-
Notifications
You must be signed in to change notification settings - Fork 197
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
291 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -111,6 +111,7 @@ Passbolt docker image provides several environment variables to configure differ | |
| PASSBOLT_KEY_EMAIL | Key owner email address | [email protected] | ||
| PASSBOLT_KEY_EXPIRATION | Key expiration date | 0, never expires | ||
| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | GnuPG fingerprint | null | ||
| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT_FORCE | Force calculation of GnuPG fingerprint for server key | null | ||
| PASSBOLT_GPG_SERVER_KEY_PUBLIC | Path to GnuPG public server key | /etc/passbolt/gpg/serverkey.asc | ||
| PASSBOLT_GPG_SERVER_KEY_PRIVATE | Path to GnuPG private server key | /etc/passbolt/gpg/serverkey_private.asc | ||
| PASSBOLT_PLUGINS_EXPORT_ENABLED | Enable export plugin | true | ||
|
@@ -208,3 +209,10 @@ This feature is only supported for: | |
This repository also provides a way to quickly setup Passbolt for development purposes. This way should never be used in production, as this would be unsafe. | ||
You can use the docker-compose files under [docker-compose/](./docker-compose/) to spin up Passbolt for production using docker compose. | ||
If you would like to setup Passbolt for development purposes, please follow the steps described [here](./dev/README.md). | ||
|
||
## Run passbolt docker tests | ||
|
||
```bash | ||
PASSBOLT_FLAVOUR=ce PASSBOLT_COMPONENT=stable ROOTLESS=false bundle exec rake spec | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
96 changes: 96 additions & 0 deletions
96
spec/docker_runtime_with_passbolt_php/docker_runtime_with_passbolt_php_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
|
||
require 'spec_helper' | ||
|
||
describe 'passbolt_api service' do | ||
before(:all) do | ||
@mysql_image = | ||
if ENV['GITLAB_CI'] | ||
Docker::Image.create( | ||
'fromImage' => 'registry.gitlab.com/passbolt/passbolt-ci-docker-images/mariadb-10.3:latest' | ||
) | ||
else | ||
Docker::Image.create('fromImage' => 'mariadb:latest') | ||
end | ||
|
||
@mysql = Docker::Container.create( | ||
'Env' => [ | ||
'MYSQL_ROOT_PASSWORD=test', | ||
'MYSQL_DATABASE=passbolt', | ||
'MYSQL_USER=passbolt', | ||
'MYSQL_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?' | ||
], | ||
'Healthcheck' => { | ||
"Test": [ | ||
'CMD-SHELL', | ||
'mysqladmin ping --silent' | ||
] | ||
}, | ||
'Image' => @mysql_image.id | ||
) | ||
|
||
@mysql.start | ||
|
||
sleep 1 while @mysql.json['State']['Health']['Status'] != 'healthy' | ||
|
||
if ENV['GITLAB_CI'] | ||
Docker.authenticate!( | ||
'username' => ENV['CI_REGISTRY_USER'].to_s, | ||
'password' => ENV['CI_REGISTRY_PASSWORD'].to_s, | ||
'serveraddress' => 'https://registry.gitlab.com/' | ||
) | ||
@image = | ||
if ENV['ROOTLESS'] == 'true' | ||
Docker::Image.create( | ||
'fromImage' => "#{ENV['CI_REGISTRY_IMAGE']}:#{ENV['PASSBOLT_FLAVOUR']}-rootless-latest" | ||
) | ||
else | ||
Docker::Image.create( | ||
'fromImage' => "#{ENV['CI_REGISTRY_IMAGE']}:#{ENV['PASSBOLT_FLAVOUR']}-root-latest" | ||
) | ||
end | ||
else | ||
@image = Docker::Image.build_from_dir( | ||
ROOT_DOCKERFILES, | ||
{ | ||
'dockerfile' => $dockerfile, | ||
'buildargs' => JSON.generate($buildargs) | ||
} | ||
) | ||
end | ||
|
||
@container = Docker::Container.create( | ||
'Env' => [ | ||
"DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}", | ||
'DATASOURCES_DEFAULT_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?', | ||
'DATASOURCES_DEFAULT_USERNAME=passbolt', | ||
'DATASOURCES_DEFAULT_DATABASE=passbolt', | ||
'PASSBOLT_SSL_FORCE=true', | ||
'PASSBOLT_GPG_SERVER_KEY_FINGERPRINT_FORCE=true' | ||
], | ||
'Image' => @image.id, | ||
'Binds' => $binds.append( | ||
"#{FIXTURES_PATH + '/passbolt-no-fingerprint.php'}:#{PASSBOLT_CONFIG_PATH + '/passbolt.php'}", | ||
"#{FIXTURES_PATH + '/public-test.key'}:#{PASSBOLT_CONFIG_PATH + 'gpg/unsecure.key'}", | ||
"#{FIXTURES_PATH + '/private-test.key'}:#{PASSBOLT_CONFIG_PATH + 'gpg/unsecure_private.key'}", | ||
), | ||
) | ||
|
||
@container.start | ||
@container.logs(stdout: true) | ||
|
||
set :docker_container, @container.id | ||
sleep 17 | ||
end | ||
|
||
after(:all) do | ||
@mysql.kill | ||
@container.kill | ||
end | ||
|
||
describe 'force fingerprint calculation' do | ||
it 'is contains fingerprint environment variable' do | ||
expect(file('/etc/environment').content).to match(/PASSBOLT_GPG_SERVER_KEY_FINGERPRINT/) | ||
end | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,142 @@ | ||
<?php | ||
/** | ||
* Passbolt ~ Open source password manager for teams | ||
* Copyright (c) Passbolt SARL (https://www.passbolt.com) | ||
* | ||
* Licensed under GNU Affero General Public License version 3 of the or any later version. | ||
* For full copyright and license information, please see the LICENSE.txt | ||
* Redistributions of files must retain the above copyright notice. | ||
* | ||
* @copyright Copyright (c) Passbolt SARL (https://www.passbolt.com) | ||
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License | ||
* @link https://www.passbolt.com Passbolt(tm) | ||
* @since 2.0.0 | ||
*/ | ||
/** | ||
* PASSBOLT CONFIGURATION FILE TEMPLATE | ||
* | ||
* By default passbolt try to use the environment variables or fallback on the default values as | ||
* defined in default.php. You can use passbolt.default.php as a basis to set your own configuration | ||
* without using environment variables. | ||
* | ||
* 1. copy/paste passbolt.default.php to passbolt.php | ||
* 2. set the variables in the App section | ||
* 3. set the variables in the passbolt section | ||
* | ||
* To see all available options, you can refer to the default.php file, and modify passsbolt.php accordingly. | ||
* Do not modify default.php or you may break your upgrade process. | ||
* | ||
* Read more about how to install passbolt: https://www.passbolt.com/help/tech/install | ||
* Any issue, check out our FAQ: https://www.passbolt.com/faq | ||
* An installation issue? Ask for help to the community: https://community.passbolt.com/ | ||
*/ | ||
return [ | ||
|
||
/** | ||
* DEFAULT APP CONFIGURATION | ||
* | ||
* All the information in this section must be provided in order for passbolt to work | ||
* This configuration overrides the CakePHP defaults locating in app.php | ||
* Do not edit app.php as it may break your upgrade process | ||
*/ | ||
'App' => [ | ||
// A base URL to use for absolute links. | ||
// The url where the passbolt instance will be reachable to your end users. | ||
// This information is need to render images in emails for example | ||
'fullBaseUrl' => 'https://passbolt.local', | ||
], | ||
|
||
// Database configuration. | ||
'Datasources' => [ | ||
'default' => [ | ||
//'host' => 'db', | ||
//'port' => 'non_standard_port_number', | ||
'username' => 'passbolt', | ||
'password' => '±!@#$%^&*()_+=-}{|:;<>?', | ||
'database' => 'passbolt', | ||
], | ||
], | ||
|
||
// Email configuration. | ||
'EmailTransport' => [ | ||
'default' => [ | ||
'host' => 'localhost', | ||
'port' => 25, | ||
'username' => 'user', | ||
'password' => 'secret', | ||
// Is this a secure connection? true if yes, null if no. | ||
'tls' => null, | ||
//'timeout' => 30, | ||
//'client' => null, | ||
//'url' => null, | ||
], | ||
], | ||
'Email' => [ | ||
'default' => [ | ||
// Defines the default name and email of the sender of the emails. | ||
'from' => ['passbolt@your_organization.com' => 'Passbolt'], | ||
//'charset' => 'utf-8', | ||
//'headerCharset' => 'utf-8', | ||
], | ||
], | ||
|
||
/** | ||
* DEFAULT PASSBOLT CONFIGURATION | ||
* | ||
* This is the default configuration. | ||
* It enforces the use of ssl, and does not provide a default OpenPGP key. | ||
* If your objective is to try passbolt quickly for evaluation purpose, and security is not important | ||
* you can use the demo config example provided in the next section below. | ||
*/ | ||
'passbolt' => [ | ||
// GPG Configuration. | ||
// The keyring must to be owned and accessible by the webserver user. | ||
// Example: www-data user on Debian | ||
'gpg' => [ | ||
// Tell GPG where to find the keyring. | ||
// If putenv is set to false, gnupg will use the default path ~/.gnupg. | ||
// For example : | ||
// - Apache on Centos it would be in '/usr/share/httpd/.gnupg' | ||
// - Apache on Debian it would be in '/var/www/.gnupg' | ||
// - Nginx on Centos it would be in '/var/lib/nginx/.gnupg' | ||
// - etc. | ||
'keyring' => '/var/lib/passbolt/.gnupg', | ||
// | ||
// Replace GNUPGHOME with above value even if it is set. | ||
//'putenv' => false, | ||
|
||
// Main server key. | ||
'serverKey' => [ | ||
// Server private key fingerprint. | ||
'fingerprint' => '', | ||
'public' => CONFIG . DS . 'gpg' . DS . 'unsecure.key', | ||
'private' => CONFIG . DS . 'gpg' . DS . 'unsecure_private.key', | ||
], | ||
], | ||
], | ||
|
||
/** | ||
* DEMO CONFIGURATION EXAMPLE | ||
* | ||
* Uncomment the lines below if you want to try passbolt quickly. | ||
* and if you are not concerned about the security of your installation. | ||
* (Don't forget to comment the default config above). | ||
*/ | ||
// 'debug' => true, | ||
// 'passbolt' => [ | ||
// 'registration' => [ | ||
// 'public' => true | ||
// ], | ||
// 'ssl' => [ | ||
// 'force' => false, | ||
// ], | ||
// 'gpg' => [ | ||
// 'serverKey' => [ | ||
// 'fingerprint' => '2FC8945833C51946E937F9FED47B0811573EE67E', | ||
// 'public' => CONFIG . DS . 'gpg' . DS . 'unsecure.key', | ||
// 'private' => CONFIG . DS . 'gpg' . DS . 'unsecure_private.key', | ||
// ], | ||
// ], | ||
// ] | ||
|
||
]; |