20.14.0-0" + "version": "22.13.0-1" }, "postgresql-client": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "16.3.0-2" + "version": "17.2.0-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.11.9-10" + "version": "3.13.1-1" }, "redis-client": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "7.0.15-4" + "version": "7.4.2-0" }, "ruby": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.2.4-10" + "version": "3.2.6-0" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/mastodon/4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mastodon/4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/mastodon/4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/mastodon/4/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/mastodon/4/debian-12/rootfs/opt/bitnami/scripts/mastodon/setup.sh b/bitnami/mastodon/4/debian-12/rootfs/opt/bitnami/scripts/mastodon/setup.sh index 0b6f651b59134..c93b4898210de 100755 --- a/bitnami/mastodon/4/debian-12/rootfs/opt/bitnami/scripts/mastodon/setup.sh +++ b/bitnami/mastodon/4/debian-12/rootfs/opt/bitnami/scripts/mastodon/setup.sh @@ -21,4 +21,4 @@ mastodon_validate # Ensure 'mastodon' user exists when running as 'root' am_i_root && ensure_user_exists "$MASTODON_DAEMON_USER" --group "$MASTODON_DAEMON_GROUP" -mastodon_initialize +mastodon_initialize \ No newline at end of file diff --git a/bitnami/mastodon/4/debian-12/tags-info.yaml b/bitnami/mastodon/4/debian-12/tags-info.yaml index 9d8bd0dec87c0..4c0ab21c42e1d 100644 --- a/bitnami/mastodon/4/debian-12/tags-info.yaml +++ b/bitnami/mastodon/4/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "4" - 4-debian-12 -- 4.2.9 +- 4.3.2 - latest diff --git a/bitnami/mastodon/README.md b/bitnami/mastodon/README.md index 83f461d1a7ebe..18248bd2c67cc 100644 --- a/bitnami/mastodon/README.md +++ b/bitnami/mastodon/README.md @@ -22,11 +22,17 @@ docker run -it --name mastodon bitnami/mastodon * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Mastodon in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Mastodon in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -137,7 +143,7 @@ docker-compose up mastodon | `MASTODON_MIGRATE_ELASTICSEARCH` | Run rake chewy:upgrade on startup. | `true` | | `MASTODON_ELASTICSEARCH_HOST` | Elasticsearch server host. | `elasticsearch` | | `MASTODON_ELASTICSEARCH_PORT_NUMBER` | Elasticsearch server port. | `9200` | -| `MASTODON_ELASTICSEARCH_USER` | Elasticsearch user password. | `elastic` | +| `MASTODON_ELASTICSEARCH_USER` | Elasticsearch user. | `elastic` | | `MASTODON_ELASTICSEARCH_PASSWORD` | Elasticsearch user password. | `nil` | | `MASTODON_S3_ENABLED` | Enable S3 | `false` | | `MASTODON_S3_BUCKET` | S3 Bucket for storing data | `bitnami_mastodon` | @@ -269,7 +275,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/mastodon/docker-compose.yml b/bitnami/mastodon/docker-compose.yml index 42ff00d7ccf14..17eb990ef0fa0 100644 --- a/bitnami/mastodon/docker-compose.yml +++ b/bitnami/mastodon/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: postgresql: - image: docker.io/bitnami/postgresql:16 + image: docker.io/bitnami/postgresql:latest volumes: - 'postgresql_data:/bitnami/postgresql' environment: @@ -12,13 +11,13 @@ services: - POSTGRESQL_USERNAME=bn_mastodon - POSTGRESQL_PASSWORD=bitnami1 redis: - image: docker.io/bitnami/redis:7.0 + image: docker.io/bitnami/redis:latest volumes: - 'redis_data:/bitnami/redis' environment: - ALLOW_EMPTY_PASSWORD=yes elasticsearch: - image: docker.io/bitnami/elasticsearch:8 + image: docker.io/bitnami/elasticsearch:latest volumes: - 'elasticsearch_data:/bitnami/elasticsearch/data' environment: diff --git a/bitnami/matomo/5/debian-12/Dockerfile b/bitnami/matomo/5/debian-12/Dockerfile index 8908fab28a9ad..6ab09a56213da 100644 --- a/bitnami/matomo/5/debian-12/Dockerfile +++ b/bitnami/matomo/5/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:45:13Z" \ + org.opencontainers.image.created="2025-01-11T18:24:51Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/matomo/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="5.0.3-debian-12-r8" \ + org.opencontainers.image.ref.name="5.2.1-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/matomo" \ org.opencontainers.image.title="matomo" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="5.0.3" + org.opencontainers.image.version="5.2.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,18 +29,18 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages acl ca-certificates cron curl libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 libldap-common liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps rsync zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "php-8.2.19-1-linux-${OS_ARCH}-debian-12" \ - "apache-2.4.59-2-linux-${OS_ARCH}-debian-12" \ - "mysql-client-10.11.7-4-linux-${OS_ARCH}-debian-12" \ - "libphp-8.2.19-1-linux-${OS_ARCH}-debian-12" \ - "ini-file-1.4.6-13-linux-${OS_ARCH}-debian-12" \ - "matomo-5.0.3-1-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "php-8.2.27-5-linux-${OS_ARCH}-debian-12" \ + "apache-2.4.62-4-linux-${OS_ARCH}-debian-12" \ + "mysql-client-10.11.10-0-linux-${OS_ARCH}-debian-12" \ + "libphp-8.2.27-0-linux-${OS_ARCH}-debian-12" \ + "ini-file-1.4.7-8-linux-${OS_ARCH}-debian-12" \ + "matomo-5.2.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -59,7 +60,7 @@ RUN /opt/bitnami/scripts/matomo/postunpack.sh RUN /opt/bitnami/scripts/mysql-client/postunpack.sh ENV APACHE_HTTPS_PORT_NUMBER="" \ APACHE_HTTP_PORT_NUMBER="" \ - APP_VERSION="5.0.3" \ + APP_VERSION="5.2.1" \ BITNAMI_APP_NAME="matomo" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:$PATH" diff --git a/bitnami/matomo/5/debian-12/docker-compose.yml b/bitnami/matomo/5/debian-12/docker-compose.yml index 2e67e20d7f303..334db7e6b7b1a 100644 --- a/bitnami/matomo/5/debian-12/docker-compose.yml +++ b/bitnami/matomo/5/debian-12/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: "2" services: mariadb: - image: docker.io/bitnami/mariadb:10.11 + image: docker.io/bitnami/mariadb:latest environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes diff --git a/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index ebc89a3b262f7..59535a0e1c3ea 100644 --- a/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,42 +3,42 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.4.59-2" + "version": "2.4.62-4" }, "ini-file": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.4.6-13" + "version": "1.4.7-8" }, "libphp": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.2.19-1" + "version": "8.2.27-0" }, "matomo": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "5.0.3-1" + "version": "5.2.1-0" }, "mysql-client": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "10.11.7-4" + "version": "10.11.10-0" }, "php": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "8.2.19-1" + "version": "8.2.27-5" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" } } \ No newline at end of file diff --git a/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh index 90652245c2a74..004e426fba178 100644 --- a/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh +++ b/bitnami/matomo/5/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -8,6 +8,7 @@ # Load Generic Libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh # Functions @@ -68,7 +69,12 @@ get_machine_ip() { error "Could not find any IP address associated to hostname ${hostname}" exit 1 fi - echo "${ip_addresses[0]}" + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi } ######################## diff --git a/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh index eb8f766a37bf1..5e39a42f625fa 100755 --- a/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ b/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh @@ -109,6 +109,7 @@ EOF apache_setup_bitnami_config # Ensure non-root user has write permissions on a set of directories +chmod g+w "$APACHE_BASE_DIR" for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do ensure_dir_exists "$dir" chmod -R g+rwX "$dir" diff --git a/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh index 39569da01dc3d..c702d828bc843 100644 --- a/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh +++ b/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh @@ -10,6 +10,7 @@ . /opt/bitnami/scripts/liblog.sh . /opt/bitnami/scripts/libos.sh . /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh ######################## # Validate settings in MYSQL_CLIENT_* environment variables @@ -438,69 +439,6 @@ mysql_stop() { fi } -######################## -# Initialize database data -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_install_db() { - local command="${DB_BIN_DIR}/mysql_install_db" - local -a args=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}") - - # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable - read -r -a db_extra_flags <<< "$(mysql_extra_flags)" - [[ "${#db_extra_flags[@]}" -gt 0 ]] && args+=("${db_extra_flags[@]}") - - am_i_root && args=("${args[@]}" "--user=$DB_DAEMON_USER") - if [[ "$DB_FLAVOR" = "mariadb" ]]; then - args+=("--auth-root-authentication-method=normal") - # Feature available only in MariaDB 10.5+ - # ref: https://mariadb.com/kb/en/mysql_install_db/#not-creating-the-test-database-and-anonymous-user - if [[ ! "$(mysql_get_version)" =~ ^10\.[01234]\. ]]; then - is_boolean_yes "$DB_SKIP_TEST_DB" && args+=("--skip-test-db") - fi - else - command="${DB_BIN_DIR}/mysqld" - args+=("--initialize-insecure") - fi - debug_execute "$command" "${args[@]}" -} - -######################## -# Upgrade Database Schema -# Globals: -# BITNAMI_DEBUG -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_upgrade() { - local -a args=("--defaults-file=${DB_CONF_FILE}" "-u" "$DB_ROOT_USER") - local major_version minor_version patch_version - major_version="$(get_sematic_version "$(mysql_get_version)" 1)" - minor_version="$(get_sematic_version "$(mysql_get_version)" 2)" - patch_version="$(get_sematic_version "$(mysql_get_version)" 3)" - info "Running mysql_upgrade" - if [[ "$DB_FLAVOR" = *"mysql"* ]] && [[ - "$major_version" -gt "8" - || ( "$major_version" -eq "8" && "$minor_version" -gt "0" ) - || ( "$major_version" -eq "8" && "$minor_version" -eq "0" && "$patch_version" -ge "16" ) - ]]; then - mysql_stop - mysql_start_bg "--upgrade=FORCE" - else - mysql_start_bg - is_boolean_yes "${ROOT_AUTH_ENABLED:-false}" && args+=("-p$(get_master_env_var_value ROOT_PASSWORD)") - debug_execute "${DB_BIN_DIR}/mysql_upgrade" "${args[@]}" || echo "This installation is already upgraded" - fi -} ######################## # Migrate old custom configuration files @@ -1021,14 +959,14 @@ find_jemalloc_lib() { ######################## # Execute a reliable health check against the current mysql instance # Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD +# DB_ROOT_USER, DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD # Arguments: # None # Returns: # mysqladmin output ######################### mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") + local args=("-u${DB_ROOT_USER}" "-h0.0.0.0") local root_password root_password="$(get_master_env_var_value ROOT_PASSWORD)" @@ -1089,6 +1027,20 @@ mysql_client_extra_opts() { value="$(mysql_client_env_value "SSL_${key^^}_FILE")" [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") done + else + # Skip SSL validation + if [[ "$(mysql_client_flavor)" = "mariadb" ]]; then + # SSL connections are enabled by default in MariaDB >=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi fi echo "${opts[@]:-}" } diff --git a/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/matomo/postunpack.sh b/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/matomo/postunpack.sh index 99291c6bc6ff4..2c5f7351ef4e4 100755 --- a/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/matomo/postunpack.sh +++ b/bitnami/matomo/5/debian-12/rootfs/opt/bitnami/scripts/matomo/postunpack.sh @@ -55,3 +55,6 @@ ensure_web_server_app_configuration_exists "matomo" --type php --apache-move-hta # Copy all initially generated configuration files to the default directory # (this is to avoid breaking when entrypoint is being overridden) cp -r "/opt/bitnami/$(web_server_type)/conf"/* "/opt/bitnami/$(web_server_type)/conf.default" + +# This is necessary for the libpersistence.sh scripts to work when running as non-root +chmod g+w "$BITNAMI_ROOT_DIR" diff --git a/bitnami/matomo/5/debian-12/tags-info.yaml b/bitnami/matomo/5/debian-12/tags-info.yaml index 693f25fa73e84..e9ff9ebd07b75 100644 --- a/bitnami/matomo/5/debian-12/tags-info.yaml +++ b/bitnami/matomo/5/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "5" - 5-debian-12 -- 5.0.3 +- 5.2.1 - latest diff --git a/bitnami/matomo/README.md b/bitnami/matomo/README.md index 5e86652d9b4da..bf5e387860f00 100644 --- a/bitnami/matomo/README.md +++ b/bitnami/matomo/README.md @@ -25,15 +25,21 @@ eployment. * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Matomo in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Matomo in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -531,7 +537,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/matomo/docker-compose.yml b/bitnami/matomo/docker-compose.yml index 2e67e20d7f303..334db7e6b7b1a 100644 --- a/bitnami/matomo/docker-compose.yml +++ b/bitnami/matomo/docker-compose.yml @@ -1,10 +1,9 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: "2" services: mariadb: - image: docker.io/bitnami/mariadb:10.11 + image: docker.io/bitnami/mariadb:latest environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes diff --git a/bitnami/mediawiki/1/debian-12/Dockerfile b/bitnami/mediawiki/1/debian-12/Dockerfile deleted file mode 100644 index ec8efc158bdd1..0000000000000 --- a/bitnami/mediawiki/1/debian-12/Dockerfile +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-22T10:32:41Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mediawiki/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.41.1-debian-12-r8" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mediawiki" \ - org.opencontainers.image.title="mediawiki" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.41.1" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages acl ca-certificates curl libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "php-8.1.28-7-linux-${OS_ARCH}-debian-12" \ - "apache-2.4.59-2-linux-${OS_ARCH}-debian-12" \ - "mysql-client-11.3.2-3-linux-${OS_ARCH}-debian-12" \ - "libphp-8.1.28-1-linux-${OS_ARCH}-debian-12" \ - "mediawiki-1.41.1-1-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get autoremove --purge -y curl && \ - apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - -COPY rootfs / -RUN /opt/bitnami/scripts/apache/postunpack.sh -RUN /opt/bitnami/scripts/php/postunpack.sh -RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh -RUN /opt/bitnami/scripts/mediawiki/postunpack.sh -RUN /opt/bitnami/scripts/mysql-client/postunpack.sh -ENV APACHE_HTTPS_PORT_NUMBER="" \ - APACHE_HTTP_PORT_NUMBER="" \ - APP_VERSION="1.41.1" \ - BITNAMI_APP_NAME="mediawiki" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:$PATH" - -EXPOSE 8080 8443 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mediawiki/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/apache/run.sh" ] diff --git a/bitnami/mediawiki/1/debian-12/docker-compose.yml b/bitnami/mediawiki/1/debian-12/docker-compose.yml deleted file mode 100644 index 66b2310dd903b..0000000000000 --- a/bitnami/mediawiki/1/debian-12/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - mariadb: - image: docker.io/bitnami/mariadb:11.3 - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_mediawiki - - MARIADB_DATABASE=bitnami_mediawiki - volumes: - - 'mariadb_data:/bitnami/mariadb' - mediawiki: - image: docker.io/bitnami/mediawiki:1 - ports: - - '80:8080' - - '443:8443' - environment: - - MEDIAWIKI_DATABASE_HOST=mariadb - - MEDIAWIKI_DATABASE_PORT_NUMBER=3306 - - MEDIAWIKI_DATABASE_USER=bn_mediawiki - - MEDIAWIKI_DATABASE_NAME=bitnami_mediawiki - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - 'mediawiki_data:/bitnami/mediawiki' - depends_on: - - mariadb -volumes: - mariadb_data: - driver: local - mediawiki_data: - driver: local diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 0ca95dce56992..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "apache": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.4.59-2" - }, - "libphp": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.1.28-1" - }, - "mediawiki": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.41.1-1" - }, - "mysql-client": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "11.3.2-3" - }, - "php": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "8.1.28-7" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - } -} \ No newline at end of file diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 1c69e0e48a5d0..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 970d624179642..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - [ -d "${dir}" ] || mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - find -L "$p" -printf "" - if [[ -n $dir_mode ]]; then - find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" - fi - if [[ -n $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" - elif [[ -n $user ]] && [[ -z $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}" - elif [[ -z $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chgrp "${group}" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index f3a5fe7868eed..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index 450f05bd823ff..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index 9d908c48579b9..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,657 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# --name - Distro name -# --pretty-name - Distro pretty name -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - --name) - get_os_release_metadata NAME - ;; - --pretty-name) - get_os_release_metadata PRETTY_NAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - numeric) - filter="0-9" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - alphanumeric+special|special+alphanumeric) - # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters - # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9:@.,/+!=' - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Get boot time -# Globals: -# None -# Arguments: -# None -# Returns: -# Boot time metadata -######################### -get_boot_time() { - stat /proc --format=%Y -} - -######################## -# Get machine ID -# Globals: -# None -# Arguments: -# None -# Returns: -# Machine ID -######################### -get_machine_id() { - local machine_id - if [[ -f /etc/machine-id ]]; then - machine_id="$(cat /etc/machine-id)" - fi - if [[ -z "$machine_id" ]]; then - # Fallback to the boot-time, which will at least ensure a unique ID in the current session - machine_id="$(get_boot_time)" - fi - echo "$machine_id" -} - -######################## -# Get the root partition's disk device ID (e.g. /dev/sda1) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root partition disk ID -######################### -get_disk_device_id() { - local device_id="" - if grep -q ^/dev /proc/mounts; then - device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" - fi - # If it could not be autodetected, fallback to /dev/sda1 as a default - if [[ -z "$device_id" || ! -b "$device_id" ]]; then - device_id="/dev/sda1" - fi - echo "$device_id" -} - -######################## -# Get the root disk device ID (e.g. /dev/sda) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk ID -######################### -get_root_disk_device_id() { - get_disk_device_id | sed -E 's/p?[0-9]+$//' -} - -######################## -# Get the root disk size in bytes -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk size in bytes -######################### -get_root_disk_size() { - fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 18445e7d27fa3..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index 1f9b33096b026..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat < "${logrotate_conf_dir}/${service_name}" -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} - -######################## -# Generate a Systemd configuration file -# Arguments: -# $1 - Service name -# Flags: -# --custom-service-content - Custom content to add to the [service] block -# --environment - Environment variable to define (multiple --environment options may be passed) -# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) -# --exec-start - Start command (required) -# --exec-start-pre - Pre-start command (optional) -# --exec-start-post - Post-start command (optional) -# --exec-stop - Stop command (optional) -# --exec-reload - Reload command (optional) -# --group - System group to start the service with -# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) -# --restart - When to restart the Systemd service after being stopped (defaults to always) -# --pid-file - Service PID file -# --standard-output - File where to print stdout output -# --standard-error - File where to print stderr output -# --success-exit-status - Exit code that indicates a successful shutdown -# --type - Systemd unit type (defaults to forking) -# --user - System user to start the service with -# --working-directory - Working directory at which to start the service -# Returns: -# None -######################### -generate_systemd_conf() { - local -r service_name="${1:?service name is missing}" - local -r systemd_units_dir="/etc/systemd/system" - local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" - # Default values - local name="$service_name" - local type="forking" - local user="" - local group="" - local environment="" - local environment_file="" - local exec_start="" - local exec_start_pre="" - local exec_start_post="" - local exec_stop="" - local exec_reload="" - local restart="always" - local pid_file="" - local standard_output="journal" - local standard_error="" - local limits_content="" - local success_exit_status="" - local custom_service_content="" - local working_directory="" - # Parse CLI flags - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --name \ - | --type \ - | --user \ - | --group \ - | --exec-start \ - | --exec-stop \ - | --exec-reload \ - | --restart \ - | --pid-file \ - | --standard-output \ - | --standard-error \ - | --success-exit-status \ - | --custom-service-content \ - | --working-directory \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "$var_name"="${1:?"${var_name} value is missing"}" - ;; - --limit-*) - [[ -n "$limits_content" ]] && limits_content+=$'\n' - var_name="${1//--limit-}" - shift - limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" - ;; - --exec-start-pre) - shift - [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' - exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" - ;; - --exec-start-post) - shift - [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' - exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" - ;; - --environment) - shift - # It is possible to add multiple environment lines - [[ -n "$environment" ]] && environment+=$'\n' - environment+="Environment=${1:?"--environment value is missing"}" - ;; - --environment-file) - shift - # It is possible to add multiple environment-file lines - [[ -n "$environment_file" ]] && environment_file+=$'\n' - environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - # Validate inputs - local error="no" - if [[ -z "$exec_start" ]]; then - error "The --exec-start option is required" - error="yes" - fi - if [[ "$error" != "no" ]]; then - return 1 - fi - # Generate the Systemd unit - cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" - fi - if [[ -n "$exec_start_pre" ]]; then - # This variable may contain multiple ExecStartPre= directives - cat >> "$service_file" <<< "$exec_start_pre" - fi - if [[ -n "$exec_start" ]]; then - cat >> "$service_file" <<< "ExecStart=${exec_start}" - fi - if [[ -n "$exec_start_post" ]]; then - # This variable may contain multiple ExecStartPost= directives - cat >> "$service_file" <<< "$exec_start_post" - fi - # Optional stop and reload commands - if [[ -n "$exec_stop" ]]; then - cat >> "$service_file" <<< "ExecStop=${exec_stop}" - fi - if [[ -n "$exec_reload" ]]; then - cat >> "$service_file" <<< "ExecReload=${exec_reload}" - fi - # User and group - if [[ -n "$user" ]]; then - cat >> "$service_file" <<< "User=${user}" - fi - if [[ -n "$group" ]]; then - cat >> "$service_file" <<< "Group=${group}" - fi - # PID file allows to determine if the main process is running properly (for Restart=always) - if [[ -n "$pid_file" ]]; then - cat >> "$service_file" <<< "PIDFile=${pid_file}" - fi - if [[ -n "$restart" ]]; then - cat >> "$service_file" <<< "Restart=${restart}" - fi - # Environment flags - if [[ -n "$environment" ]]; then - # This variable may contain multiple Environment= directives - cat >> "$service_file" <<< "$environment" - fi - if [[ -n "$environment_file" ]]; then - # This variable may contain multiple EnvironmentFile= directives - cat >> "$service_file" <<< "$environment_file" - fi - # Logging - if [[ -n "$standard_output" ]]; then - cat >> "$service_file" <<< "StandardOutput=${standard_output}" - fi - if [[ -n "$standard_error" ]]; then - cat >> "$service_file" <<< "StandardError=${standard_error}" - fi - if [[ -n "$custom_service_content" ]]; then - # This variable may contain multiple miscellaneous directives - cat >> "$service_file" <<< "$custom_service_content" - fi - if [[ -n "$success_exit_status" ]]; then - cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv6() { - local ip="${1:?ip is missing}" - local stat=1 - local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' - local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' - - if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then - stat=0 - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 or IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ip() { - local ip="${1:?ip is missing}" - local stat=1 - - if validate_ipv4 "$ip"; then - stat=0 - else - stat=$(validate_ipv6 "$ip") - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f0d5a5cd33892..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[j]="${BASH_REMATCH[$i]}" - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index acb84fc2339bb..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl start "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" - fi -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl stop "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" - fi -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl restart "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" - fi -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl reload "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" - fi -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mediawiki/1/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mediawiki/1/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mediawiki/1/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mediawiki/1/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf deleted file mode 100644 index 6016f8fbe5829..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf +++ /dev/null @@ -1,5 +0,0 @@ - - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript - AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript - AddOutputFilterByType DEFLATE application/rss+xml - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf deleted file mode 100644 index c0838da2a4e53..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf +++ /dev/null @@ -1,7 +0,0 @@ - - ServerName status.localhost - - Require local - SetHandler server-status - - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh deleted file mode 100644 index b8762c6583591..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Environment configuration for apache - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-apache}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -apache_env_vars=( - APACHE_HTTP_PORT_NUMBER - APACHE_HTTPS_PORT_NUMBER - APACHE_SERVER_TOKENS - APACHE_HTTP_PORT - APACHE_HTTPS_PORT -) -for env_var in "${apache_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset apache_env_vars -export WEB_SERVER_TYPE="apache" - -# Paths -export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache" -export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin" -export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf" -export APACHE_DEFAULT_CONF_DIR="${APACHE_BASE_DIR}/conf.default" -export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs" -export APACHE_TMP_DIR="${APACHE_BASE_DIR}/var/run" -export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs" -export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts" -export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess" -export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf" -export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid" -export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" - -# System users (when running with a privileged user) -export APACHE_DAEMON_USER="daemon" -export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER" -export APACHE_DAEMON_GROUP="daemon" -export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP" -export WEB_SERVER_GROUP="$APACHE_DAEMON_GROUP" - -# Apache configuration -export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080" -export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER" # only used at build time -export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443" -export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER" # only used at build time -APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-"${APACHE_HTTP_PORT:-}"}" -export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}" -export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER" -APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-"${APACHE_HTTPS_PORT:-}"}" -export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}" -export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER" -export APACHE_SERVER_TOKENS="${APACHE_SERVER_TOKENS:-Prod}" - -# Custom environment variables may be defined below diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh deleted file mode 100755 index f2303ab692fbf..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libversion.sh -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh -. /opt/bitnami/scripts/php-env.sh - -# Enable required Apache modules -apache_enable_module "mpm_prefork_module" -php_version="$("${PHP_BIN_DIR}/php" -v | grep ^PHP | cut -d' ' -f2))" -php_major_version="$(get_sematic_version "$php_version" 1)" -if [[ "$php_major_version" -eq "8" ]]; then - apache_enable_module "php_module" "modules/libphp.so" -else - apache_enable_module "php${php_major_version}_module" "modules/libphp${php_major_version}.so" -fi - -# Disable incompatible Apache modules -apache_disable_module "mpm_event_module" - -# Write Apache configuration -apache_php_conf_file="${APACHE_CONF_DIR}/bitnami/php.conf" -cat > "$apache_php_conf_file" < - {{server_name_configuration}} - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl deleted file mode 100644 index 589538513c9c9..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl deleted file mode 100644 index c895e537502a2..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl +++ /dev/null @@ -1 +0,0 @@ -{{additional_configuration}} diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl deleted file mode 100644 index 96be8f8227715..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - - {{additional_http_configuration}} - {{additional_configuration}} - {{htaccess_include}} - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl deleted file mode 100644 index 1ad938929726e..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - - {{additional_https_configuration}} - {{additional_configuration}} - {{htaccess_include}} - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl deleted file mode 100644 index fc0f6c2181961..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{extra_directory_configuration}} - -{{additional_configuration}} -{{htaccess_include}} diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl deleted file mode 100644 index 9440b89d28bfa..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - {{proxy_configuration}} - {{proxy_http_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl deleted file mode 100644 index 577cd461eb9dc..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - {{proxy_configuration}} - {{proxy_https_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl deleted file mode 100644 index 7ac08b131680b..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - {{proxy_configuration}} - ProxyPass / {{proxy_address}} - ProxyPassReverse / {{proxy_address}} - {{extra_directory_configuration}} - -{{additional_configuration}} diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl deleted file mode 100644 index f518c7d42aab8..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{http_listen_configuration}} -{{before_vhost_configuration}} -PassengerPreStart http://localhost:{{http_port}}/ - - {{server_name_configuration}} - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - - {{additional_http_configuration}} - {{additional_configuration}} - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl deleted file mode 100644 index 5aae54c37d3ba..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{https_listen_configuration}} -{{before_vhost_configuration}} -PassengerPreStart https://localhost:{{https_port}}/ - - {{server_name_configuration}} - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - DocumentRoot {{document_root}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - - {{additional_https_configuration}} - {{additional_configuration}} - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl deleted file mode 100644 index 2242d656b5a83..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{prefix_conf}} - - Options -Indexes +FollowSymLinks -MultiViews - AllowOverride {{allow_override}} - {{acl_configuration}} - PassengerEnabled on - {{extra_directory_configuration}} - -{{additional_configuration}} diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl deleted file mode 100644 index f1d31ed3ecc35..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl +++ /dev/null @@ -1,29 +0,0 @@ -# Default SSL Virtual Host configuration. - - - LoadModule ssl_module modules/mod_ssl.so - - -Listen 443 -SSLProtocol all -SSLv2 -SSLv3 -SSLHonorCipherOrder on -SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4" -SSLPassPhraseDialog builtin -SSLSessionCache "shmcb:{{APACHE_LOGS_DIR}}/ssl_scache(512000)" -SSLSessionCacheTimeout 300 - - - DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" - SSLEngine on - SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" - SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" - - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - - # Error Documents - ErrorDocument 503 /503.html - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl deleted file mode 100644 index 75a255c3efee8..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl +++ /dev/null @@ -1,17 +0,0 @@ -# Default Virtual Host configuration. - -# Let Apache know we're behind a SSL reverse proxy -SetEnvIf X-Forwarded-Proto https HTTPS=on - - - DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - - # Error Documents - ErrorDocument 503 /503.html - - diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh deleted file mode 100755 index f43c6c4fe59c6..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -#set -o xtrace - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -print_welcome_page - -# We add the copy from default config in the entrypoint to not break users -# bypassing the setup.sh logic. If the file already exists do not overwrite (in -# case someone mounts a configuration file in /opt/bitnami/apache/conf) -debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" -cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" - -if [[ "$*" == *"/opt/bitnami/scripts/apache/run.sh"* ]]; then - info "** Starting Apache setup **" - /opt/bitnami/scripts/apache/setup.sh - info "** Apache setup finished! **" -fi - -echo "" -exec "$@" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh deleted file mode 100755 index eb8f766a37bf1..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh - -######################## -# Sets up the default Bitnami configuration -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_setup_bitnami_config() { - local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" - - # Enable Apache modules - local -a modules_to_enable=( - "deflate_module" - "negotiation_module" - "proxy[^\s]*_module" - "rewrite_module" - "slotmem_shm_module" - "socache_shmcb_module" - "ssl_module" - "status_module" - "version_module" - ) - for module in "${modules_to_enable[@]}"; do - apache_enable_module "$module" - done - - # Disable Apache modules - local -a modules_to_disable=( - "http2_module" - "proxy_hcheck_module" - "proxy_html_module" - "proxy_http2_module" - ) - for module in "${modules_to_disable[@]}"; do - apache_disable_module "$module" - done - - # Bitnami customizations - ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" - render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" - render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - - # Add new configuration only once, to avoid a second postunpack run breaking Apache - local apache_conf_add - apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < - RequestHeader unset Proxy - -EOF - fi -} - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -apache_setup_bitnami_config - -# Ensure non-root user has write permissions on a set of directories -for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do - ensure_dir_exists "$dir" - chmod -R g+rwX "$dir" -done - -# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides -ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" - -ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" -ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" - -# This file is necessary for avoiding the error -# "unable to write random state" -# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean - -touch /.rnd && chmod g+rw /.rnd - -# Copy all initially generated configuration files to the default directory -# (this is to avoid breaking when entrypoint is being overridden) -cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh deleted file mode 100755 index b5c43c48391c1..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -info "** Reloading Apache configuration **" -exec "${APACHE_BIN_DIR}/apachectl" -k graceful diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh deleted file mode 100755 index 7735dea1e9626..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -/opt/bitnami/scripts/apache/stop.sh -/opt/bitnami/scripts/apache/start.sh diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh deleted file mode 100755 index 23f1e3179c505..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -info "** Starting Apache **" -exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh deleted file mode 100755 index c1f6b373c1cd6..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libapache.sh - -# Load Apache environment -. /opt/bitnami/scripts/apache-env.sh - -# Ensure Apache environment variables are valid -apache_validate - -# Ensure Apache daemon user exists when running as 'root' -am_i_root && ensure_user_exists "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" - -if ! is_dir_empty "$APACHE_DEFAULT_CONF_DIR"; then - # We add the copy from default config in the initialize function for web applications - # that make use of the Apache setup.sh script - debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" - cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" -fi -# Generate SSL certs (without a passphrase) -ensure_dir_exists "${APACHE_CONF_DIR}/bitnami/certs" -if [[ ! -f "${APACHE_CONF_DIR}/bitnami/certs/server.crt" ]]; then - info "Generating sample certificates" - SSL_KEY_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.key" - SSL_CERT_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.crt" - SSL_CSR_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.csr" - SSL_SUBJ="/CN=example.com" - SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" - rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" - openssl genrsa -out "$SSL_KEY_FILE" 4096 - # OpenSSL version 1.0.x does not use the same parameters as OpenSSL >= 1.1.x - if [[ "$(openssl version | grep -oE "[0-9]+\.[0-9]+")" == "1.0" ]]; then - openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" - else - openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" - fi - openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") - rm -f "$SSL_CSR_FILE" -fi -# Load SSL configuration -if [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]] && [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then - ensure_apache_configuration_exists "Include \"${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf\"" "bitnami-ssl\.conf" "${APACHE_CONF_DIR}/bitnami/bitnami.conf" -fi - -# Copy vhosts files -if ! is_dir_empty "/vhosts"; then - info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'" - cp -Lr "/vhosts/." "${APACHE_VHOSTS_DIR}" -fi - -# Mount certificate files -if ! is_dir_empty "${APACHE_BASE_DIR}/certs"; then - warn "The directory '${APACHE_BASE_DIR}/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#using-custom-ssl-certificates" - warn "Restoring certificates at '${APACHE_BASE_DIR}/certs' to '${APACHE_CONF_DIR}/bitnami/certs'" - rm -rf "${APACHE_CONF_DIR}/bitnami/certs" - ln -sf "${APACHE_BASE_DIR}/certs" "${APACHE_CONF_DIR}/bitnami/certs" -elif ! is_dir_empty "/certs"; then - info "Mounting certificates files from '/certs'" - rm -rf "${APACHE_CONF_DIR}/bitnami/certs" - ln -sf "/certs" "${APACHE_CONF_DIR}/bitnami/certs" -fi - -# Mount application files -if ! is_dir_empty "/app"; then - info "Mounting application files from '/app'" - rm -rf "$APACHE_HTDOCS_DIR" - ln -sf "/app" "$APACHE_HTDOCS_DIR" -fi - -# Restore persisted configuration files (deprecated) -if ! is_dir_empty "/bitnami/apache/conf"; then - warn "The directory '/bitnami/apache/conf' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '${APACHE_CONF_DIR}' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#full-configuration" - warn "Restoring configuration at '/bitnami/apache/conf' to '${APACHE_CONF_DIR}'" - rm -rf "$APACHE_CONF_DIR" - ln -sf "/bitnami/apache/conf" "$APACHE_CONF_DIR" -fi - -# Update ports in configuration -[[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && info "Configuring the HTTP port" && apache_configure_http_port "$APACHE_HTTP_PORT_NUMBER" -[[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && info "Configuring the HTTPS port" && apache_configure_https_port "$APACHE_HTTPS_PORT_NUMBER" - -# Configure ServerTokens with user values -[[ -n "$APACHE_SERVER_TOKENS" ]] && info "Configuring Apache ServerTokens directive" && apache_configure_server_tokens "$APACHE_SERVER_TOKENS" - -# Fix logging issue when running as root -! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh deleted file mode 100755 index b47c8aacba892..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -error_code=0 - -if is_apache_not_running; then - "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" - if ! retry_while "is_apache_running"; then - error "apache did not start" - error_code=1 - else - info "apache started" - fi -else - info "apache is already running" -fi - -exit "$error_code" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh deleted file mode 100755 index db8c132c0e826..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -if is_apache_running; then - info "apache is already running" -else - info "apache is not running" -fi diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh deleted file mode 100755 index adc6613b0a9e1..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libapache.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load Apache environment variables -. /opt/bitnami/scripts/apache-env.sh - -error_code=0 - -if is_apache_running; then - BITNAMI_QUIET=1 apache_stop - if ! retry_while "is_apache_not_running"; then - error "apache could not be stopped" - error_code=1 - else - info "apache stopped" - fi -else - info "apache is not running" -fi - -exit "$error_code" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libapache.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libapache.sh deleted file mode 100644 index d6eb686df3f6f..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libapache.sh +++ /dev/null @@ -1,808 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami Apache library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -######################## -# Validate settings in APACHE_* env vars -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_validate() { - debug "Validating settings in APACHE_* environment variables" - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - check_allowed_port() { - local port_var="${1:?missing port variable}" - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("${!port_var}") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - [[ -w "$APACHE_CONF_FILE" ]] || warn "The Apache configuration file '${APACHE_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied." - - if [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]]; then - if [[ "$APACHE_HTTP_PORT_NUMBER" -eq "$APACHE_HTTPS_PORT_NUMBER" ]]; then - print_validation_error "APACHE_HTTP_PORT_NUMBER and APACHE_HTTPS_PORT_NUMBER are bound to the same port!" - fi - fi - - [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTP_PORT_NUMBER - [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTPS_PORT_NUMBER - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Configure Apache's HTTP port -# Globals: -# APACHE_CONF_FILE, APACHE_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -apache_configure_http_port() { - local -r port=${1:?missing port} - local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" - local -r server_name_exp="s|^\s*#?\s*ServerName\s+([^:\s]+)(:[0-9]+)?$|ServerName \1:${port}|" - local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_FILE}" - apache_configuration="$(sed -E -e "$listen_exp" -e "$server_name_exp" "$APACHE_CONF_FILE")" - echo "$apache_configuration" > "$APACHE_CONF_FILE" - fi - - if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami.conf" - apache_configuration="$(sed -E "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami.conf")" - echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" - fi - - if [[ -w "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_VHOSTS_DIR}/00_status-vhost.conf" - apache_configuration="$(sed -E "$vhost_exp" "${APACHE_VHOSTS_DIR}/00_status-vhost.conf")" - echo "$apache_configuration" > "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" - fi -} - -######################## -# Configure Apache's HTTPS port -# Globals: -# APACHE_CONF_DIR -# Arguments: -# None -# Returns: -# None -######################### -apache_configure_https_port() { - local -r port=${1:?missing port} - local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" - local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" - local apache_configuration - - if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then - debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - apache_configuration="$(sed -E -e "$listen_exp" -e "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf")" - echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" - fi -} - -######################## -# Configure Apache's ServerTokens directive -# Globals: -# APACHE_CONF_DIR -# Arguments: -# $1 - Value for ServerTokens directive -# Returns: -# None -######################### -apache_configure_server_tokens() { - local -r value=${1:?missing value} - local -r server_tokens_exp="s|^\s*ServerTokens\s+\w+\s*$|ServerTokens ${value}|" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Configuring ServerTokens ${value} on file ${APACHE_CONF_FILE}" - apache_configuration="$(sed -E -e "$server_tokens_exp" "$APACHE_CONF_FILE")" - echo "$apache_configuration" > "$APACHE_CONF_FILE" - fi -} - -######################## -# Enable a module in the Apache configuration file -# Globals: -# APACHE_CONF_FILE -# Arguments: -# $1 - Module to enable -# $2 - Path to module .so file (optional if already defined in httpd.conf) -# Returns: -# None -######################### -apache_enable_module() { - local -r name="${1:?missing name}" - local -r file="${2:-}" - local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Enabling module '${name}'" - if grep -q -E "$regex" "$APACHE_CONF_FILE"; then - # Uncomment line if the module was already defined - replace_in_file "$APACHE_CONF_FILE" "$regex" "\1" - elif [[ -n "$file" ]]; then - # Add right after the last LoadModule, so all Apache modules are organized in the same section of the file - append_file_after_last_match "$APACHE_CONF_FILE" "^[#\s]*LoadModule" "LoadModule ${name} ${file}" - else - error "Module ${name} was not defined in ${APACHE_CONF_FILE}. Please specify the 'file' parameter for 'apache_enable_module'." - fi - fi -} - -######################## -# Disable a module in the Apache configuration file -# Globals: -# APACHE_CONF_FILE -# Arguments: -# $1 - Module to disable -# Returns: -# None -######################### -apache_disable_module() { - local -r name="${1:?missing name}" - local -r file="${2:-}" - local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" - local apache_configuration - - if [[ -w "$APACHE_CONF_FILE" ]]; then - debug "Disabling module '${name}'" - replace_in_file "$APACHE_CONF_FILE" "$regex" "#\1" - fi -} - -######################## -# Stop Apache -# Globals: -# APACHE_* -# Arguments: -# None -# Returns: -# None -######################### -apache_stop() { - is_apache_not_running && return - stop_service_using_pid "$APACHE_PID_FILE" -} - -######################## -# Check if Apache is running -# Globals: -# APACHE_PID_FILE -# Arguments: -# None -# Returns: -# Whether Apache is running -######################## -is_apache_running() { - local pid - pid="$(get_pid_from_file "$APACHE_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Apache is running -# Globals: -# APACHE_PID_FILE -# Arguments: -# None -# Returns: -# Whether Apache is not running -######################## -is_apache_not_running() { - ! is_apache_running -} - -######################## -# Ensure configuration gets added to the main Apache configuration file -# Globals: -# APACHE_* -# Arguments: -# $1 - configuration string -# $2 - pattern to use for checking if the configuration already exists (default: $1) -# $3 - Apache configuration file (default: $APACHE_CONF_FILE) -# Returns: -# None -######################## -ensure_apache_configuration_exists() { - local -r conf="${1:?conf missing}" - local -r pattern="${2:-"$conf"}" - local -r conf_file="${3:-"$APACHE_CONF_FILE"}" - # Enable configuration by appending to httpd.conf - if ! grep -E -q "$pattern" "$conf_file"; then - if is_file_writable "$conf_file"; then - cat >> "$conf_file" <<< "$conf" - else - error "Could not add the following configuration to '${conf_file}:" - error "" - error "$(indent "$conf" 4)" - error "" - error "Include the configuration manually and try again." - return 1 - fi - fi -} - -######################## -# Collect all the .htaccess files from /opt/bitnami/$name and write the result in the 'htaccess' directory -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# $2 - Overwrite the original .htaccess with the explanation text (defaults to 'yes') -# Flags: -# --document-root - Path to document root directory -# Returns: -# None -######################## -apache_replace_htaccess_files() { - local -r app="${1:?missing app}" - local -r result_file="${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" - # Default options - local document_root="${BITNAMI_ROOT_DIR}/${app}" - local overwrite="yes" - local -a htaccess_files - local htaccess_dir - local htaccess_contents - # Validate arguments - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --document-root) - shift - document_root="$1" - ;; - --overwrite) - shift - overwrite="$1" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - if is_file_writable "$result_file"; then - # Locate all .htaccess files inside the document root - read -r -a htaccess_files <<< "$(find "$document_root" -name .htaccess -print0 | xargs -0)" - [[ "${#htaccess_files[@]}" = 0 ]] && return - # Create file with root group write privileges, so it can be modified in non-root containers - [[ ! -f "$result_file" ]] && touch "$result_file" && chmod g+rw "$result_file" - for htaccess_file in "${htaccess_files[@]}"; do - htaccess_dir="$(dirname "$htaccess_file")" - htaccess_contents="$(indent "$(< "$htaccess_file")" 2)" - # Skip if it was already included to the resulting htaccess file - if grep -q "^" <<< "$htaccess_contents"; then - continue - fi - # Add to the htaccess file - cat >> "$result_file" < -${htaccess_contents} - -EOF - # Overwrite the original .htaccess with the explanation text - if is_boolean_yes "$overwrite"; then - echo "# This configuration has been moved to the ${result_file} config file for performance and security reasons" > "$htaccess_file" - fi - done - elif [[ ! -f "$result_file" ]]; then - error "Could not create htaccess for ${app} at '${result_file}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} htaccess file '${result_file}' is not writable. Configurations based on environment variables will not be applied for this file." - return - fi -} - -######################## -# Ensure an Apache application configuration exists (in virtual host format) -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases (defaults to '*') -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render the app's virtual hosts with a .disabled prefix -# --disable-http - Whether to render the app's HTTP virtual host with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS virtual host with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# --additional-configuration - Additional vhost configuration (no default) -# --additional-http-configuration - Additional HTTP vhost configuration (no default) -# --additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --before-vhost-configuration - Configuration to add before the directive (no default) -# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --document-root - Path to document root directory -# --extra-directory-configuration - Extra configuration for the document root directory -# --proxy-address - Address where to proxy requests -# --proxy-configuration - Extra configuration for the proxy -# --proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_apache_app_configuration_exists() { - local -r app="${1:?missing app}" - # Default options - local type="" - local -a hosts=("127.0.0.1" "_default_") - local server_name="www.example.com" # Default ServerName in httpd.conf - local -a server_aliases=("*") - local allow_remote_connections="yes" - local disable="no" - local disable_http="no" - local disable_https="no" - local move_htaccess="yes" - # Template variables defaults - export additional_configuration="" - export additional_http_configuration="" - export additional_https_configuration="" - export before_vhost_configuration="" - export allow_override="All" - export document_root="${BITNAMI_ROOT_DIR}/${app}" - export extra_directory_configuration="" - export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" - export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" - export http_port="$default_http_port" - export https_port="$default_https_port" - export proxy_address="" - export proxy_configuration="" - export proxy_http_configuration="" - export proxy_https_configuration="" - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --hosts \ - | --server-aliases) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - read -r -a "${var_name?}" <<< "$1" - ;; - --disable \ - | --disable-http \ - | --disable-https \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - export "${var_name}=yes" - ;; - --type \ - | --server-name \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --move-htaccess \ - | --additional-configuration \ - | --additional-http-configuration \ - | --additional-https-configuration \ - | --before-vhost-configuration \ - | --allow-override \ - | --document-root \ - | --extra-directory-configuration \ - | --proxy-address \ - | --proxy-configuration \ - | --proxy-http-configuration \ - | --proxy-https-configuration \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - export "${var_name}=${1}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Construct listen ports configuration (only to add when using non-standard ports) - export http_listen_configuration="" - export https_listen_configuration="" - [[ "$http_port" != "$default_http_port" ]] && http_listen_configuration="Listen ${http_port}" - [[ "$https_port" != "$default_https_port" ]] && https_listen_configuration="Listen ${https_port}" - # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" - export http_listen_addresses="" - export https_listen_addresses="" - for host in "${hosts[@]}"; do - http_listen="${host}:${http_port}" - https_listen="${host}:${https_port}" - [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" - [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" - done - # Construct ServerName/ServerAlias block - export server_name_configuration="" - if ! is_empty_value "${server_name:-}"; then - server_name_configuration="ServerName ${server_name}" - fi - if [[ "${#server_aliases[@]}" -gt 0 ]]; then - server_name_configuration+=$'\n'"ServerAlias ${server_aliases[*]}" - fi - # App .htaccess support (only when type is not defined) - export htaccess_include - [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" - if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then - allow_override="None" - htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" - else - # allow_override is already set to the expected value - htaccess_include="" - fi - # ACL configuration - export acl_configuration - if is_boolean_yes "$allow_remote_connections"; then - acl_configuration="Require all granted" - else - acl_configuration="$(cat < "$http_vhost" - elif [[ ! -f "$http_vhost" ]]; then - error "Could not create virtual host for ${app} at '${http_vhost}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - if is_file_writable "$https_vhost"; then - # Create file with root group write privileges, so it can be modified in non-root containers - [[ ! -f "$https_vhost" ]] && touch "$https_vhost" && chmod g+rw "$https_vhost" - render-template "${template_dir}/${template_name}-https-vhost.conf.tpl" | sed '/^\s*$/d' > "$https_vhost" - elif [[ ! -f "$https_vhost" ]]; then - error "Could not create virtual host for ${app} at '${https_vhost}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi -} - -######################## -# Ensure an Apache application configuration does not exist anymore (in virtual hosts format) -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_apache_app_configuration_not_exists() { - local -r app="${1:?missing app}" - local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" - local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" - local -r disable_suffix=".disabled" - # Note that 'rm -f' will not fail if the files don't exist - # However if we lack permissions to remove the file, it will result in a non-zero exit code, as expected by this function - rm -f "$http_vhost" "$https_vhost" "${http_vhost}${disable_suffix}" "${https_vhost}${disable_suffix}" -} - -######################## -# Ensure Apache loads the configuration for an application in a URL prefix -# Globals: -# APACHE_* -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --additional-configuration - Additional vhost configuration (no default) -# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --document-root - Path to document root directory -# --extra-directory-configuration - Extra configuration for the document root directory -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_apache_prefix_configuration_exists() { - local -r app="${1:?missing app}" - # Default options - local type="" - local allow_remote_connections="yes" - local move_htaccess="yes" - local prefix="/${app}" - # Template variables defaults - export additional_configuration="" - export allow_override="All" - export document_root="${BITNAMI_ROOT_DIR}/${app}" - export extra_directory_configuration="" - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --type \ - | --allow-remote-connections \ - | --move-htaccess \ - | --prefix \ - | --additional-configuration \ - | --allow-override \ - | --document-root \ - | --extra-directory-configuration \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "${var_name}=${1}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # App .htaccess support (only when type is not defined) - export htaccess_include - [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" - if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then - allow_override="None" - htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" - else - # allow_override is already set to the expected value - htaccess_include="" - fi - # ACL configuration - export acl_configuration - if is_boolean_yes "$allow_remote_connections"; then - acl_configuration="Require all granted" - else - acl_configuration="$(cat < "$prefix_file" - ensure_apache_configuration_exists "Include \"$prefix_file\"" - elif [[ ! -f "$prefix_file" ]]; then - error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories." - return 1 - else - warn "The ${app} web server configuration file '${prefix_file}' is not writable. Configurations based on environment variables will not be applied for this file." - fi -} - -######################## -# Ensure Apache application configuration is updated with the runtime configuration (i.e. ports) -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -apache_update_app_configuration() { - local -r app="${1:?missing app}" - # Default options - local -a hosts=("127.0.0.1" "_default_") - local server_name="www.example.com" # Default ServerName in httpd.conf - local -a server_aliases=() - local enable_http="no" - local enable_https="no" - local disable_http="no" - local disable_https="no" - export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" - export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" - export http_port="$default_http_port" - export https_port="$default_https_port" - local var_name - # Validate arguments - local var_name - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --hosts \ - | --server-aliases) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - read -r -a "${var_name?}" <<< "$1" - ;; - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - declare "${var_name}=yes" - ;; - --server-name \ - | --http-port \ - | --https-port \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "${var_name}=${1}" - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" - export http_listen_addresses="" - export https_listen_addresses="" - for host in "${hosts[@]}"; do - http_listen="${host}:${http_port}" - https_listen="${host}:${https_port}" - [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" - [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" - done - # Update configuration - local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" - local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" - local -r disable_suffix=".disabled" - # Helper function to avoid duplicating code - update_common_vhost_config() { - local -r vhost_file="${1:?missing virtual host}" - # Update ServerName - if ! is_empty_value "${server_name:-}"; then - replace_in_file "$vhost_file" "^(\s*ServerName\s+).*" "\1${server_name}" - fi - # Update ServerAlias - if [[ "${#server_aliases[@]}" -gt 0 ]]; then - replace_in_file "$vhost_file" "^(\s*ServerAlias\s+).*" "\1${server_aliases[*]}" - fi - } - # Disable and enable configuration files - rename_conf_file() { - local -r origin="$1" - local -r destination="$2" - if is_file_writable "$origin" && is_file_writable "$destination"; then - warn "Could not rename virtual host file '${origin}' to '${destination}' due to lack of permissions." - else - mv "$origin" "$destination" - fi - } - is_boolean_yes "$disable_http" && [[ -e "$http_vhost" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" - is_boolean_yes "$disable_https" && [[ -e "$https_vhost" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" - is_boolean_yes "$enable_http" && [[ -e "${http_vhost}${disable_suffix}" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" - is_boolean_yes "$enable_https" && [[ -e "${https_vhost}${disable_suffix}" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" - # Update only configuration files without the '.disabled' suffix - if [[ -e "$http_vhost" ]]; then - if is_file_writable "$http_vhost"; then - update_common_vhost_config "$http_vhost" - # Update vhost-specific config (listen port and addresses) - replace_in_file "$http_vhost" "^Listen .*" "Listen ${http_port}" - replace_in_file "$http_vhost" "^$" "" - else - warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - fi - if [[ -e "$https_vhost" ]]; then - if is_file_writable "$https_vhost"; then - update_common_vhost_config "$https_vhost" - # Update vhost-specific config (listen port and addresses) - replace_in_file "$https_vhost" "^Listen .*" "Listen ${https_port}" - replace_in_file "$https_vhost" "^$" "" - else - warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." - fi - fi -} - -######################## -# Create a password file for basic authentication and restrict its permissions -# Globals: -# * -# Arguments: -# $1 - file -# $2 - username -# $3 - password -# Returns: -# true if the configuration was updated, false otherwise -######################## -apache_create_password_file() { - local -r file="${1:?missing file}" - local -r username="${2:?missing username}" - local -r password="${3:?missing password}" - - "${APACHE_BIN_DIR}/htpasswd" -bc "$file" "$username" "$password" - am_i_root && configure_permissions_ownership "$file" --file-mode "600" --user "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" -} diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libmediawiki.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libmediawiki.sh deleted file mode 100644 index 3826a00d8303c..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libmediawiki.sh +++ /dev/null @@ -1,340 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MediaWiki library - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libpersistence.sh -. /opt/bitnami/scripts/libwebserver.sh - -# Load database library -if [[ -f /opt/bitnami/scripts/libmysqlclient.sh ]]; then - . /opt/bitnami/scripts/libmysqlclient.sh -elif [[ -f /opt/bitnami/scripts/libmysql.sh ]]; then - . /opt/bitnami/scripts/libmysql.sh -elif [[ -f /opt/bitnami/scripts/libmariadb.sh ]]; then - . /opt/bitnami/scripts/libmariadb.sh -fi - -######################## -# Validate settings in MEDIAWIKI_* env vars -# Globals: -# MEDIAWIKI_* -# Arguments: -# None -# Returns: -# 0 if the validation succeeded, 1 otherwise -######################### -mediawiki_validate() { - debug "Validating settings in MEDIAWIKI_* environment variables..." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - check_valid_port() { - local port_var="${1:?missing port variable}" - local err - if ! err="$(validate_port "${!port_var}")"; then - print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." - fi - } - - # Validate credentials - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - else - for empty_env_var in "MEDIAWIKI_DATABASE_PASSWORD" "MEDIAWIKI_PASSWORD"; do - is_empty_value "${!empty_env_var}" && print_validation_error "The ${empty_env_var} environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow a blank password. This is only recommended for development environments." - done - fi - - # Validate SMTP credentials - if ! is_empty_value "$MEDIAWIKI_SMTP_HOST"; then - for empty_env_var in "MEDIAWIKI_SMTP_USER" "MEDIAWIKI_SMTP_PASSWORD"; do - is_empty_value "${!empty_env_var}" && warn "The ${empty_env_var} environment variable is empty or not set." - done - check_yes_no_value "MEDIAWIKI_ENABLE_SMTP_AUTH" - is_empty_value "$MEDIAWIKI_SMTP_PORT_NUMBER" && print_validation_error "The MEDIAWIKI_SMTP_PORT_NUMBER environment variable is empty or not set." - ! is_empty_value "$MEDIAWIKI_SMTP_PORT_NUMBER" && check_valid_port "MEDIAWIKI_SMTP_PORT_NUMBER" - fi - - # Check that the web server is properly set up - web_server_validate || print_validation_error "Web server validation failed" - - return "$error_code" -} - -######################## -# Ensure MediaWiki is initialized -# Globals: -# MEDIAWIKI_* -# Arguments: -# None -# Returns: -# None -######################### -mediawiki_initialize() { - # Check if mediawiki has already been initialized and persisted in a previous run - local -r app_name="mediawiki" - local db_host db_port db_name db_user db_pass - local -a update_args=() - if is_boolean_yes "$MEDIAWIKI_SKIP_CONFIG_VALIDATION"; then - update_args+=( "--skip-config-validation" ) - fi - if ! is_app_initialized "$app_name"; then - # Ensure the MediaWiki base directory exists and has proper permissions - info "Configuring file permissions for MediaWiki" - ensure_dir_exists "$MEDIAWIKI_VOLUME_DIR" - # Use daemon:root ownership for compatibility when running as a non-root user - am_i_root && configure_permissions_ownership "$MEDIAWIKI_VOLUME_DIR" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" - - db_host="$MEDIAWIKI_DATABASE_HOST" - db_port="$MEDIAWIKI_DATABASE_PORT_NUMBER" - db_name="$MEDIAWIKI_DATABASE_NAME" - db_user="$MEDIAWIKI_DATABASE_USER" - db_pass="$MEDIAWIKI_DATABASE_PASSWORD" - info "Trying to connect to the database server" - mediawiki_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" - - # Perform initial bootstrap of the database - if ! is_boolean_yes "$MEDIAWIKI_SKIP_BOOTSTRAP"; then - info "Running MediaWiki install script" - debug_execute php "${MEDIAWIKI_BASE_DIR}/maintenance/install.php" "$MEDIAWIKI_WIKI_NAME" "$MEDIAWIKI_USERNAME" \ - --pass "$MEDIAWIKI_PASSWORD" \ - --dbserver "$db_host" \ - --dbport "$db_port" \ - --dbuser "$db_user" \ - --dbpass "$db_pass" \ - --installdbuser "$db_user" \ - --installdbpass "$db_pass" \ - --dbname "$db_name" - # Configure admin e-mail as it is not handled by the installation command - echo "UPDATE user SET user_email='${MEDIAWIKI_EMAIL}' WHERE user_id='1'" | mediawiki_sql_execute - else - info "An already initialized MediaWiki database was provided, configuration will be skipped" - # Perform MediaWiki database schema upgrade - info "Performing database schema upgrade" - debug_execute php "${MEDIAWIKI_BASE_DIR}/maintenance/update.php" "${update_args[@]}" - fi - - # Configure MediaWiki based on environment variables - info "Configuring MediaWiki settings" - mediawiki_configure_short_urls - mediawiki_conf_set "\$wgEnableUploads" "true" yes - which convert >/dev/null && mediawiki_conf_set "\$wgUseImageMagick" "true" yes - mediawiki_configure_host "$MEDIAWIKI_HOST" - mediawiki_conf_set "\$wgEmergencyContact" "$MEDIAWIKI_EMAIL" - mediawiki_conf_set "\$wgPasswordSender" "$MEDIAWIKI_EMAIL" - # this key isn't included in the default LocalSettings - cat >> "$MEDIAWIKI_CONF_FILE" <>"$MEDIAWIKI_CONF_FILE" < '${MEDIAWIKI_SMTP_HOST}', -'IDHost' => '${MEDIAWIKI_SMTP_HOST_ID}', -'port' => ${MEDIAWIKI_SMTP_PORT_NUMBER}, -'username' => '${MEDIAWIKI_SMTP_USER}', -'password' => '${MEDIAWIKI_SMTP_PASSWORD}', -'auth' => $(php_convert_to_boolean "$MEDIAWIKI_ENABLE_SMTP_AUTH") -); -EOF -} - -######################## -# Configure MediaWiki short URLs -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -mediawiki_configure_short_urls() { - info "Setting MediaWiki short URLs" - mediawiki_conf_set "\$wgScriptPath" "$MEDIAWIKI_SCRIPT_PATH" - cat >>"$MEDIAWIKI_CONF_FILE" <> "$MEDIAWIKI_CONF_FILE" <"$wrapper_file" <> "$custom_conf_file" - cat "$old_custom_conf_file" >> "$custom_conf_file" - fi - if am_i_root; then - [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" - rm -rf "$DB_VOLUME_DIR/conf" - else - warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" - fi -} - -######################## -# Ensure a db user exists with the given password for the '%' host -# Globals: -# DB_* -# Flags: -# -p|--password - database password -# -u|--user - database user -# --auth-plugin - authentication plugin -# --use-ldap - authenticate user via LDAP -# --host - database host -# --port - database host -# Arguments: -# $1 - database user -# Returns: -# None -######################### -mysql_ensure_user_exists() { - local -r user="${1:?user is required}" - local password="" - local auth_plugin="" - local use_ldap="no" - local hosts - local auth_string="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -p|--password) - shift - password="${1:?missing database password}" - ;; - --auth-plugin) - shift - auth_plugin="${1:?missing authentication plugin}" - ;; - --use-ldap) - use_ldap="yes" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if is_boolean_yes "$use_ldap"; then - auth_string="identified via pam using '$DB_FLAVOR'" - elif [[ -n "$password" ]]; then - if [[ -n "$auth_plugin" ]]; then - auth_string="identified with $auth_plugin by '$password'" - else - auth_string="identified by '$password'" - fi - fi - debug "creating database user \'$user\'" - - local -a mysql_execute_cmd=("mysql_execute") - local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") - if [[ -n "$db_host" && -n "$db_port" ]]; then - mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") - fi - - local mysql_create_user_cmd - [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ - # Views have a definer user, in this case set to 'root', which needs to exist for the view to work - # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html - # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed - if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then - alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 - return 1 - ;; - esac - shift - done - - local -a mysql_execute_cmd=("mysql_execute") - [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") - - local -a create_database_args=() - [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") - [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") - - debug "Creating database $database" - "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$user") - [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") - [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") - if is_boolean_yes "$use_ldap"; then - flags+=("--use-ldap") - elif [[ -n "$password" ]]; then - flags+=("-p" "$password") - [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") - fi - mysql_ensure_user_exists "${flags[@]}" -} - -######################## -# Optionally create the given database, and then optionally give a user -# full privileges on the database. -# Flags: -# -u|--user - database user -# --character-set - character set -# --collation - collation -# --host - database host -# --port - database port -# Arguments: -# $1 - database name -# Returns: -# None -######################### -mysql_ensure_optional_database_exists() { - local -r database="${1:?database is missing}" - local character_set="" - local collate="" - local user="" - local privileges="" - # For accessing an external database - local db_host="" - local db_port="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - --character-set) - shift - character_set="${1:?missing character set}" - ;; - --collate) - shift - collate="${1:?missing collate}" - ;; - -u|--user) - shift - user="${1:?missing database user}" - ;; - --host) - shift - db_host="${1:?missing database host}" - ;; - --port) - shift - db_port="${1:?missing database port}" - ;; - --privileges) - shift - privileges="${1:?missing privileges}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - local -a flags=("$database") - [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") - [[ -n "$collate" ]] && flags+=("--collate" "$collate") - [[ -n "$db_host" ]] && flags+=("--host" "$db_host") - [[ -n "$db_port" ]] && flags+=("--port" "$db_port") - mysql_ensure_database_exists "${flags[@]}" - - if [[ -n "$user" ]]; then - mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" - fi -} - -######################## -# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") -# Globals: -# DB_* -# Arguments: -# $1 - MySQL variable name -# $2 - Value to assign to the MySQL variable -# $3 - Section in the MySQL configuration file the key is located (default: mysqld) -# $4 - Configuration file (default: "$BD_CONF_FILE") -# Returns: -# None -######################### -mysql_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - read -r -a sections <<<"${3:-mysqld}" - local -r ignore_inline_comments="${4:-no}" - local -r file="${5:-"$DB_CONF_FILE"}" - info "Setting ${key} option" - debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" - # Check if the configuration exists in the file - for section in "${sections[@]}"; do - if is_boolean_yes "$ignore_inline_comments"; then - ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" - else - ini-file set --section "$section" --key "$key" --value "$value" "$file" - fi - done -} - -######################## -# Update MySQL/MariaDB configuration file with user custom inputs -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# None -######################### -mysql_update_custom_config() { - # Persisted configuration files from old versions - ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration - - # User injected custom configuration - if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then - debug "Injecting custom configuration from my_custom.conf" - cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" - fi - - ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" - ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" - ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" - ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" - ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" - ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" - ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" - ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" - ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Find the path to the libjemalloc library file -# Globals: -# None -# Arguments: -# None -# Returns: -# Path to a libjemalloc shared object file -######################### -find_jemalloc_lib() { - local -a locations=( "/usr/lib" "/usr/lib64" ) - local -r pattern='libjemalloc.so.[0-9]' - local path - for dir in "${locations[@]}"; do - # Find the first element matching the pattern and quit - [[ ! -d "$dir" ]] && continue - path="$(find "$dir" -name "$pattern" -print -quit)" - [[ -n "$path" ]] && break - done - echo "${path:-}" -} - -######################## -# Execute a reliable health check against the current mysql instance -# Globals: -# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD -# Arguments: -# None -# Returns: -# mysqladmin output -######################### -mysql_healthcheck() { - local args=("-uroot" "-h0.0.0.0") - local root_password - - root_password="$(get_master_env_var_value ROOT_PASSWORD)" - if [[ -n "$root_password" ]]; then - args+=("-p${root_password}") - fi - - mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status -} - -######################## -# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# mysql client flavor -######################### -mysql_client_flavor() { - if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then - echo "mariadb" - else - echo "mysql" - fi -} - -######################## -# Prints extra options for MySQL client calls (i.e. SSL options) -# Globals: -# DB_* -# Arguments: -# None -# Returns: -# List of options to pass to "mysql" CLI -######################### -mysql_client_extra_opts() { - # Helper to get the proper value for the MySQL client environment variable - mysql_client_env_value() { - local env_name="MYSQL_CLIENT_${1:?missing name}" - if [[ -n "${!env_name:-}" ]]; then - echo "${!env_name:-}" - else - env_name="DB_CLIENT_${1}" - echo "${!env_name:-}" - fi - } - local -a opts=() - local key value - if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then - if [[ "$(mysql_client_flavor)" = "mysql" ]]; then - opts+=("--ssl-mode=REQUIRED") - else - opts+=("--ssl=TRUE") - fi - # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined - for key in ca key cert; do - value="$(mysql_client_env_value "SSL_${key^^}_FILE")" - [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") - done - fi - echo "${opts[@]:-}" -} diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libphp.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libphp.sh deleted file mode 100644 index 838cd2b4289fa..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/libphp.sh +++ /dev/null @@ -1,265 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami PHP library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libwebserver.sh - -######################## -# Add or modify an entry in the main PHP configuration file (php.ini) -# Globals: -# PHP_CONF_FILE -# Arguments: -# $1 - Key -# $2 - Value -# $3 - File to modify (default: $PHP_CONF_FILE) -# Returns: -# None -######################### -php_conf_set() { - local -r key="${1:?key missing}" - local -r value="${2:?value missing}" - local -r file="${3:-"$PHP_CONF_FILE"}" - local pattern="^[; ]*${key}\s*=.*$" - if [[ "$key" = "extension" || "$key" = "zend_extension" ]]; then - # The "extension" property works a bit different for PHP, as there is one per module to be included, meaning it is additive unlike other configurations - # Because of that, we first check if the extension was defined in the file to replace the proper entry - pattern="^[; ]*${key}\s*=\s*[\"]?${value}(\.so)?[\"]?\s*$" - fi - local -r entry="${key} = ${value}" - if is_file_writable "$file"; then - # Not using the ini-file tool since it does not play well with php.ini - if grep -q -E "$pattern" "$file"; then - replace_in_file "$file" "$pattern" "$entry" - else - cat >> "$file" <<< "$entry" - fi - else - warn "The PHP configuration file '${file}' is not writable. The '${key}' option will not be configured." - fi -} - -######################## -# Ensure PHP is initialized -# Globals: -# PHP_* -# Arguments: -# None -# Returns: -# None -######################### -php_initialize() { - # Configure PHP options based on the runtime environment - info "Configuring PHP options" - if ! is_dir_empty "$PHP_DEFAULT_CONF_DIR"; then - # Copy default configuration to php configuration directory - cp -nr "$PHP_DEFAULT_CONF_DIR"/. "$PHP_CONF_DIR" - fi - php_set_runtime_config "$PHP_CONF_FILE" - - - # PHP-FPM configuration - ! is_empty_value "$PHP_FPM_LISTEN_ADDRESS" && info "Setting PHP-FPM listen option" && php_conf_set "listen" "$PHP_FPM_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf" - - # Avoid exit code of previous commands to affect the result of this function - true -} - -######################## -# Set PHP runtime options, based on user-provided environment variables -# Globals: -# PHP_* -# Arguments: -# None -# Returns: -# None -######################### -php_set_runtime_config() { - local -r conf_file="${1:?missing conf file}" - - ! is_empty_value "$PHP_DATE_TIMEZONE" && info "Setting PHP date.timezone option" && php_conf_set date.timezone "$PHP_DATE_TIMEZONE" "$conf_file" - ! is_empty_value "$PHP_ENABLE_OPCACHE" && info "Setting PHP opcache.enable option" && php_conf_set opcache.enable "$PHP_ENABLE_OPCACHE" "$conf_file" - ! is_empty_value "$PHP_EXPOSE_PHP" && info "Setting PHP expose_php option" && php_conf_set expose_php "$PHP_EXPOSE_PHP" "$conf_file" - ! is_empty_value "$PHP_MAX_EXECUTION_TIME" && info "Setting PHP max_execution_time option" && php_conf_set max_execution_time "$PHP_MAX_EXECUTION_TIME" "$conf_file" - ! is_empty_value "$PHP_MAX_INPUT_TIME" && info "Setting PHP max_input_time option" && php_conf_set max_input_time "$PHP_MAX_INPUT_TIME" "$conf_file" - ! is_empty_value "$PHP_MAX_INPUT_VARS" && info "Setting PHP max_input_vars option" && php_conf_set max_input_vars "$PHP_MAX_INPUT_VARS" "$conf_file" - ! is_empty_value "$PHP_MEMORY_LIMIT" && info "Setting PHP memory_limit option" && php_conf_set memory_limit "$PHP_MEMORY_LIMIT" "$conf_file" - ! is_empty_value "$PHP_POST_MAX_SIZE" && info "Setting PHP post_max_size option" && php_conf_set post_max_size "$PHP_POST_MAX_SIZE" "$conf_file" - ! is_empty_value "$PHP_UPLOAD_MAX_FILESIZE" && info "Setting PHP upload_max_filesize option" && php_conf_set upload_max_filesize "$PHP_UPLOAD_MAX_FILESIZE" "$conf_file" - ! is_empty_value "$PHP_OUTPUT_BUFFERING" && info "Setting PHP output_buffering option" && php_conf_set output_buffering "$PHP_OUTPUT_BUFFERING" "$conf_file" - - true -} - -######################## -# Convert a yes/no value to a PHP boolean -# Globals: -# None -# Arguments: -# $1 - yes/no value -# Returns: -# None -######################### -php_convert_to_boolean() { - local -r value="${1:?missing value}" - is_boolean_yes "$value" && echo "true" || echo "false" -} - -######################## -# Execute/run PHP code and print to stdout -# Globals: -# None -# Stdin: -# Code to execute -# Arguments: -# $1..$n - Input arguments to script -# Returns: -# None -######################### -php_execute_print_output() { - local php_cmd - # Obtain the command specified via stdin - php_cmd="$(/dev/null 2>&1 & - if ! retry_while "is_php_fpm_running"; then - error "php-fpm did not start" - error_code=1 - else - info "php-fpm started" - fi -else - info "php-fpm is already running" -fi - -exit "$error_code" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/php/status.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/php/status.sh deleted file mode 100755 index 2ca4fb384d050..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/php/status.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -if is_php_fpm_running; then - info "php-fpm is already running" -else - info "php-fpm is not running" -fi diff --git a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh b/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh deleted file mode 100755 index 74274a4b4ee30..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libphp.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh - -# Load PHP-FPM environment variables -. /opt/bitnami/scripts/php-env.sh - -error_code=0 - -if is_php_fpm_running; then - BITNAMI_QUIET=1 php_fpm_stop - if ! retry_while "is_php_fpm_not_running"; then - error "php-fpm could not be stopped" - error_code=1 - else - info "php-fpm stopped" - fi -else - info "php-fpm is not running" -fi - -exit "$error_code" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/post-init.d/php.sh b/bitnami/mediawiki/1/debian-12/rootfs/post-init.d/php.sh deleted file mode 100755 index 6be2585cbc533..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/post-init.d/php.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Executes custom PHP init scripts - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries with logging functions -if [[ -f /opt/bitnami/base/functions ]]; then - . /opt/bitnami/base/functions -else - . /opt/bitnami/scripts/liblog.sh -fi - -# Loop through all input files passed via stdin -read -r -a custom_init_scripts <<< "$@" -failure=0 -if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then - for custom_init_script in "${custom_init_scripts[@]}"; do - [[ "$custom_init_script" != *".php" ]] && continue - info "Executing ${custom_init_script} with PHP interpreter" - php "$custom_init_script" || failure=1 - [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" - done -fi - -exit "$failure" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/post-init.d/sql-mysql.sh b/bitnami/mediawiki/1/debian-12/rootfs/post-init.d/sql-mysql.sh deleted file mode 100755 index dc95fc879a0b9..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/post-init.d/sql-mysql.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Executes custom MySQL (.sql or .sql.gz) init scripts - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries with logging functions -if [[ -f /opt/bitnami/base/functions ]]; then - . /opt/bitnami/base/functions -else - . /opt/bitnami/scripts/liblog.sh -fi - -mysql_execute() { - local -r sql_file="${1:?missing file}" - local failure=0 - mysql_cmd=("mysql" "-h" "$MARIADB_HOST" "-P" "$MARIADB_PORT_NUMBER" "-u" "$MARIADB_ROOT_USER") - if [[ "${ALLOW_EMPTY_PASSWORD:-no}" != "yes" ]]; then - mysql_cmd+=("-p${MARIADB_ROOT_PASSWORD}") - fi - if [[ "$sql_file" == *".sql" ]]; then - "${mysql_cmd[@]}" < "$sql_file" || failure=$? - elif [[ "$sql_file" == *".sql.gz" ]]; then - gunzip -c "$sql_file" | "${mysql_cmd[@]}" || failure=$? - fi - return "$failure" -} - -# Loop through all input files passed via stdin -read -r -a custom_init_scripts <<< "$@" -failure=0 -if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then - for custom_init_script in "${custom_init_scripts[@]}"; do - [[ ! "$custom_init_script" =~ ^.*(\.sql|\.sql\.gz)$ ]] && continue - info "Executing ${custom_init_script}" - mysql_execute "$custom_init_script" || failure=1 - [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" - done -fi - -exit "$failure" diff --git a/bitnami/mediawiki/1/debian-12/rootfs/post-init.sh b/bitnami/mediawiki/1/debian-12/rootfs/post-init.sh deleted file mode 100755 index dc27ca3e92dfc..0000000000000 --- a/bitnami/mediawiki/1/debian-12/rootfs/post-init.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Only execute init scripts once -if [[ ! -f "/bitnami/mediawiki/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then - read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)" - if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/mediawiki/.user_scripts_initialized" ]]; then - mkdir -p "/bitnami/mediawiki" - for init_script in "${init_scripts[@]}"; do - for init_script_type_handler in /post-init.d/*.sh; do - "$init_script_type_handler" "$init_script" - done - done - fi - - touch "/bitnami/mediawiki/.user_scripts_initialized" -fi diff --git a/bitnami/mediawiki/1/debian-12/tags-info.yaml b/bitnami/mediawiki/1/debian-12/tags-info.yaml deleted file mode 100644 index 8dc7d31fbeb9c..0000000000000 --- a/bitnami/mediawiki/1/debian-12/tags-info.yaml +++ /dev/null @@ -1,5 +0,0 @@ -rolling-tags: -- "1" -- 1-debian-12 -- 1.41.1 -- latest diff --git a/bitnami/mediawiki/README.md b/bitnami/mediawiki/README.md deleted file mode 100644 index 6ca4916f8f26e..0000000000000 --- a/bitnami/mediawiki/README.md +++ /dev/null @@ -1,606 +0,0 @@ -# Bitnami package for MediaWiki - -## What is MediaWiki? - -> MediaWiki is the free and open source wiki software that powers Wikipedia. Used by thousands of organizations, it is extremely powerful, scalable software and a feature-rich wiki implementation. - -[Overview of MediaWiki](http://www.mediawiki.org/wiki/MediaWiki) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -docker run --name mediawiki bitnami/mediawiki:latest -``` - -**Warning**: This quick setup is only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Environment Variables](#environment-variables) section for a more secure d -eployment. - -## Why use Bitnami Images? - -* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. -* With Bitnami images the latest bug fixes and features are available as soon as possible. -* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. -* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. -* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. -* Bitnami container images are released on a regular basis with the latest distribution packages available. - -Looking to use MediaWiki in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - -## How to deploy MediaWiki in Kubernetes? - -Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami MediaWiki Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/mediawiki). - -Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Why use a non-root container? - -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). - -## Supported tags and respective `Dockerfile` links - -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). - -You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. - -Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). - -## Get this image - -The recommended way to get the Bitnami MediaWiki Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/mediawiki). - -```console -docker pull bitnami/mediawiki:latest -``` - -To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/mediawiki/tags/) in the Docker Hub Registry. - -```console -docker pull bitnami/mediawiki:[TAG] -``` - -If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. - -```console -git clone https://github.com/bitnami/containers.git -cd bitnami/APP/VERSION/OPERATING-SYSTEM -docker build -t bitnami/APP:latest . -``` - -## How to use this image - -MediaWiki requires access to a MySQL or MariaDB database to store information. We'll use the [Bitnami Docker Image for MariaDB](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) for the database requirements. - -### Using the Docker Command Line - -#### Step 1: Create a network - -```console -docker network create mediawiki-network -``` - -#### Step 2: Create a volume for MariaDB persistence and create a MariaDB container - -```console -$ docker volume create --name mariadb_data -docker run -d --name mariadb \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MARIADB_USER=bn_mediawiki \ - --env MARIADB_PASSWORD=bitnami \ - --env MARIADB_DATABASE=bitnami_mediawiki \ - --network mediawiki-network \ - --volume mariadb_data:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -#### Step 3: Create volumes for MediaWiki persistence and launch the container - -```console -$ docker volume create --name mediawiki_data -docker run -d --name mediawiki \ - -p 8080:8080 -p 8443:8443 \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MEDIAWIKI_DATABASE_USER=bn_mediawiki \ - --env MEDIAWIKI_DATABASE_PASSWORD=bitnami \ - --env MEDIAWIKI_DATABASE_NAME=bitnami_mediawiki \ - --network mediawiki-network \ - --volume mediawiki_data:/bitnami/mediawiki \ - bitnami/mediawiki:latest -``` - -Access your application at `http://your-ip/` - -### Run the application using Docker Compose - -```console -curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/mediawiki/docker-compose.yml > docker-compose.yml -docker-compose up -d -``` - -Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/mediawiki). - -If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). - -## Persisting your application - -If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed. - -For persistence you should mount a directory at the `/bitnami/mediawiki` path. If the mounted directory is empty, it will be initialized on the first run. Additionally you should [mount a volume for persistence of the MariaDB data](https://github.com/bitnami/containers/blob/main/bitnami/mariadb#persisting-your-database). - -The above examples define the Docker volumes named mariadb_data and mediawiki_data. The MediaWiki application state will persist as long as volumes are not removed. - -To avoid inadvertent removal of volumes, you can mount host directories as data volumes. Alternatively you can make use of volume plugins to host the volume data. - -### Mount host directories as data volumes with Docker Compose - -This requires a minor change to the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/mediawiki/docker-compose.yml) file present in this repository: - -```diff - mariadb: - ... - volumes: -- - 'mariadb_data:/bitnami/mariadb' -+ - /path/to/mariadb-persistence:/bitnami/mariadb - ... - mediawiki: - ... - volumes: -- - 'mediawiki_data:/bitnami/mediawiki' -+ - /path/to/mediawiki-persistence:/bitnami/mediawiki - ... --volumes: -- mariadb_data: -- driver: local -- mediawiki_data: -- driver: local -``` - -> NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID `1001`. - -### Mount host directories as data volumes using the Docker command line - -#### Step 1: Create a network (if it does not exist) - -```console -docker network create mediawiki-network -``` - -#### Step 2. Create a MariaDB container with host volume - -```console -docker run -d --name mariadb \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MARIADB_USER=bn_mediawiki \ - --env MARIADB_PASSWORD=bitnami \ - --env MARIADB_DATABASE=bitnami_mediawiki \ - --network mediawiki-network \ - --volume /path/to/mariadb-persistence:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -#### Step 3. Create the MediaWiki container with host volumes - -```console -docker run -d --name mediawiki \ - -p 8080:8080 -p 8443:8443 \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MEDIAWIKI_DATABASE_USER=bn_mediawiki \ - --env MEDIAWIKI_DATABASE_PASSWORD=bitnami \ - --env MEDIAWIKI_DATABASE_NAME=bitnami_mediawiki \ - --network mediawiki-network \ - --volume /path/to/mediawiki-persistence:/bitnami/mediawiki \ - bitnami/mediawiki:latest -``` - -## Configuration - -### Environment variables - -#### Customizable environment variables - -| Name | Description | Default Value | -|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------| -| `MEDIAWIKI_DATA_TO_PERSIST` | Files to persist relative to the MediaWiki installation directory. To provide multiple values, separate them with a whitespace. | `images extensions skins LocalSettings.php` | -| `MEDIAWIKI_SKIP_BOOTSTRAP` | Whether to perform initial bootstrapping for the application. | `nil` | -| `MEDIAWIKI_WIKI_NAME` | MediaWiki wiki name. | `Bitnami MediaWiki` | -| `MEDIAWIKI_WIKI_PREFIX` | Base path to use for MediaWiki wiki URLs. | `/wiki` | -| `MEDIAWIKI_SCRIPT_PATH` | Base path to use for MediaWiki script URLs. | `/` | -| `MEDIAWIKI_HOST` | MediaWiki application host. | `localhost` | -| `MEDIAWIKI_ENABLE_HTTPS` | Whether to use HTTPS by default. | `no` | -| `MEDIAWIKI_EXTERNAL_HTTP_PORT_NUMBER` | Port to used by MediaWiki to generate URLs and links when accessing using HTTP. | `80` | -| `MEDIAWIKI_EXTERNAL_HTTPS_PORT_NUMBER` | Port to used by MediaWiki to generate URLs and links when accessing using HTTPS. | `443` | -| `MEDIAWIKI_USERNAME` | MediaWiki user name. | `user` | -| `MEDIAWIKI_PASSWORD` | MediaWiki user password. | `bitnami123` | -| `MEDIAWIKI_EMAIL` | MediaWiki user e-mail address. | `user@example.com` | -| `MEDIAWIKI_SMTP_HOST` | MediaWiki SMTP server host. | `nil` | -| `MEDIAWIKI_SMTP_HOST_ID` | MediaWiki SMTP server host ID. It is a MediaWiki-specific setting used to build the Message-ID email header. If not provided, it will default to the value of MEDIAWIKI_SMTP_HOST. | `$MEDIAWIKI_SMTP_HOST` | -| `MEDIAWIKI_SMTP_PORT_NUMBER` | MediaWiki SMTP server port number. | `nil` | -| `MEDIAWIKI_SMTP_USER` | MediaWiki SMTP server user (if being used). | `nil` | -| `MEDIAWIKI_SMTP_PASSWORD` | MediaWiki SMTP server user password (if being used). | `nil` | -| `MEDIAWIKI_ENABLE_SMTP_AUTH` | Whether to use authentication for SMTP server. Valid values: `yes`, `no`. | `yes` | -| `MEDIAWIKI_DATABASE_HOST` | Database server host. | `mariadb` | -| `MEDIAWIKI_DATABASE_PORT_NUMBER` | Database server port. | `3306` | -| `MEDIAWIKI_DATABASE_NAME` | Database name. | `bitnami_mediawiki` | -| `MEDIAWIKI_DATABASE_USER` | Database user name. | `bn_mediawiki` | -| `MEDIAWIKI_DATABASE_PASSWORD` | Database user password. | `nil` | -| `MEDIAWIKI_SKIP_CONFIG_VALIDATION` | Skip config validation during startup. Allows the use of deprecated values in MediaWiki configuration file. | `no` | - -#### Read-only environment variables - -| Name | Description | Value | -|----------------------------|------------------------------------------------------|-------------------------------------------| -| `MEDIAWIKI_BASE_DIR` | MediaWiki installation directory. | `${BITNAMI_ROOT_DIR}/mediawiki` | -| `MEDIAWIKI_CONF_FILE` | Configuration file for MediaWiki. | `${MEDIAWIKI_BASE_DIR}/LocalSettings.php` | -| `MEDIAWIKI_VOLUME_DIR` | MediaWiki directory for mounted configuration files. | `${BITNAMI_VOLUME_DIR}/mediawiki` | -| `PHP_DEFAULT_MEMORY_LIMIT` | Default PHP memory limit. | `256M` | - -When you start the MediaWiki image, you can adjust the configuration of the instance by passing one or more environment variables either on the docker-compose file or on the `docker run` command line. If you want to add a new environment variable: - -* For docker-compose add the variable name and value under the application section in the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/mediawiki/docker-compose.yml) file present in this repository: - -```yaml -mediawiki: - ... - environment: - - MEDIAWIKI_PASSWORD=my_password - ... -``` - -* For manual execution add a `--env` option with each variable and value: - - ```console - docker run -d --name mediawiki -p 80:8080 -p 443:8443 \ - --env MEDIAWIKI_PASSWORD=my_password \ - --network mediawiki-tier \ - --volume /path/to/mediawiki-persistence:/bitnami/mediawiki \ - bitnami/mediawiki:latest - ``` - -#### Example - -This would be an example of SMTP configuration using a GMail account: - -* Modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/mediawiki/docker-compose.yml) file present in this repository: - -```yaml - mediawiki: - ... - environment: - - MEDIAWIKI_DATABASE_USER=bn_mediawiki - - MEDIAWIKI_DATABASE_NAME=bitnami_mediawiki - - ALLOW_EMPTY_PASSWORD=yes - - MEDIAWIKI_SMTP_HOST=smtp.gmail.com - - MEDIAWIKI_SMTP_HOST_ID=mydomain.com - - MEDIAWIKI_SMTP_PORT=587 - - MEDIAWIKI_SMTP_USER=your_email@gmail.com - - MEDIAWIKI_SMTP_PASSWORD=your_password - ... -``` - -* For manual execution: - - ```console - docker run -d --name mediawiki -p 80:8080 -p 443:8443 \ - --env MEDIAWIKI_DATABASE_USER=bn_mediawiki \ - --env MEDIAWIKI_DATABASE_NAME=bitnami_mediawiki \ - --env MEDIAWIKI_SMTP_HOST=smtp.gmail.com \ - --env MEDIAWIKI_SMTP_HOST_ID=mydomain.com \ - --env MEDIAWIKI_SMTP_PORT=587 \ - --env MEDIAWIKI_SMTP_USER=your_email@gmail.com \ - --env MEDIAWIKI_SMTP_PASSWORD=your_password \ - --network mediawiki-tier \ - --volume /path/to/mediawiki-persistence:/bitnami/mediawiki \ - bitnami/mediawiki:latest - ``` - -## How to install imagemagick in the Bitnami MediaWiki Docker image - -If you require better quality thumbnails for your uploaded images, you may want to install imagemagick instead of using GD. To do so you can build your own docker image adding the `imagemagick` system package. Since we are using a non-root container, we have to swap the user to root to install imagemagick and it's requirements. - -1. Create the following Dockerfile - - ```Dockerfile - FROM bitnami/mediawiki:latest - USER root - RUN install_packages imagemagick - USER 1001 - ``` - -2. Build the docker image - - ```console - docker build -t bitnami/mediawiki:imagemagick . - ``` - -3. Edit the *docker-compose.yml* to use the docker image built in the previous step. - -4. Finally exec into your MediaWiki container and edit the file */opt/bitnami/mediawiki/LocalSettings.php* as described [here](https://www.mediawiki.org/wiki/Manual:Installing_third-party_tools#Image_thumbnailing) in order to start using imagemagick. - -## How to migrate from a Bitnami MediaWiki Stack - -You can follow these steps in order to migrate it to this container: - -1. Export the data from your SOURCE installation: (assuming an installation in `/opt/bitnami` directory) - - ```console - mysqldump -u root -p bitnami_mediawiki > ~/backup-mediawiki-database.sql - gzip -c ~/backup-mediawiki-database.sql > ~/backup-mediawiki-database.sql.gz - cd /opt/bitnami/apps/mediawiki/htdocs/ - tar cfz ~/backup-mediawiki-extensions.tar.gz extensions - tar cfz ~/backup-mediawiki-images.tar.gz images - tar cfz ~/backup-mediawiki-skins.tar.gz skins - ``` - -2. Copy the backup files to your TARGET installation: - - ```console - scp ~/backup-mediawiki-* YOUR_USERNAME@TARGET_HOST:~ - ``` - -3. Create the MediaWiki Container as described in the section [How to use this Image (Using Docker Compose)](https://github.com/bitnami/containers/blob/main/bitnami/mediawiki#using-docker-compose) - -4. Wait for the initial setup to finish. You can follow it with - - ```console - docker-compose logs -f mediawiki - ``` - - and press `Ctrl-C` when you see this: - - ```console - nami INFO mediawiki successfully initialized - Starting mediawiki ... - ``` - -5. Stop Apache: - - ```console - docker-compose exec mediawiki nami stop apache - ``` - -6. Obtain the password used by MediaWiki to access the database in order avoid reconfiguring it: - - ```console - docker-compose exec mediawiki bash -c 'cat /opt/bitnami/mediawiki/LocalSettings.php | grep wgDBpassword' - ``` - -7. Restore the database backup: (replace ROOT_PASSWORD below with your MariaDB root password) - - ```console - cd ~ - docker-compose exec mariadb mysql -u root -pROOT_PASSWORD - MariaDB [(none)]> drop database bitnami_mediawiki; - MariaDB [(none)]> create database bitnami_mediawiki; - MariaDB [(none)]> grant all privileges on bitnami_mediawiki.* to 'bn_mediawiki'@'%' identified by 'PASSWORD_OBTAINED_IN_STEP_6'; - MariaDB [(none)]> exit - gunzip -c ./backup-mediawiki-database.sql.gz | docker exec -i $(docker-compose ps -q mariadb) mysql -u root bitnami_mediawiki -pROOT_PASSWORD - ``` - -8. Restore extensions/images/skins directories from backup: - - ```console - cat ./backup-mediawiki-extensions.tar.gz | docker exec -i $(docker-compose ps -q mediawiki) bash -c 'cd /bitnami/mediawiki/ ; tar -xzvf -' - cat ./backup-mediawiki-images.tar.gz | docker exec -i $(docker-compose ps -q mediawiki) bash -c 'cd /bitnami/mediawiki/ ; tar -xzvf -' - cat ./backup-mediawiki-skins.tar.gz | docker exec -i $(docker-compose ps -q mediawiki) bash -c 'cd /bitnami/mediawiki/ ; tar -xzvf -' - ``` - -9. Fix MediaWiki directory permissions: - - ```console - docker-compose exec mediawiki chown -R daemon:daemon /bitnami/mediawiki - ``` - -10. Restart Apache: - - ```console - docker-compose exec mediawiki nami start apache - ``` - -## Logging - -The Bitnami MediaWiki Docker image sends the container logs to `stdout`. To view the logs: - -```console -docker logs mediawiki -``` - -Or using Docker Compose: - -```console -docker-compose logs mediawiki -``` - -You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver. - -## Maintenance - -### Backing up your container - -To backup your data, configuration and logs, follow these simple steps: - -#### Step 1: Stop the currently running container - -```console -docker stop mediawiki -``` - -Or using Docker Compose: - -```console -docker-compose stop mediawiki -``` - -#### Step 2: Run the backup command - -We need to mount two volumes in a container we will use to create the backup: a directory on your host to store the backup in, and the volumes from the container we just stopped so we can access the data. - -```console -docker run --rm -v /path/to/mediawiki-backups:/backups --volumes-from mediawiki busybox \ - cp -a /bitnami/mediawiki /backups/latest -``` - -### Restoring a backup - -Restoring a backup is as simple as mounting the backup as volumes in the containers. - -For the MariaDB database container: - -```diff - $ docker run -d --name mariadb \ - ... -- --volume /path/to/mariadb-persistence:/bitnami/mariadb \ -+ --volume /path/to/mariadb-backups/latest:/bitnami/mariadb \ - bitnami/mariadb:latest -``` - -For the MediaWiki container: - -```diff - $ docker run -d --name mediawiki \ - ... -- --volume /path/to/mediawiki-persistence:/bitnami/mediawiki \ -+ --volume /path/to/mediawiki-backups/latest:/bitnami/mediawiki \ - bitnami/mediawiki:latest -``` - -### Upgrade this image - -Bitnami provides up-to-date versions of MariaDB and MediaWiki, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container. We will cover here the upgrade of the MediaWiki container. For the MariaDB upgrade see: - -#### Step 1: Get the updated image - -```console -docker pull bitnami/mediawiki:latest -``` - -#### Step 2: Stop the running container - -Stop the currently running container using the following command: - -```console -docker-compose stop mediawiki -``` - -#### Step 3: Take a snapshot of the application state - -Follow the steps in [Backing up your container](#backing-up-your-container) to take a snapshot of the current application state. - -#### Step 4: Remove the currently running container - -Remove the currently running container by executing the following command: - -```consolee -docker-compose rm -v mediawiki -``` - -#### Step 5: Run the new image - -Update the image tag in `docker-compose.yml` and re-create your container with the new image: - -```console -docker-compose up -d -``` - -## Customize this image - -The Bitnami MediaWiki Docker image is designed to be extended so it can be used as the base image for your custom web applications. - -### Extend this image - -Before extending this image, please note there are certain configuration settings you can modify using the original image: - -* Settings that can be adapted using environment variables. For instance, you can change the ports used by Apache for HTTP and HTTPS, by setting the environment variables `APACHE_HTTP_PORT_NUMBER` and `APACHE_HTTPS_PORT_NUMBER` respectively. -* [Adding custom virtual hosts](https://github.com/bitnami/containers/blob/main/bitnami/apache#adding-custom-virtual-hosts). -* [Replacing the 'httpd.conf' file](https://github.com/bitnami/containers/blob/main/bitnami/apache#full-configuration). -* [Using custom SSL certificates](https://github.com/bitnami/containers/blob/main/bitnami/apache#using-custom-ssl-certificates). - -If your desired customizations cannot be covered using the methods mentioned above, extend the image. To do so, create your own image using a Dockerfile with the format below: - -```Dockerfile -FROM bitnami/mediawiki -## Put your customizations below -... -``` - -Here is an example of extending the image with the following modifications: - -* Install the `vim` editor -* Modify the Apache configuration file -* Modify the ports used by Apache - -```Dockerfile -FROM bitnami/mediawiki - -## Change user to perform privileged actions -USER 0 -## Install 'vim' -RUN install_packages vim -## Revert to the original non-root user -USER 1001 - -## Enable mod_ratelimit module -RUN sed -i -r 's/#LoadModule ratelimit_module/LoadModule ratelimit_module/' /opt/bitnami/apache/conf/httpd.conf - -## Modify the ports used by Apache by default -# It is also possible to change these environment variables at runtime -ENV APACHE_HTTP_PORT_NUMBER=8181 -ENV APACHE_HTTPS_PORT_NUMBER=8143 -EXPOSE 8181 8143 -``` - -Based on the extended image, you can update the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/mediawiki/docker-compose.yml) file present in this repository to add other features: - -```diff - mediawiki: -- image: bitnami/mediawiki:latest -+ build: . - ports: -- - '80:8080' -- - '443:8443' -+ - '80:8181' -+ - '443:8143' - environment: -+ - PHP_MEMORY_LIMIT=512m - ... -``` - -## Notable Changes - -## 1.34.2-debian-10-r5 - -* The size of the container image has been decreased. -* The configuration logic is now based on Bash scripts in the *rootfs/* folder. -* The MediaWiki container image has been migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by changing `USER 1001` to `USER root` in the Dockerfile, or `user: root` in `docker-compose.yml`. Consequences: - * The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. - * Backwards compatibility is not guaranteed when data is persisted using docker or docker-compose. We highly recommend migrating the MediaWiki site by exporting its content, and importing it on a new MediaWiki container. Follow the steps in [Backing up your container](#backing-up-your-container) and [Restoring a backup](#restoring-a-backup) to migrate the data between the old and new container. - -## 1.32.1-debian-9-r20 and 1.32.1-ol-7-r33 - -* This image has been adapted so it's easier to customize. See the [Customize this image](#customize-this-image) section for more information. -* The Apache configuration volume (`/bitnami/apache`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the Apache configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom Apache configuration files are advised to mount a volume for the configuration at `/opt/bitnami/apache/conf`, or mount specific configuration files individually. -* The PHP configuration volume (`/bitnami/php`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the PHP configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom PHP configuration files are advised to mount a volume for the configuration at `/opt/bitnami/php/conf`, or mount specific configuration files individually. -* Enabling custom Apache certificates by placing them at `/opt/bitnami/apache/certs` has been deprecated, and support for this functionality will be dropped in the near future. Users wanting to enable custom certificates are advised to mount their certificate files on top of the preconfigured ones at `/certs`. - -## Contributing - -We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. - -## Issues - -If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. - -## License - -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/bitnami/mediawiki/docker-compose.yml b/bitnami/mediawiki/docker-compose.yml deleted file mode 100644 index 66b2310dd903b..0000000000000 --- a/bitnami/mediawiki/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' -services: - mariadb: - image: docker.io/bitnami/mariadb:11.3 - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_mediawiki - - MARIADB_DATABASE=bitnami_mediawiki - volumes: - - 'mariadb_data:/bitnami/mariadb' - mediawiki: - image: docker.io/bitnami/mediawiki:1 - ports: - - '80:8080' - - '443:8443' - environment: - - MEDIAWIKI_DATABASE_HOST=mariadb - - MEDIAWIKI_DATABASE_PORT_NUMBER=3306 - - MEDIAWIKI_DATABASE_USER=bn_mediawiki - - MEDIAWIKI_DATABASE_NAME=bitnami_mediawiki - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - volumes: - - 'mediawiki_data:/bitnami/mediawiki' - depends_on: - - mariadb -volumes: - mariadb_data: - driver: local - mediawiki_data: - driver: local diff --git a/bitnami/memcached-exporter/0/debian-12/Dockerfile b/bitnami/memcached-exporter/0/debian-12/Dockerfile index 459fd50b155d3..f87d132996394 100644 --- a/bitnami/memcached-exporter/0/debian-12/Dockerfile +++ b/bitnami/memcached-exporter/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:46:51Z" \ + org.opencontainers.image.created="2025-01-03T01:25:39Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/memcached-exporter/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.14.3-debian-12-r7" \ + org.opencontainers.image.ref.name="0.15.0-debian-12-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/memcached-exporter" \ org.opencontainers.image.title="memcached-exporter" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.14.3" + org.opencontainers.image.version="0.15.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "memcached-exporter-0.14.3-3-linux-${OS_ARCH}-debian-12" \ + "memcached-exporter-0.15.0-2-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="0.14.3" \ +ENV APP_VERSION="0.15.0" \ BITNAMI_APP_NAME="memcached-exporter" \ PATH="/opt/bitnami/memcached-exporter/bin:$PATH" diff --git a/bitnami/memcached-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/memcached-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 0290ea087e0ab..223ddfe920640 100644 --- a/bitnami/memcached-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/memcached-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.14.3-3" + "version": "0.15.0-2" } } \ No newline at end of file diff --git a/bitnami/memcached-exporter/0/debian-12/tags-info.yaml b/bitnami/memcached-exporter/0/debian-12/tags-info.yaml index f848411e56134..1b74605f35c62 100644 --- a/bitnami/memcached-exporter/0/debian-12/tags-info.yaml +++ b/bitnami/memcached-exporter/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.14.3 +- 0.15.0 - latest diff --git a/bitnami/memcached-exporter/README.md b/bitnami/memcached-exporter/README.md index 636702daa3b47..32b03f43e8325 100644 --- a/bitnami/memcached-exporter/README.md +++ b/bitnami/memcached-exporter/README.md @@ -22,15 +22,21 @@ docker run --name memcached-exporter bitnami/memcached-exporter:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Memcached Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Memcached Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -154,7 +160,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/memcached/1/debian-12/Dockerfile b/bitnami/memcached/1/debian-12/Dockerfile index c3fe25222cd21..d675d08881448 100644 --- a/bitnami/memcached/1/debian-12/Dockerfile +++ b/bitnami/memcached/1/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T17:03:41Z" \ + org.opencontainers.image.created="2024-12-23T03:04:01Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/memcached/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.6.28-debian-12-r0" \ + org.opencontainers.image.ref.name="1.6.34-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/memcached" \ org.opencontainers.image.title="memcached" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="1.6.28" + org.opencontainers.image.version="1.6.34" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libevent-2.1-7 libsasl2-2 libsasl2-modules libssl3 netcat-openbsd procps sasl2-bin RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "memcached-1.6.28-0-linux-${OS_ARCH}-debian-12" \ + "memcached-1.6.34-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN ln -s /opt/bitnami/scripts/memcached/run.sh /run.sh COPY rootfs / RUN /opt/bitnami/scripts/memcached/postunpack.sh -ENV APP_VERSION="1.6.28" \ +ENV APP_VERSION="1.6.34" \ BITNAMI_APP_NAME="memcached" \ PATH="/opt/bitnami/memcached/bin:$PATH" diff --git a/bitnami/memcached/1/debian-12/docker-compose.yml b/bitnami/memcached/1/debian-12/docker-compose.yml index 609e3c17eb559..014b11dba608c 100644 --- a/bitnami/memcached/1/debian-12/docker-compose.yml +++ b/bitnami/memcached/1/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: memcached: image: docker.io/bitnami/memcached:1 diff --git a/bitnami/memcached/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/memcached/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index d877de5c05bfd..202ad85068f0f 100644 --- a/bitnami/memcached/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/memcached/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.6.28-0" + "version": "1.6.34-0" } } \ No newline at end of file diff --git a/bitnami/memcached/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/memcached/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/memcached/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/memcached/1/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/memcached/1/debian-12/tags-info.yaml b/bitnami/memcached/1/debian-12/tags-info.yaml index 0712a17b05940..3da1fe3a6f0db 100644 --- a/bitnami/memcached/1/debian-12/tags-info.yaml +++ b/bitnami/memcached/1/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "1" - 1-debian-12 -- 1.6.28 +- 1.6.34 - latest diff --git a/bitnami/memcached/README.md b/bitnami/memcached/README.md index 42209bf13555a..5d39ce687d2d8 100644 --- a/bitnami/memcached/README.md +++ b/bitnami/memcached/README.md @@ -22,7 +22,7 @@ docker run --name memcached bitnami/memcached:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Memcached in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Memcached in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Memcached in Kubernetes? @@ -32,11 +32,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/memcached/docker-compose.yml b/bitnami/memcached/docker-compose.yml index 609e3c17eb559..014b11dba608c 100644 --- a/bitnami/memcached/docker-compose.yml +++ b/bitnami/memcached/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: memcached: image: docker.io/bitnami/memcached:1 diff --git a/bitnami/metallb-controller/0/debian-12/Dockerfile b/bitnami/metallb-controller/0/debian-12/Dockerfile index 7de748c602a62..72556413db5e6 100644 --- a/bitnami/metallb-controller/0/debian-12/Dockerfile +++ b/bitnami/metallb-controller/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:48:13Z" \ + org.opencontainers.image.created="2024-12-17T15:43:43Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/metallb-controller/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.14.5-debian-12-r5" \ + org.opencontainers.image.ref.name="0.14.9-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/metallb-controller" \ org.opencontainers.image.title="metallb-controller" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.14.5" + org.opencontainers.image.version="0.14.9" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "metallb-0.14.5-2-linux-${OS_ARCH}-debian-12" \ + "metallb-0.14.9-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -45,7 +46,7 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -ENV APP_VERSION="0.14.5" \ +ENV APP_VERSION="0.14.9" \ BITNAMI_APP_NAME="metallb-controller" \ PATH="/opt/bitnami/metallb/bin:$PATH" diff --git a/bitnami/metallb-controller/0/debian-12/docker-compose.yml b/bitnami/metallb-controller/0/debian-12/docker-compose.yml index 934ecd2a59667..0c859f689afd9 100644 --- a/bitnami/metallb-controller/0/debian-12/docker-compose.yml +++ b/bitnami/metallb-controller/0/debian-12/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: metallb: - image: docker.io/bitnami/metallb-controller:0 + image: docker.io/bitnami/metallb:0 diff --git a/bitnami/metallb-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/metallb-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index ad26ceb48f115..8e479d22c537d 100644 --- a/bitnami/metallb-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/metallb-controller/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.14.5-2" + "version": "0.14.9-0" } } \ No newline at end of file diff --git a/bitnami/metallb-controller/0/debian-12/tags-info.yaml b/bitnami/metallb-controller/0/debian-12/tags-info.yaml index c88e520291bb9..f1b2877562d8b 100644 --- a/bitnami/metallb-controller/0/debian-12/tags-info.yaml +++ b/bitnami/metallb-controller/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.14.5 +- 0.14.9 - latest diff --git a/bitnami/metallb-controller/README.md b/bitnami/metallb-controller/README.md index 22f7a247dcb1d..26d5336e999a4 100644 --- a/bitnami/metallb-controller/README.md +++ b/bitnami/metallb-controller/README.md @@ -22,11 +22,17 @@ docker run --name metallb-controller bitnami/metallb-controller:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use MetalLB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use MetalLB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/metallb-controller/docker-compose-testing.yml b/bitnami/metallb-controller/docker-compose-testing.yml new file mode 100644 index 0000000000000..330cbf020fa1f --- /dev/null +++ b/bitnami/metallb-controller/docker-compose-testing.yml @@ -0,0 +1,8 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + metallb: + image: docker.io/bitnami/metallb:0 + # Overriding entrypoint so the container does not exit and we can run some basic tests + entrypoint: tail -f /dev/null diff --git a/bitnami/metallb-controller/docker-compose.yml b/bitnami/metallb-controller/docker-compose.yml index 934ecd2a59667..0c859f689afd9 100644 --- a/bitnami/metallb-controller/docker-compose.yml +++ b/bitnami/metallb-controller/docker-compose.yml @@ -1,7 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' services: metallb: - image: docker.io/bitnami/metallb-controller:0 + image: docker.io/bitnami/metallb:0 diff --git a/bitnami/metallb-speaker/0/debian-12/Dockerfile b/bitnami/metallb-speaker/0/debian-12/Dockerfile index 654e7e3473de5..00e1d736dcfcb 100644 --- a/bitnami/metallb-speaker/0/debian-12/Dockerfile +++ b/bitnami/metallb-speaker/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T23:30:16Z" \ + org.opencontainers.image.created="2024-12-17T15:43:20Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/metallb-speaker/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.14.5-debian-12-r6" \ + org.opencontainers.image.ref.name="0.14.9-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/metallb-speaker" \ org.opencontainers.image.title="metallb-speaker" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.14.5" + org.opencontainers.image.version="0.14.9" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps tcpdump RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "metallb-speaker-0.14.5-3-linux-${OS_ARCH}-debian-12" \ + "metallb-speaker-0.14.9-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -43,18 +44,21 @@ RUN apt-get update && apt-get upgrade -y && \ apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN curl -sLO "https://deb.frrouting.org/frr/pool/frr-9.1/f/frr/frr_9.1-0~deb12u1_${OS_ARCH}.deb" && \ - curl -sLO "https://deb.frrouting.org/frr/pool/frr-9.1/f/frr/frr-pythontools_9.1-0~deb12u1_all.deb" && \ +RUN curl -sLO "https://deb.frrouting.org/frr/pool/frr-9.1/f/frr/frr_9.1.2-0~deb12u1_${OS_ARCH}.deb" && \ + curl -sLO "https://deb.frrouting.org/frr/pool/frr-9.1/f/frr/frr-pythontools_9.1.2-0~deb12u1_all.deb" && \ + curl -sLO "https://deb.frrouting.org/frr/pool/frr-9.1/liby/libyang2/libyang2_2.1.128-2~deb12u1_${OS_ARCH}.deb" && \ if [ "$OS_ARCH" = "amd64" ]; then \ - echo "96a180d90d1d2f5ddcab07919237abe3f4271f54caddc21982c2b5fc6fe0ebba frr_9.1-0~deb12u1_${OS_ARCH}.deb" | sha256sum -c - ; \ + echo "da01601ca0531caf625aec3585f551ff8819732c7b2f79ebd09e85b0d5e49b19 frr_9.1.2-0~deb12u1_${OS_ARCH}.deb" | sha256sum -c - ; \ + echo "62380f148e22c87d91bf24d0ef74484bf592922fbe891a6d62ddcedd19dd9311 libyang2_2.1.128-2~deb12u1_${OS_ARCH}.deb" | sha256sum -c - ; \ else \ - echo "0769587460a8f483f286e3642ec7c6527a73781745508e546bfdf4d2582dc7bb frr_9.1-0~deb12u1_${OS_ARCH}.deb" | sha256sum -c - ; \ + echo "b5cfc0fb96898a9fbe54a9d54797f2eb7cdaadf551a586a3b12784e34d7f6b68 frr_9.1.2-0~deb12u1_${OS_ARCH}.deb" | sha256sum -c - ; \ + echo "0e10ece05bab6b777bfac13d62f71b61e504f64d74ce35746dd3abd6c05beb4b libyang2_2.1.128-2~deb12u1_${OS_ARCH}.deb" | sha256sum -c - ; \ fi && \ - echo "1aa6f93d39a6384b01d9492b034cea93cf46fb54ea078a7c9194319264076fed frr-pythontools_9.1-0~deb12u1_all.deb" | sha256sum -c - && \ - install_packages "./frr_9.1-0~deb12u1_${OS_ARCH}.deb" "./frr-pythontools_9.1-0~deb12u1_all.deb" && \ - rm frr_9.1-0~deb12u1_${OS_ARCH}.deb frr-pythontools_9.1-0~deb12u1_all.deb + echo "7d519c064353c7965137e8ccd9e8723ebd57e7bd05760e317f36689309e495ee frr-pythontools_9.1.2-0~deb12u1_all.deb" | sha256sum -c - && \ + install_packages "./frr_9.1.2-0~deb12u1_${OS_ARCH}.deb" "./frr-pythontools_9.1.2-0~deb12u1_all.deb" "./libyang2_2.1.128-2~deb12u1_${OS_ARCH}.deb" && \ + rm frr_9.1.2-0~deb12u1_${OS_ARCH}.deb frr-pythontools_9.1.2-0~deb12u1_all.deb libyang2_2.1.128-2~deb12u1_${OS_ARCH}.deb -ENV APP_VERSION="0.14.5" \ +ENV APP_VERSION="0.14.9" \ BITNAMI_APP_NAME="metallb-speaker" \ PATH="/opt/bitnami/metallb-speaker/bin:$PATH" diff --git a/bitnami/metallb-speaker/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/metallb-speaker/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 2b4dc423c4124..c6812ea87fd42 100644 --- a/bitnami/metallb-speaker/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/metallb-speaker/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.14.5-3" + "version": "0.14.9-0" } } \ No newline at end of file diff --git a/bitnami/metallb-speaker/0/debian-12/tags-info.yaml b/bitnami/metallb-speaker/0/debian-12/tags-info.yaml index c88e520291bb9..f1b2877562d8b 100644 --- a/bitnami/metallb-speaker/0/debian-12/tags-info.yaml +++ b/bitnami/metallb-speaker/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.14.5 +- 0.14.9 - latest diff --git a/bitnami/metallb-speaker/README.md b/bitnami/metallb-speaker/README.md index 17acb542fef47..3257253d3fb7c 100644 --- a/bitnami/metallb-speaker/README.md +++ b/bitnami/metallb-speaker/README.md @@ -22,11 +22,17 @@ docker run --name metallb-speaker bitnami/metallb-speaker:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use MetalLB Speaker in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use MetalLB Speaker in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/metrics-server/0/debian-12/Dockerfile b/bitnami/metrics-server/0/debian-12/Dockerfile index 048df061ed4de..1156906c0deae 100644 --- a/bitnami/metrics-server/0/debian-12/Dockerfile +++ b/bitnami/metrics-server/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-14T00:50:36Z" \ + org.opencontainers.image.created="2025-01-03T01:41:05Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/metrics-server/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.7.1-debian-12-r7" \ + org.opencontainers.image.ref.name="0.7.2-debian-12-r9" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/metrics-server" \ org.opencontainers.image.title="metrics-server" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.7.1" + org.opencontainers.image.version="0.7.2" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "metrics-server-0.7.1-3-linux-${OS_ARCH}-debian-12" \ + "metrics-server-0.7.2-5-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN chown -R 1001:root /opt/bitnami/metrics-server && chmod -R g+rwX /opt/bitnami/metrics-server -ENV APP_VERSION="0.7.1" \ +ENV APP_VERSION="0.7.2" \ BITNAMI_APP_NAME="metrics-server" \ PATH="/opt/bitnami/metrics-server/bin:$PATH" diff --git a/bitnami/metrics-server/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/metrics-server/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index d0d7cc75f153f..a4aef560cad24 100644 --- a/bitnami/metrics-server/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/metrics-server/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.7.1-3" + "version": "0.7.2-5" } } \ No newline at end of file diff --git a/bitnami/metrics-server/0/debian-12/tags-info.yaml b/bitnami/metrics-server/0/debian-12/tags-info.yaml index e5bb45bfea8ec..116f373d8de7b 100644 --- a/bitnami/metrics-server/0/debian-12/tags-info.yaml +++ b/bitnami/metrics-server/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.7.1 +- 0.7.2 - latest diff --git a/bitnami/metrics-server/README.md b/bitnami/metrics-server/README.md index c0db42edd41ae..bb78b1010c9b0 100644 --- a/bitnami/metrics-server/README.md +++ b/bitnami/metrics-server/README.md @@ -24,7 +24,7 @@ docker run --name metrics-server bitnami/metrics-server:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Metrics Server in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Metrics Server in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy Metrics Server in Kubernetes? @@ -34,11 +34,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -73,7 +79,7 @@ request](https://github.com/bitnami/containers/pulls/new) with your contribution ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/milvus/2/debian-12/Dockerfile b/bitnami/milvus/2/debian-12/Dockerfile index 7264da2fdd9ca..f01ef65404ba9 100644 --- a/bitnami/milvus/2/debian-12/Dockerfile +++ b/bitnami/milvus/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-31T09:54:23Z" \ + org.opencontainers.image.created="2025-01-13T09:11:15Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/milvus/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.4.4-debian-12-r0" \ + org.opencontainers.image.ref.name="2.5.3-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/milvus" \ org.opencontainers.image.title="milvus" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.4.4" + org.opencontainers.image.version="2.5.3" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,15 +29,15 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libaio1 libgcc-s1 libgfortran5 libgomp1 libopenblas0-pthread libquadmath0 libstdc++6 procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "yq-4.44.1-1-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "milvus-2.4.4-0-linux-${OS_ARCH}-debian-12" \ + "yq-4.45.1-0-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "render-template-1.0.7-8-linux-${OS_ARCH}-debian-12" \ + "milvus-2.5.3-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN useradd -r -u 1001 -g root milvus RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir -p /opt/bitnami/milvus/tmp && chmod g+rwX /opt/bitnami/milvus/tmp && ln -s /opt/bitnami/milvus/tmp /run/milvus && mkdir -p /bitnami/milvus/data && chmod g+rwX /bitnami/milvus/data && ln -s /bitnami/milvus/data /var/lib/milvus && ln -s /opt/bitnami/milvus /milvus -ENV APP_VERSION="2.4.4" \ +ENV APP_VERSION="2.5.3" \ BITNAMI_APP_NAME="milvus" \ LD_LIBRARY_PATH="/opt/bitnami/milvus/lib:$LD_LIBRARY_PATH" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/milvus/bin:$PATH" diff --git a/bitnami/milvus/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/milvus/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index d2f9dbb0f5d96..e721078dccdc2 100644 --- a/bitnami/milvus/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/milvus/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,24 +3,24 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.4.4-0" + "version": "2.5.3-0" }, "render-template": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.6-13" + "version": "1.0.7-8" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" }, "yq": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "4.44.1-1" + "version": "4.45.1-0" } } \ No newline at end of file diff --git a/bitnami/milvus/2/debian-12/tags-info.yaml b/bitnami/milvus/2/debian-12/tags-info.yaml index f306e70337e28..cbccf2590caff 100644 --- a/bitnami/milvus/2/debian-12/tags-info.yaml +++ b/bitnami/milvus/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.4.4 +- 2.5.3 - latest diff --git a/bitnami/milvus/README.md b/bitnami/milvus/README.md index 25b48a8425357..04d8ffc9361f7 100644 --- a/bitnami/milvus/README.md +++ b/bitnami/milvus/README.md @@ -22,11 +22,17 @@ docker run -it --name milvus bitnami/milvus * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Milvus in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Milvus in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -108,7 +114,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/minio-client/2024/debian-12/Dockerfile b/bitnami/minio-client/2024/debian-12/Dockerfile index be1413b0b2ba9..221afeed5ecc6 100644 --- a/bitnami/minio-client/2024/debian-12/Dockerfile +++ b/bitnami/minio-client/2024/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-27T22:57:38Z" \ + org.opencontainers.image.created="2024-12-16T08:25:30Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/minio-client/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2024.5.24-debian-12-r0" \ + org.opencontainers.image.ref.name="2024.11.21-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/minio-client" \ org.opencontainers.image.title="minio-client" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2024.5.24" + org.opencontainers.image.version="2024.11.21" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl jq procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "minio-client-2024.5.24-0-linux-${OS_ARCH}-debian-12" \ + "minio-client-2024.11.21-1-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -47,7 +48,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/minio-client/postunpack.sh -ENV APP_VERSION="2024.5.24" \ +ENV APP_VERSION="2024.11.21" \ BITNAMI_APP_NAME="minio-client" \ PATH="/opt/bitnami/minio-client/bin:$PATH" diff --git a/bitnami/minio-client/2024/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/minio-client/2024/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 7fafb84eb8003..3d1a26a512dc3 100644 --- a/bitnami/minio-client/2024/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/minio-client/2024/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2024.5.24-0" + "version": "2024.11.21-1" } } \ No newline at end of file diff --git a/bitnami/minio-client/2024/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/minio-client/2024/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/minio-client/2024/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/minio-client/2024/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/minio-client/2024/debian-12/tags-info.yaml b/bitnami/minio-client/2024/debian-12/tags-info.yaml index 4922fb7e1fe3b..fb0ef80d174f9 100644 --- a/bitnami/minio-client/2024/debian-12/tags-info.yaml +++ b/bitnami/minio-client/2024/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2024" - 2024-debian-12 -- 2024.5.24 +- 2024.11.21 - latest diff --git a/bitnami/minio-client/README.md b/bitnami/minio-client/README.md index e0e52b22ef51c..761df8e4d38ea 100644 --- a/bitnami/minio-client/README.md +++ b/bitnami/minio-client/README.md @@ -22,15 +22,21 @@ docker run --name minio-client bitnami/minio-client:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Bitnami Object Storage Client based on MinIO® in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Bitnami Object Storage Client based on MinIO® in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/minio/2024/debian-12/Dockerfile b/bitnami/minio/2024/debian-12/Dockerfile index b2ecff0e1dae4..ffde140bd3c66 100644 --- a/bitnami/minio/2024/debian-12/Dockerfile +++ b/bitnami/minio/2024/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-28T23:11:35Z" \ + org.opencontainers.image.created="2024-12-19T01:45:43Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/minio/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2024.5.28-debian-12-r0" \ + org.opencontainers.image.ref.name="2024.12.18-debian-12-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/minio" \ org.opencontainers.image.title="minio" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2024.5.28" + org.opencontainers.image.version="2024.12.18" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,14 +29,14 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl jq procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "minio-client-2024.5.24-0-linux-${OS_ARCH}-debian-12" \ - "minio-2024.5.28-0-linux-${OS_ARCH}-debian-12" \ + "wait-for-port-1.0.8-8-linux-${OS_ARCH}-debian-12" \ + "minio-client-2024.11.21-1-linux-${OS_ARCH}-debian-12" \ + "minio-2024.12.18-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -49,7 +50,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/minio-client/postunpack.sh RUN /opt/bitnami/scripts/minio/postunpack.sh -ENV APP_VERSION="2024.5.28" \ +ENV APP_VERSION="2024.12.18" \ BITNAMI_APP_NAME="minio" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/minio-client/bin:/opt/bitnami/minio/bin:$PATH" diff --git a/bitnami/minio/2024/debian-12/docker-compose.yml b/bitnami/minio/2024/debian-12/docker-compose.yml index a87e21a3c26d2..8f4f79ad68c50 100644 --- a/bitnami/minio/2024/debian-12/docker-compose.yml +++ b/bitnami/minio/2024/debian-12/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: minio: image: docker.io/bitnami/minio:2024 diff --git a/bitnami/minio/2024/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/minio/2024/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index acc0e9a49cb5a..4b1a7e92415ed 100644 --- a/bitnami/minio/2024/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/minio/2024/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,18 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2024.5.28-0" + "version": "2024.12.18-0" }, "minio-client": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2024.5.24-0" + "version": "2024.11.21-1" }, "wait-for-port": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "1.0.7-13" + "version": "1.0.8-8" } } \ No newline at end of file diff --git a/bitnami/minio/2024/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/minio/2024/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/minio/2024/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/minio/2024/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/minio/2024/debian-12/rootfs/opt/bitnami/scripts/libminio.sh b/bitnami/minio/2024/debian-12/rootfs/opt/bitnami/scripts/libminio.sh index 33a01c3dee5c7..b9332e8784295 100644 --- a/bitnami/minio/2024/debian-12/rootfs/opt/bitnami/scripts/libminio.sh +++ b/bitnami/minio/2024/debian-12/rootfs/opt/bitnami/scripts/libminio.sh @@ -209,7 +209,17 @@ minio_configure_reverse_proxy() { --type proxy \ --apache-proxy-address "http://127.0.0.1:${MINIO_CONSOLE_PORT_NUMBER}/" \ --http-port "$console_http_port" \ - --https-port "$console_https_port" + --https-port "$console_https_port" \ + --apache-proxy-configuration "# ProxyPass for websockets connections +# https://github.com/minio/minio/issues/16196 +ProxyPreserveHost On +RewriteCond %{HTTP:Upgrade} =websocket [NC] +RewriteRule /(.*) ws://127.0.0.1:${MINIO_CONSOLE_PORT_NUMBER}/\$1 [P,L] +RewriteCond %{HTTP:Upgrade} !=websocket [NC] +RewriteRule /(.*) http://127.0.0.1:${MINIO_CONSOLE_PORT_NUMBER}/\$1 [P,L] +ProxyPass /ws ws://127.0.0.1:${MINIO_CONSOLE_PORT_NUMBER}/ws +ProxyPassReverse /ws ws://127.0.0.1:${MINIO_CONSOLE_PORT_NUMBER}/ws" \ + --apache-additional-configuration "ProxyRequests off" # Create Apache vhost for Jaeger Collector ensure_web_server_app_configuration_exists "minio-api" \ diff --git a/bitnami/minio/2024/debian-12/tags-info.yaml b/bitnami/minio/2024/debian-12/tags-info.yaml index 0442b6bbeeb6c..b5bc216ecdc24 100644 --- a/bitnami/minio/2024/debian-12/tags-info.yaml +++ b/bitnami/minio/2024/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2024" - 2024-debian-12 -- 2024.5.28 +- 2024.12.18 - latest diff --git a/bitnami/minio/README.md b/bitnami/minio/README.md index c7ff37d766494..6402a98523da8 100644 --- a/bitnami/minio/README.md +++ b/bitnami/minio/README.md @@ -22,7 +22,7 @@ docker run --name minio bitnami/minio:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use Bitnami Object Storage based on MinIO® in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use Bitnami Object Storage based on MinIO® in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## How to deploy MinIO(R) in Kubernetes? @@ -32,11 +32,17 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deploy ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. diff --git a/bitnami/minio/docker-compose-distributed-multidrive.yml b/bitnami/minio/docker-compose-distributed-multidrive.yml index 666f5967351e6..67bb5c300a86f 100644 --- a/bitnami/minio/docker-compose-distributed-multidrive.yml +++ b/bitnami/minio/docker-compose-distributed-multidrive.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: prepare-data: image: 'docker.io/bitnami/os-shell:latest' diff --git a/bitnami/minio/docker-compose-distributed.yml b/bitnami/minio/docker-compose-distributed.yml index 6d6315f6cb31b..a56760ceb4a4a 100644 --- a/bitnami/minio/docker-compose-distributed.yml +++ b/bitnami/minio/docker-compose-distributed.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: minio: image: docker.io/bitnami/minio:2024 diff --git a/bitnami/minio/docker-compose.yml b/bitnami/minio/docker-compose.yml index a87e21a3c26d2..8f4f79ad68c50 100644 --- a/bitnami/minio/docker-compose.yml +++ b/bitnami/minio/docker-compose.yml @@ -1,8 +1,6 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 -version: '2' - services: minio: image: docker.io/bitnami/minio:2024 diff --git a/bitnami/mlflow/2/debian-12/Dockerfile b/bitnami/mlflow/2/debian-12/Dockerfile index 80a9589b14fe7..7506f3398abb5 100644 --- a/bitnami/mlflow/2/debian-12/Dockerfile +++ b/bitnami/mlflow/2/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-30T20:25:52Z" \ + org.opencontainers.image.created="2025-01-10T18:47:51Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mlflow/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.13.1-debian-12-r0" \ + org.opencontainers.image.ref.name="2.19.0-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mlflow" \ org.opencontainers.image.title="mlflow" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="2.13.1" + org.opencontainers.image.version="2.19.0" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,13 +29,13 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl git libbz2-1.0 libcom-err2 libcrypt1 libffi8 libgcc-s1 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.5-0 liblzma5 libncursesw6 libnettle8 libnsl2 libp11-kit0 libpq5 libreadline8 libsasl2-2 libsqlite3-0 libssl3 libstdc++6 libtasn1-6 libtinfo6 libtirpc3 libunistring2 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "python-3.10.14-12-linux-${OS_ARCH}-debian-12" \ - "mlflow-2.13.1-0-linux-${OS_ARCH}-debian-12" \ + "python-3.12.8-1-linux-${OS_ARCH}-debian-12" \ + "mlflow-2.19.0-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -48,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN mkdir /.local && chmod g+rwX /.local RUN mkdir -p /app/mlruns /app/mlartifacts /bitnami/mlflow && chmod g+rwX /app /app/mlruns /app/mlartifacts /bitnami/mlflow && ln -s /opt/bitnami/python/lib/*/site-packages/mlflow/server/auth/ /bitnami/mlflow-basic-auth -ENV APP_VERSION="2.13.1" \ +ENV APP_VERSION="2.19.0" \ BITNAMI_APP_NAME="mlflow" \ PATH="/opt/bitnami/python/bin:$PATH" diff --git a/bitnami/mlflow/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mlflow/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index e6d0a1a01d6bc..d2baa7cc35d28 100644 --- a/bitnami/mlflow/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/mlflow/2/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,12 +3,12 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "2.13.1-0" + "version": "2.19.0-0" }, "python": { "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "3.10.14-12" + "version": "3.12.8-1" } } \ No newline at end of file diff --git a/bitnami/mlflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mlflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh index d239f98535735..00d053b5215aa 100644 --- a/bitnami/mlflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ b/bitnami/mlflow/2/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -47,8 +47,7 @@ print_image_welcome_page() { info "" info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information." info "" } diff --git a/bitnami/mlflow/2/debian-12/tags-info.yaml b/bitnami/mlflow/2/debian-12/tags-info.yaml index 665e655dbb595..62d5ba64289b5 100644 --- a/bitnami/mlflow/2/debian-12/tags-info.yaml +++ b/bitnami/mlflow/2/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - 2-debian-12 -- 2.13.1 +- 2.19.0 - latest diff --git a/bitnami/mlflow/README.md b/bitnami/mlflow/README.md index 1547597b8fbe2..6a3d8671fb543 100644 --- a/bitnami/mlflow/README.md +++ b/bitnami/mlflow/README.md @@ -22,15 +22,21 @@ docker run -it --name mlflow bitnami/mlflow:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use MLflow in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use MLflow in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -132,7 +138,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/mongodb-exporter/0/debian-12/Dockerfile b/bitnami/mongodb-exporter/0/debian-12/Dockerfile index 1b7624ff9ec45..d58f4223bc68d 100644 --- a/bitnami/mongodb-exporter/0/debian-12/Dockerfile +++ b/bitnami/mongodb-exporter/0/debian-12/Dockerfile @@ -3,19 +3,20 @@ FROM docker.io/bitnami/minideb:bookworm +ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith" ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-13T22:50:49Z" \ + org.opencontainers.image.created="2025-01-12T13:10:49Z" \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mongodb-exporter/README.md" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="0.40.0-debian-12-r29" \ + org.opencontainers.image.ref.name="0.43.1-debian-12-r1" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mongodb-exporter" \ org.opencontainers.image.title="mongodb-exporter" \ org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="0.40.0" + org.opencontainers.image.version="0.43.1" ENV HOME="/" \ OS_ARCH="${TARGETARCH:-amd64}" \ @@ -28,12 +29,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl procps RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "mongodb-exporter-0.40.0-9-linux-${OS_ARCH}-debian-12" \ + "mongodb-exporter-0.43.1-0-linux-${OS_ARCH}-debian-12" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \ fi ; \ sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ @@ -46,7 +47,7 @@ RUN chmod g+rwX /opt/bitnami RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN ln -sf /opt/bitnami/mongodb-exporter/bin/mongodb_exporter /bin/mongodb_exporter -ENV APP_VERSION="0.40.0" \ +ENV APP_VERSION="0.43.1" \ BITNAMI_APP_NAME="mongodb-exporter" \ PATH="/opt/bitnami/mongodb-exporter/bin:$PATH" diff --git a/bitnami/mongodb-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mongodb-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json index 319fd177b5bcb..7663c1193f4ad 100644 --- a/bitnami/mongodb-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/mongodb-exporter/0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,6 +3,6 @@ "arch": "amd64", "distro": "debian-12", "type": "NAMI", - "version": "0.40.0-9" + "version": "0.43.1-0" } } \ No newline at end of file diff --git a/bitnami/mongodb-exporter/0/debian-12/tags-info.yaml b/bitnami/mongodb-exporter/0/debian-12/tags-info.yaml index 1e526f61ba6e0..abf0fd1e4f5ca 100644 --- a/bitnami/mongodb-exporter/0/debian-12/tags-info.yaml +++ b/bitnami/mongodb-exporter/0/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "0" - 0-debian-12 -- 0.40.0 +- 0.43.1 - latest diff --git a/bitnami/mongodb-exporter/README.md b/bitnami/mongodb-exporter/README.md index 9fa18ea3c2333..e83d68afa9252 100644 --- a/bitnami/mongodb-exporter/README.md +++ b/bitnami/mongodb-exporter/README.md @@ -22,15 +22,21 @@ docker run --name mongodb-exporter bitnami/mongodb-exporter:latest * All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. -Looking to use MongoDB Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. +Looking to use MongoDB Exporter in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. ## Why use a non-root container? -Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-work-with-non-root-containers-index.html). +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-work-with-non-root-containers-index.html). + +## Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. ## Supported tags and respective `Dockerfile` links -Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html). You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. @@ -148,7 +154,7 @@ If you encountered a problem running this container, you can file an [issue](htt ## License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/bitnami/mongodb-sharded/7.0/README.md b/bitnami/mongodb-sharded/7.0/README.md new file mode 100644 index 0000000000000..5237e148ec0d9 --- /dev/null +++ b/bitnami/mongodb-sharded/7.0/README.md @@ -0,0 +1,5 @@ +# Only latest stable branch maintained in the free Bitnami catalog + +Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub. + +Please check the Bitnami Premium page in our partner [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=GitHub&utm_medium=containers) for more information. diff --git a/bitnami/mongodb-sharded/7.0/debian-12/Dockerfile b/bitnami/mongodb-sharded/7.0/debian-12/Dockerfile deleted file mode 100644 index d3652415fd2f2..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -FROM docker.io/bitnami/minideb:bookworm - -ARG TARGETARCH - -LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ - org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-05-28T10:25:38Z" \ - org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ - org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mongodb-sharded/README.md" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="7.0.11-debian-12-r0" \ - org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mongodb-sharded" \ - org.opencontainers.image.title="mongodb-sharded" \ - org.opencontainers.image.vendor="Broadcom, Inc." \ - org.opencontainers.image.version="7.0.11" - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-12" \ - OS_NAME="linux" - -COPY prebuildfs / -SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] -# Install required system packages and dependencies -RUN install_packages ca-certificates curl libbrotli1 libcom-err2 libcurl4 libffi8 libgcc-s1 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.5-0 libnettle8 libnghttp2-14 libp11-kit0 libpsl5 librtmp1 libsasl2-2 libssh2-1 libssl3 libtasn1-6 libunistring2 libzstd1 numactl procps zlib1g -RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ - COMPONENTS=( \ - "yq-4.44.1-1-linux-${OS_ARCH}-debian-12" \ - "wait-for-port-1.0.7-13-linux-${OS_ARCH}-debian-12" \ - "render-template-1.0.6-13-linux-${OS_ARCH}-debian-12" \ - "mongodb-shell-2.2.6-0-linux-${OS_ARCH}-debian-12" \ - "mongodb-7.0.11-0-linux-${OS_ARCH}-debian-12" \ - ) ; \ - for COMPONENT in "${COMPONENTS[@]}"; do \ - if [ ! -f "${COMPONENT}.tar.gz" ]; then \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ - curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ - fi ; \ - sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ - tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ - rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ - done -RUN apt-get update && apt-get upgrade -y && \ - apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true -RUN ln -s /opt/bitnami/scripts/mongodb-sharded/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/liblog.sh /liblog.sh -RUN ln -s /opt/bitnami/scripts/mongodb-sharded/run.sh /run.sh - -COPY rootfs / -RUN /opt/bitnami/scripts/mongodb-sharded/postunpack.sh -ENV APP_VERSION="7.0.11" \ - BITNAMI_APP_NAME="mongodb-sharded" \ - PATH="/opt/bitnami/common/bin:/opt/bitnami/mongodb/bin:$PATH" - -EXPOSE 27017 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/mongodb-sharded/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/mongodb-sharded/run.sh" ] diff --git a/bitnami/mongodb-sharded/7.0/debian-12/docker-compose.yml b/bitnami/mongodb-sharded/7.0/debian-12/docker-compose.yml deleted file mode 100644 index 22b6d85cb896c..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/docker-compose.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -version: '2' - -services: - mongodb-sharded: - image: docker.io/bitnami/mongodb-sharded:7.0 - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-sharded - - MONGODB_SHARDING_MODE=mongos - - MONGODB_CFG_PRIMARY_HOST=mongodb-cfg - - MONGODB_CFG_REPLICA_SET_NAME=cfgreplicaset - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - - MONGODB_ROOT_PASSWORD=password123 - ports: - - "27017:27017" - - mongodb-shard0: - image: docker.io/bitnami/mongodb-sharded:7.0 - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-shard0 - - MONGODB_SHARDING_MODE=shardsvr - - MONGODB_MONGOS_HOST=mongodb-sharded - - MONGODB_ROOT_PASSWORD=password123 - - MONGODB_REPLICA_SET_MODE=primary - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - - MONGODB_REPLICA_SET_NAME=shard0 - volumes: - - 'shard0_data:/bitnami' - - mongodb-cfg: - image: docker.io/bitnami/mongodb-sharded:7.0 - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-cfg - - MONGODB_SHARDING_MODE=configsvr - - MONGODB_ROOT_PASSWORD=password123 - - MONGODB_REPLICA_SET_MODE=primary - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - - MONGODB_REPLICA_SET_NAME=cfgreplicaset - volumes: - - 'cfg_data:/bitnami' - -volumes: - shard0_data: - driver: local - cfg_data: - driver: local diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index c6629b7609829..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "mongodb": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "7.0.11-0" - }, - "mongodb-shell": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.2.6-0" - }, - "render-template": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.6-13" - }, - "wait-for-port": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "1.0.7-13" - }, - "yq": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "4.44.1-1" - } -} \ No newline at end of file diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index 76956b38e82c6..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index d239f98535735..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/containers" - - info "" - info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" - info "" -} - diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 1c69e0e48a5d0..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 970d624179642..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - [ -d "${dir}" ] || mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - find -L "$p" -printf "" - if [[ -n $dir_mode ]]; then - find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" - fi - if [[ -n $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" - elif [[ -n $user ]] && [[ -z $group ]]; then - find -L "$p" -print0 | xargs -r -0 chown "${user}" - elif [[ -z $user ]] && [[ -n $group ]]; then - find -L "$p" -print0 | xargs -r -0 chgrp "${group}" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index f3a5fe7868eed..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index 450f05bd823ff..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index 9d908c48579b9..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,657 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# --name - Distro name -# --pretty-name - Distro pretty name -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - --name) - get_os_release_metadata NAME - ;; - --pretty-name) - get_os_release_metadata PRETTY_NAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - numeric) - filter="0-9" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - alphanumeric+special|special+alphanumeric) - # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters - # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9:@.,/+!=' - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Get boot time -# Globals: -# None -# Arguments: -# None -# Returns: -# Boot time metadata -######################### -get_boot_time() { - stat /proc --format=%Y -} - -######################## -# Get machine ID -# Globals: -# None -# Arguments: -# None -# Returns: -# Machine ID -######################### -get_machine_id() { - local machine_id - if [[ -f /etc/machine-id ]]; then - machine_id="$(cat /etc/machine-id)" - fi - if [[ -z "$machine_id" ]]; then - # Fallback to the boot-time, which will at least ensure a unique ID in the current session - machine_id="$(get_boot_time)" - fi - echo "$machine_id" -} - -######################## -# Get the root partition's disk device ID (e.g. /dev/sda1) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root partition disk ID -######################### -get_disk_device_id() { - local device_id="" - if grep -q ^/dev /proc/mounts; then - device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" - fi - # If it could not be autodetected, fallback to /dev/sda1 as a default - if [[ -z "$device_id" || ! -b "$device_id" ]]; then - device_id="/dev/sda1" - fi - echo "$device_id" -} - -######################## -# Get the root disk device ID (e.g. /dev/sda) -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk ID -######################### -get_root_disk_device_id() { - get_disk_device_id | sed -E 's/p?[0-9]+$//' -} - -######################## -# Get the root disk size in bytes -# Globals: -# None -# Arguments: -# None -# Returns: -# Root disk size in bytes -######################### -get_root_disk_size() { - fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 18445e7d27fa3..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index 1f9b33096b026..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,496 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat < "${logrotate_conf_dir}/${service_name}" -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} - -######################## -# Generate a Systemd configuration file -# Arguments: -# $1 - Service name -# Flags: -# --custom-service-content - Custom content to add to the [service] block -# --environment - Environment variable to define (multiple --environment options may be passed) -# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) -# --exec-start - Start command (required) -# --exec-start-pre - Pre-start command (optional) -# --exec-start-post - Post-start command (optional) -# --exec-stop - Stop command (optional) -# --exec-reload - Reload command (optional) -# --group - System group to start the service with -# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) -# --restart - When to restart the Systemd service after being stopped (defaults to always) -# --pid-file - Service PID file -# --standard-output - File where to print stdout output -# --standard-error - File where to print stderr output -# --success-exit-status - Exit code that indicates a successful shutdown -# --type - Systemd unit type (defaults to forking) -# --user - System user to start the service with -# --working-directory - Working directory at which to start the service -# Returns: -# None -######################### -generate_systemd_conf() { - local -r service_name="${1:?service name is missing}" - local -r systemd_units_dir="/etc/systemd/system" - local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" - # Default values - local name="$service_name" - local type="forking" - local user="" - local group="" - local environment="" - local environment_file="" - local exec_start="" - local exec_start_pre="" - local exec_start_post="" - local exec_stop="" - local exec_reload="" - local restart="always" - local pid_file="" - local standard_output="journal" - local standard_error="" - local limits_content="" - local success_exit_status="" - local custom_service_content="" - local working_directory="" - # Parse CLI flags - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - --name \ - | --type \ - | --user \ - | --group \ - | --exec-start \ - | --exec-stop \ - | --exec-reload \ - | --restart \ - | --pid-file \ - | --standard-output \ - | --standard-error \ - | --success-exit-status \ - | --custom-service-content \ - | --working-directory \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "$var_name"="${1:?"${var_name} value is missing"}" - ;; - --limit-*) - [[ -n "$limits_content" ]] && limits_content+=$'\n' - var_name="${1//--limit-}" - shift - limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" - ;; - --exec-start-pre) - shift - [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' - exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" - ;; - --exec-start-post) - shift - [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' - exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" - ;; - --environment) - shift - # It is possible to add multiple environment lines - [[ -n "$environment" ]] && environment+=$'\n' - environment+="Environment=${1:?"--environment value is missing"}" - ;; - --environment-file) - shift - # It is possible to add multiple environment-file lines - [[ -n "$environment_file" ]] && environment_file+=$'\n' - environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - # Validate inputs - local error="no" - if [[ -z "$exec_start" ]]; then - error "The --exec-start option is required" - error="yes" - fi - if [[ "$error" != "no" ]]; then - return 1 - fi - # Generate the Systemd unit - cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" - fi - if [[ -n "$exec_start_pre" ]]; then - # This variable may contain multiple ExecStartPre= directives - cat >> "$service_file" <<< "$exec_start_pre" - fi - if [[ -n "$exec_start" ]]; then - cat >> "$service_file" <<< "ExecStart=${exec_start}" - fi - if [[ -n "$exec_start_post" ]]; then - # This variable may contain multiple ExecStartPost= directives - cat >> "$service_file" <<< "$exec_start_post" - fi - # Optional stop and reload commands - if [[ -n "$exec_stop" ]]; then - cat >> "$service_file" <<< "ExecStop=${exec_stop}" - fi - if [[ -n "$exec_reload" ]]; then - cat >> "$service_file" <<< "ExecReload=${exec_reload}" - fi - # User and group - if [[ -n "$user" ]]; then - cat >> "$service_file" <<< "User=${user}" - fi - if [[ -n "$group" ]]; then - cat >> "$service_file" <<< "Group=${group}" - fi - # PID file allows to determine if the main process is running properly (for Restart=always) - if [[ -n "$pid_file" ]]; then - cat >> "$service_file" <<< "PIDFile=${pid_file}" - fi - if [[ -n "$restart" ]]; then - cat >> "$service_file" <<< "Restart=${restart}" - fi - # Environment flags - if [[ -n "$environment" ]]; then - # This variable may contain multiple Environment= directives - cat >> "$service_file" <<< "$environment" - fi - if [[ -n "$environment_file" ]]; then - # This variable may contain multiple EnvironmentFile= directives - cat >> "$service_file" <<< "$environment_file" - fi - # Logging - if [[ -n "$standard_output" ]]; then - cat >> "$service_file" <<< "StandardOutput=${standard_output}" - fi - if [[ -n "$standard_error" ]]; then - cat >> "$service_file" <<< "StandardError=${standard_error}" - fi - if [[ -n "$custom_service_content" ]]; then - # This variable may contain multiple miscellaneous directives - cat >> "$service_file" <<< "$custom_service_content" - fi - if [[ -n "$success_exit_status" ]]; then - cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv6() { - local ip="${1:?ip is missing}" - local stat=1 - local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' - local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' - - if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then - stat=0 - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate if the provided argument is a valid IPv4 or IPv6 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ip() { - local ip="${1:?ip is missing}" - local stat=1 - - if validate_ipv4 "$ip"; then - stat=0 - else - stat=$(validate_ipv6 "$ip") - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f0d5a5cd33892..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[j]="${BASH_REMATCH[$i]}" - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index acb84fc2339bb..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl start "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" - fi -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl stop "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" - fi -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl restart "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" - fi -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then - systemctl reload "bitnami.$(web_server_type).service" - else - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" - fi -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index ccce248b2d141..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -eu - -n=0 -max=2 -export DEBIAN_FRONTEND=noninteractive - -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/usr/sbin/run-script deleted file mode 100755 index 0e07c9038dfde..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/prebuildfs/usr/sbin/run-script +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -set -u - -if [ $# -eq 0 ]; then - >&2 echo "No arguments provided" - exit 1 -fi - -script=$1 -exit_code="${2:-96}" -fail_if_not_present="${3:-n}" - -if test -f "$script"; then - sh $script - - if [ $? -ne 0 ]; then - exit $((exit_code)) - fi -elif [ "$fail_if_not_present" = "y" ]; then - >&2 echo "script not found: $script" - exit 127 -fi diff --git a/bitnami/mongodb-sharded/7.0/debian-12/rootfs/opt/bitnami/scripts/libmongodb.sh b/bitnami/mongodb-sharded/7.0/debian-12/rootfs/opt/bitnami/scripts/libmongodb.sh deleted file mode 100644 index 3ae9efdfaeb44..0000000000000 --- a/bitnami/mongodb-sharded/7.0/debian-12/rootfs/opt/bitnami/scripts/libmongodb.sh +++ /dev/null @@ -1,1696 +0,0 @@ -#!/bin/bash -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 -# -# Bitnami MongoDB library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libservice.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libnet.sh - -######################## -# Return field separator to use in lists. One of comma or semi-colon, comma -# being preferred. -# Globals: -# None -# Arguments: -# A (list) of fields -# Returns: -# The separator used within that list -######################### -mongodb_field_separator() { - if printf %s\\n "$1" | grep -q ','; then - echo ',' - elif printf %s\\n "$1" | grep -q ';'; then - echo ';' - fi -} - -######################## -# Initialise the arrays databases, usernames and passwords to contain the -# fields from their respective environment variables. -# Globals: -# MONGODB_EXTRA_DATABASES, MONGODB_EXTRA_USERNAMES, MONGODB_EXTRA_PASSWORDS -# MONGODB_DATABASE, MONGODB_USERNAME, MONGODB_PASSWORD -# Arguments: -# $1 - single: initialise based on MONGODB_DATABASE, MONGODB_USERNAME, MONGODB_PASSWORD -# $1 - extra: initialise based on MONGODB_EXTRA_DATABASES, MONGODB_EXTRA_USERNAMES, MONGODB_EXTRA_PASSWORDS -# $1 - all (or empty): initalise as both of the above -# Returns: -# None -######################### -mongodb_auth() { - case "${1:-all}" in - extra) - local -a databases_extra - local -a usernames_extra - local -a passwords_extra - # Start by filling in locally scoped databases, usernames and - # passwords arrays with the content of the _EXTRA_ environment - # variables. - IFS="$(mongodb_field_separator "$MONGODB_EXTRA_DATABASES")" read -r -a databases_extra <<<"$MONGODB_EXTRA_DATABASES" - IFS="$(mongodb_field_separator "$MONGODB_EXTRA_USERNAMES")" read -r -a usernames_extra <<<"$MONGODB_EXTRA_USERNAMES" - IFS="$(mongodb_field_separator "$MONGODB_EXTRA_PASSWORDS")" read -r -a passwords_extra <<<"$MONGODB_EXTRA_PASSWORDS" - # Force missing empty passwords/database names (occurs when - # MONGODB_EXTRA_PASSWORDS/DATABASES ends with a separator, e.g. a - # comma or semi-colon), then copy into the databases, usernames and - # passwords arrays (global). - for ((i = 0; i < ${#usernames_extra[@]}; i++)); do - if [[ -z "${passwords_extra[i]:-}" ]]; then - passwords_extra[i]="" - fi - if [[ -z "${databases_extra[i]:-}" ]]; then - databases_extra[i]="" - fi - databases+=("${databases_extra[i]}") - usernames+=("${usernames_extra[i]}") - passwords+=("${passwords_extra[i]}") - done - ;; - single) - # Add the content of the "regular" environment variables to the arrays - databases+=("$MONGODB_DATABASE") - usernames+=("$MONGODB_USERNAME") - passwords+=("$MONGODB_PASSWORD") - ;; - all) - # Perform the following in this order to respect the priority of the - # environment variables. - mongodb_auth single - mongodb_auth extra - ;; - esac -} - -######################## -# Validate settings in MONGODB_* env. variables -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_validate() { - info "Validating settings in MONGODB_* env vars..." - - local error_message="" - local -r replicaset_error_message="In order to configure MongoDB replica set authentication you \ -need to provide the MONGODB_REPLICA_SET_KEY on every node, specify MONGODB_ROOT_PASSWORD \ -in the primary node and MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD in the rest of nodes" - local error_code=0 - local usernames databases passwords - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - check_yes_no_value() { - if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then - print_validation_error "The allowed values for ${1} are: yes no" - fi - } - - if [[ -n "$MONGODB_REPLICA_SET_MODE" ]]; then - if [[ "$MONGODB_REPLICA_SET_MODE" =~ ^(secondary|arbiter|hidden) ]]; then - if [[ -z "$MONGODB_INITIAL_PRIMARY_HOST" ]]; then - error_message="In order to configure MongoDB as a secondary or arbiter node \ -you need to provide the MONGODB_INITIAL_PRIMARY_HOST env var" - print_validation_error "$error_message" - fi - if { [[ -n "$MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD" ]] && [[ -z "$MONGODB_REPLICA_SET_KEY" ]]; } || - { [[ -z "$MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD" ]] && [[ -n "$MONGODB_REPLICA_SET_KEY" ]]; }; then - print_validation_error "$replicaset_error_message" - fi - if [[ -n "$MONGODB_ROOT_PASSWORD" ]]; then - error_message="MONGODB_ROOT_PASSWORD shouldn't be set on a 'non-primary' node" - print_validation_error "$error_message" - fi - elif [[ "$MONGODB_REPLICA_SET_MODE" = "primary" ]]; then - if { [[ -n "$MONGODB_ROOT_PASSWORD" ]] && [[ -z "$MONGODB_REPLICA_SET_KEY" ]]; } || - { [[ -z "$MONGODB_ROOT_PASSWORD" ]] && [[ -n "$MONGODB_REPLICA_SET_KEY" ]]; }; then - print_validation_error "$replicaset_error_message" - fi - if [[ -n "$MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD" ]]; then - error_message="MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD shouldn't be set on a 'primary' node" - print_validation_error "$error_message" - fi - if [[ -z "$MONGODB_ROOT_PASSWORD" ]] && ! is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - error_message="The MONGODB_ROOT_PASSWORD environment variable is empty or not set. \ -Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. \ -This is only recommended for development." - print_validation_error "$error_message" - fi - else - error_message="You set the environment variable MONGODB_REPLICA_SET_MODE with an invalid value. \ -Available options are 'primary/secondary/arbiter/hidden'" - print_validation_error "$error_message" - fi - fi - - check_yes_no_value "MONGODB_ENABLE_MAJORITY_READ" - [[ "$(mongodb_get_version)" =~ ^5\..\. ]] && ! is_boolean_yes "$MONGODB_ENABLE_MAJORITY_READ" && warn "MONGODB_ENABLE_MAJORITY_READ=${MONGODB_ENABLE_MAJORITY_READ} Will be ignored in MongoDB 5.0" - - if [[ -n "$MONGODB_REPLICA_SET_KEY" ]] && ((${#MONGODB_REPLICA_SET_KEY} < 5)); then - error_message="MONGODB_REPLICA_SET_KEY must be, at least, 5 characters long!" - print_validation_error "$error_message" - fi - - if [[ -n "$MONGODB_EXTRA_USERNAMES" ]]; then - # Capture list of extra (only!) users, passwords and databases in the - # usernames, passwords and databases arrays. - mongodb_auth extra - - # Verify there as many usernames as passwords - if [[ "${#usernames[@]}" -ne "${#passwords[@]}" ]]; then - print_validation_error "Specify the same number of passwords on MONGODB_EXTRA_PASSWORDS as the number of users in MONGODB_EXTRA_USERNAMES" - fi - # When we have a list of databases, there should be as many databases as - # users (thus as passwords). - if [[ -n "$MONGODB_EXTRA_DATABASES" ]] && [[ "${#usernames[@]}" -ne "${#databases[@]}" ]]; then - print_validation_error "Specify the same number of users on MONGODB_EXTRA_USERNAMES as the number of databases in MONGODB_EXTRA_DATABASES" - fi - # When the list of database is empty, then all users will be added to - # default database. - if [[ -z "$MONGODB_EXTRA_DATABASES" ]]; then - warn "All users specified in MONGODB_EXTRA_USERNAMES will be added to the default database called 'test'" - fi - fi - - if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then - warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." - elif { [[ -n "$MONGODB_EXTRA_USERNAMES" ]] || [[ -n "$MONGODB_USERNAME" ]]; } && [[ -z "$MONGODB_ROOT_PASSWORD" ]]; then - # Authorization is turned on as soon as a set of users or a root - # password are given. If we have a set of users, but an empty root - # password, validation should fail unless ALLOW_EMPTY_PASSWORD is turned - # on. - error_message="The MONGODB_ROOT_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with a blank root password. This is only recommended for development." - print_validation_error "$error_message" - fi - - # Warn for users with empty passwords, as these won't be created. Maybe - # should we just end with an error here instead? - if [[ -n "$MONGODB_EXTRA_USERNAMES" ]]; then - # Here we can access the arrays usernames and passwordsa, as these have - # been initialised earlier on. - for ((i = 0; i < ${#passwords[@]}; i++)); do - if [[ -z "${passwords[i]}" ]]; then - warn "User ${usernames[i]} will not be created as its password is empty or not set. MongoDB cannot create users with blank passwords." - fi - done - fi - if [[ -n "$MONGODB_USERNAME" ]] && [[ -z "$MONGODB_PASSWORD" ]]; then - warn "User $MONGODB_USERNAME will not be created as its password is empty or not set. MongoDB cannot create users with blank passwords." - fi - if ! is_boolean_yes "$ALLOW_EMPTY_PASSWORD" && [[ -n "$MONGODB_METRICS_USERNAME" ]] && [[ -z "$MONGODB_METRICS_PASSWORD" ]]; then - error_message="The MONGODB_METRICS_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is only recommended for development." - print_validation_error "$error_message" - fi - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -######################## -# Copy mounted configuration files -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_copy_mounted_config() { - if ! is_dir_empty "$MONGODB_MOUNTED_CONF_DIR"; then - if ! cp -Lr "$MONGODB_MOUNTED_CONF_DIR"/* "$MONGODB_CONF_DIR"; then - error "Issue copying mounted configuration files from $MONGODB_MOUNTED_CONF_DIR to $MONGODB_CONF_DIR. Make sure you are not mounting configuration files in $MONGODB_CONF_DIR and $MONGODB_MOUNTED_CONF_DIR at the same time" - exit 1 - fi - fi -} - -######################## -# Determine the hostname by which to contact the locally running mongo daemon -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# The value of get_machine_ip, $MONGODB_ADVERTISED_HOSTNAME or the current host address -######################## -get_mongo_hostname() { - if is_boolean_yes "$MONGODB_ADVERTISE_IP"; then - get_machine_ip - elif [[ -n "$MONGODB_ADVERTISED_HOSTNAME" ]]; then - echo "$MONGODB_ADVERTISED_HOSTNAME" - else - hostname - fi -} - -######################## -# Determine the port on which to contact the locally running mongo daemon -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# The value of $MONGODB_ADVERTISED_PORT_NUMBER or $MONGODB_PORT_NUMBER -######################## -get_mongo_port() { - if [[ -n "$MONGODB_ADVERTISED_PORT_NUMBER" ]]; then - echo "$MONGODB_ADVERTISED_PORT_NUMBER" - else - echo "$MONGODB_PORT_NUMBER" - fi -} - -######################## -# Drop local Database -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_drop_local_database() { - info "Dropping local database to reset replica set setup..." - local command=("mongodb_execute") - - if [[ -n "$MONGODB_USERNAME" ]] || [[ -n "$MONGODB_EXTRA_USERNAMES" ]]; then - local usernames passwords databases - mongodb_auth - command=("${command[@]}" "${usernames[0]}" "${passwords[0]}") - fi - "${command[@]}" <"$conf_file_path" -} - -######################## -# Change common logging settings -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_set_log_conf() { - local -r conf_file_path="${1:-$MONGODB_CONF_FILE}" - local -r conf_file_name="${conf_file_path#"$MONGODB_CONF_DIR"}" - if ! mongodb_is_file_external "$conf_file_name"; then - if [[ -n "$MONGODB_DISABLE_SYSTEM_LOG" ]]; then - mongodb_config_apply_regex "quiet:.*" "quiet: $({ is_boolean_yes "$MONGODB_DISABLE_SYSTEM_LOG" && echo 'true'; } || echo 'false')" "$conf_file_path" - fi - if [[ -n "$MONGODB_SYSTEM_LOG_VERBOSITY" ]]; then - mongodb_config_apply_regex "verbosity:.*" "verbosity: $MONGODB_SYSTEM_LOG_VERBOSITY" "$conf_file_path" - fi - else - debug "$conf_file_name mounted. Skipping setting log settings" - fi -} - -######################## -# Change journaling setting -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_set_journal_conf() { - local -r conf_file_path="${1:-$MONGODB_CONF_FILE}" - local -r conf_file_name="${conf_file_path#"$MONGODB_CONF_DIR"}" - local mongodb_conf - - if ! mongodb_is_file_external "$conf_file_name"; then - # Disable journal.enabled since it is not supported from 7.0 on - if [[ "$(mongodb_get_version)" =~ ^7\..\. ]]; then - mongodb_conf="$(sed '/journal:/,/enabled: .*/d' "$conf_file_path")" - echo "$mongodb_conf" >"$conf_file_path" - else - if [[ -n "$MONGODB_ENABLE_JOURNAL" ]]; then - mongodb_conf="$(sed -E "/^ *journal:/,/^ *[^:]*:/s/enabled:.*/enabled: $({ is_boolean_yes "$MONGODB_ENABLE_JOURNAL" && echo 'true'; } || echo 'false')/" "$conf_file_path")" - echo "$mongodb_conf" >"$conf_file_path" - fi - fi - else - debug "$conf_file_name mounted. Skipping setting log settings" - fi -} - -######################## -# Change common storage settings -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_set_storage_conf() { - local -r conf_file_path="${1:-$MONGODB_CONF_FILE}" - local -r conf_file_name="${conf_file_path#"$MONGODB_CONF_DIR"}" - - if ! mongodb_is_file_external "$conf_file_name"; then - if [[ -n "$MONGODB_ENABLE_DIRECTORY_PER_DB" ]]; then - mongodb_config_apply_regex "directoryPerDB:.*" "directoryPerDB: $({ is_boolean_yes "$MONGODB_ENABLE_DIRECTORY_PER_DB" && echo 'true'; } || echo 'false')" "$conf_file_path" - fi - else - debug "$conf_file_name mounted. Skipping setting storage settings" - fi -} - -######################## -# Change common network settings -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_set_net_conf() { - local -r conf_file_path="${1:-$MONGODB_CONF_FILE}" - local -r conf_file_name="${conf_file_path#"$MONGODB_CONF_DIR"}" - - if ! mongodb_is_file_external "$conf_file_name"; then - if [[ -n "$MONGODB_PORT_NUMBER" ]]; then - mongodb_config_apply_regex "port:.*" "port: $MONGODB_PORT_NUMBER" "$conf_file_path" - fi - if [[ -n "$MONGODB_ENABLE_IPV6" ]]; then - mongodb_config_apply_regex "ipv6:.*" "ipv6: $({ is_boolean_yes "$MONGODB_ENABLE_IPV6" && echo 'true'; } || echo 'false')" "$conf_file_path" - fi - else - debug "$conf_file_name mounted. Skipping setting port and IPv6 settings" - fi -} -######################## -# Change bind ip address to 0.0.0.0 -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_set_listen_all_conf() { - local -r conf_file_path="${1:-$MONGODB_CONF_FILE}" - local -r conf_file_name="${conf_file_path#"$MONGODB_CONF_DIR"}" - - if ! mongodb_is_file_external "$conf_file_name"; then - mongodb_config_apply_regex "#?bindIp:.*" "#bindIp:" "$conf_file_path" - mongodb_config_apply_regex "#?bindIpAll:.*" "bindIpAll: true" "$conf_file_path" - else - debug "$conf_file_name mounted. Skipping IP binding to all addresses" - fi -} - -######################## -# Disable javascript -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_disable_javascript_conf() { - local -r conf_file_path="${1:-$MONGODB_CONF_FILE}" - local -r conf_file_name="${conf_file_path#"$MONGODB_CONF_DIR"}" - - if ! mongodb_is_file_external "$conf_file_name"; then - mongodb_config_apply_regex "#?security:" "security:\n javascriptEnabled: false" "$conf_file_path" - else - debug "$conf_file_name mounted. Skipping disabling javascript" - fi -} - -######################## -# Enable Auth -# Globals: -# MONGODB_* -# Arguments: -# None -# Return -# None -######################### -mongodb_set_auth_conf() { - local -r conf_file_path="${1:-$MONGODB_CONF_FILE}" - local -r conf_file_name="${conf_file_path#"$MONGODB_CONF_DIR"}" - - local authorization - local localhostBypass - - localhostBypass="$(mongodb_conf_get "setParameter.enableLocalhostAuthBypass")" - authorization="$(mongodb_conf_get "security.authorization")" - if ! is_boolean_yes "$MONGODB_DISABLE_ENFORCE_AUTH"; then - if [[ -n "$MONGODB_ROOT_PASSWORD" ]] || [[ -n "$MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD" ]] || [[ -n "$MONGODB_PASSWORD" ]]; then - if [[ "$authorization" = "disabled" ]]; then - - info "Enabling authentication..." - # TODO: replace 'sed' calls with 'yq' once 'yq write' does not remove comments - mongodb_config_apply_regex "#?authorization:.*" "authorization: enabled" "$conf_file_path" - mongodb_config_apply_regex "#?enableLocalhostAuthBypass:.*" "enableLocalhostAuthBypass: false" "$conf_file_path" - fi - fi - else - warn "You have set MONGODB_DISABLE_ENFORCE_AUTH=true, settings enableLocalhostAuthBypass and security.authorization will remain with values '${localhostBypass}' and '${authorization}' respectively." - fi -} - -######################## -# Read a configuration setting value -# Globals: -# MONGODB_CONF_FILE -# Arguments: -# $1 - key -# Returns: -# Outputs the key to stdout (Empty response if key is not set) -######################### -mongodb_conf_get() { - local key="${1:?missing key}" - - if [[ -r "$MONGODB_CONF_FILE" ]]; then - local -r res="$(yq eval ".${key}" "$MONGODB_CONF_FILE")" - if [[ ! "$res" = "null" ]]; then - echo "$res" - fi - fi -} - -######################## -# Enable ReplicaSetMode -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_set_replicasetmode_conf() { - local -r conf_file_path="${1:-$MONGODB_CONF_FILE}" - local -r conf_file_name="${conf_file_path#"$MONGODB_CONF_DIR"}" - - if ! mongodb_is_file_external "$conf_file_name"; then - mongodb_config_apply_regex "#?replication:.*" "replication:" "$conf_file_path" - mongodb_config_apply_regex "#?replSetName:" "replSetName:" "$conf_file_path" - mongodb_config_apply_regex "#?enableMajorityReadConcern:.*" "enableMajorityReadConcern:" "$conf_file_path" - if [[ -n "$MONGODB_REPLICA_SET_NAME" ]]; then - mongodb_config_apply_regex "replSetName:.*" "replSetName: $MONGODB_REPLICA_SET_NAME" "$conf_file_path" - fi - if [[ -n "$MONGODB_ENABLE_MAJORITY_READ" ]]; then - mongodb_config_apply_regex "enableMajorityReadConcern:.*" "enableMajorityReadConcern: $({ (is_boolean_yes "$MONGODB_ENABLE_MAJORITY_READ" || [[ "$(mongodb_get_version)" =~ ^5\..\. ]]) && echo 'true'; } || echo 'false')" "$conf_file_path" - fi - else - debug "$conf_file_name mounted. Skipping replicaset mode enabling" - fi -} - -######################## -# Create a MongoDB user and provide read/write permissions on a database -# Globals: -# MONGODB_ROOT_PASSWORD -# Arguments: -# $1 - Name of user -# $2 - Password for user -# $3 - Name of database (empty for default database) -# Returns: -# None -######################### -mongodb_create_user() { - local -r user="${1:?user is required}" - local -r password="${2:-}" - local -r database="${3:-}" - local query - - if [[ -z "$password" ]]; then - warn "Cannot create user '$user', no password provided" - return 0 - fi - # Build proper query (default database or specific one) - query="db.getSiblingDB('$database').createUser({ user: '$user', pwd: '$password', roles: [{role: 'readWrite', db: '$database'}] })" - [[ -z "$database" ]] && query="db.getSiblingDB(db.stats().db).createUser({ user: '$user', pwd: '$password', roles: [{role: 'readWrite', db: db.getSiblingDB(db.stats().db).stats().db }] })" - # Create user, discarding mongo CLI output for clean logs - info "Creating user '$user'..." - mongodb_execute "$MONGODB_ROOT_USER" "$MONGODB_ROOT_PASSWORD" "" "127.0.0.1" "" "${MONGODB_SHELL_EXTRA_FLAGS} --tlsAllowInvalidHostnames" <<<"$query" -} - -######################## -# Create the appropriate users -# Globals: -# MONGODB_* -# Arguments: -# None -# Returns: -# None -######################### -mongodb_create_users() { - info "Creating users..." - - if [[ -n "$MONGODB_ROOT_PASSWORD" ]] && ! [[ "$MONGODB_REPLICA_SET_MODE" =~ ^(secondary|arbiter|hidden) ]]; then - info "Creating $MONGODB_ROOT_USER user..." - mongodb_execute "" "" "" "127.0.0.1" "" "${MONGODB_SHELL_EXTRA_FLAGS} --tlsAllowInvalidHostnames" <"$MONGODB_KEY_FILE" - - chmod 600 "$MONGODB_KEY_FILE" - - if am_i_root; then - configure_permissions "$MONGODB_KEY_FILE" "$MONGODB_DAEMON_USER" "$MONGODB_DAEMON_GROUP" "" "600" - else - chmod 600 "$MONGODB_KEY_FILE" - fi - else - debug "keyfile mounted. Skipping keyfile generation" - fi -} - -######################## -# Get if primary node is initialized -# Globals: -# MONGODB_* -# Arguments: -# $1 - node -# $2 - port -# Returns: -# None -######################### -mongodb_is_primary_node_initiated() { - local node="${1:?node is required}" - local port="${2:?port is required}" - local result - result=$( - mongodb_execute_print_output "$MONGODB_ROOT_USER" "$MONGODB_ROOT_PASSWORD" "admin" "127.0.0.1" "$MONGODB_PORT_NUMBER" "${MONGODB_SHELL_EXTRA_FLAGS} --tlsAllowInvalidHostnames" < m.name === '$node:$port' && m.stateStr === 'SECONDARY').length === 1 -EOF - ) - debug "$result" - - grep -q "true" <<<"$result" -} - -######################## -# Grant voting rights to secondary node -# Globals: -# MONGODB_* -# Arguments: -# $1 - node -# $2 - port -# Returns: -# Boolean -######################### -mongodb_configure_secondary_node_voting() { - local -r node="${1:?node is required}" - local -r port="${2:?port is required}" - - debug "Granting voting rights to the node" - local reconfig_cmd="rs.reconfigForPSASet(member, cfg)" - [[ "$(mongodb_get_version)" =~ ^4\.(0|2)\. ]] && reconfig_cmd="rs.reconfig(cfg)" - result=$( - mongodb_execute_print_output "$MONGODB_INITIAL_PRIMARY_ROOT_USER" "$MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD" "admin" "$MONGODB_INITIAL_PRIMARY_HOST" "$MONGODB_INITIAL_PRIMARY_PORT_NUMBER" < m.host === '$node:$port') -cfg.members[member].priority = 1 -cfg.members[member].votes = 1 -$reconfig_cmd -EOF - ) - debug "$result" - - grep -q "ok: 1" <<<"$result" -} - -######################## -# Get if hidden node is pending -# Globals: -# MONGODB_* -# Arguments: -# $1 - node -# $2 - port -# Returns: -# Boolean -######################### -mongodb_is_hidden_node_pending() { - local node="${1:?node is required}" - local port="${2:?port is required}" - local result - - mongodb_set_dwc - - debug "Adding hidden node ${node}:${port}" - result=$( - mongodb_execute_print_output "$MONGODB_INITIAL_PRIMARY_ROOT_USER" "$MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD" "admin" "$MONGODB_INITIAL_PRIMARY_HOST" "$MONGODB_INITIAL_PRIMARY_PORT_NUMBER" <