diff --git a/.github/workflows/beta.yml b/.github/workflows/beta.yml index 1340b7f5c..28eb6be5c 100644 --- a/.github/workflows/beta.yml +++ b/.github/workflows/beta.yml @@ -94,7 +94,7 @@ jobs: needs: [create-arm] strategy: matrix: - linux: [ubuntu, debian, fedora, rhel] + linux: [ubuntu, debian, fedora, rhel, rockylinux] platforms: [linux/amd64, linux/arm64] include: - release: beta @@ -106,6 +106,8 @@ jobs: package: rpm - linux: rhel package: rpm + - linux: rockylinux + package: rpm uses: ./.github/workflows/linux-build.yml with: RELEASE: ${{ matrix.release }} @@ -177,55 +179,46 @@ jobs: needs: [wait-builds] strategy: matrix: - linux: [ubuntu, debian, fedora, rhel] + linux: [ubuntu, debian, fedora, rhel, rockylinux] arch: [amd64, arm64] include: - release: beta repo: bunkerweb - linux: ubuntu + arch: arm64 + package_arch: arm64 separator: _ suffix: "" version: jammy package: deb - linux: debian + arch: arm64 + package_arch: arm64 separator: _ suffix: "" version: bookworm package: deb - linux: fedora + arch: arm64 + package_arch: aarch64 separator: "-" suffix: "1." version: 39 package: rpm - linux: el + arch: arm64 + package_arch: aarch64 separator: "-" suffix: "1." version: 8 package: rpm - - linux: ubuntu - arch: amd64 - package_arch: amd64 - - linux: debian - arch: amd64 - package_arch: amd64 - - linux: fedora + - linux: rockylinux arch: amd64 package_arch: x86_64 - - linux: el - arch: amd64 - package_arch: x86_64 - - linux: ubuntu - arch: arm64 - package_arch: arm64 - - linux: debian - arch: arm64 - package_arch: arm64 - - linux: fedora - arch: arm64 - package_arch: aarch64 - - linux: el - arch: arm64 - package_arch: aarch64 + separator: "-" + suffix: "1." + version: 9 + package: rpm uses: ./.github/workflows/push-packagecloud.yml with: SEPARATOR: ${{ matrix.separator }} diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index adf4045b3..bed0af620 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -43,7 +43,7 @@ jobs: packages: write strategy: matrix: - linux: [ubuntu, debian, fedora, rhel] + linux: [ubuntu, debian, fedora, rhel, rockylinux] include: - linux: ubuntu package: deb @@ -53,6 +53,8 @@ jobs: package: rpm - linux: rhel package: rpm + - linux: rockylinux + package: rpm uses: ./.github/workflows/linux-build.yml with: RELEASE: dev @@ -162,43 +164,46 @@ jobs: needs: [tests-ui-linux, tests-core-linux] strategy: matrix: - linux: [ubuntu, debian, fedora, el] + linux: [ubuntu, debian, fedora, el, rockylinux] arch: [amd64] include: - release: dev repo: bunkerweb - linux: ubuntu + arch: arm64 + package_arch: arm64 separator: _ suffix: "" version: jammy package: deb - linux: debian + arch: arm64 + package_arch: arm64 separator: _ suffix: "" version: bookworm package: deb - linux: fedora + arch: arm64 + package_arch: aarch64 separator: "-" suffix: "1." version: 39 package: rpm - linux: el + arch: arm64 + package_arch: aarch64 separator: "-" suffix: "1." version: 8 package: rpm - - linux: ubuntu - arch: amd64 - package_arch: amd64 - - linux: debian - arch: amd64 - package_arch: amd64 - - linux: fedora - arch: amd64 - package_arch: x86_64 - - linux: el + - linux: rockylinux arch: amd64 package_arch: x86_64 + separator: "-" + suffix: "1." + version: 9 + package: rpm uses: ./.github/workflows/push-packagecloud.yml with: SEPARATOR: ${{ matrix.separator }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ecb09454f..c60abc7cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -104,7 +104,7 @@ jobs: needs: [create-arm] strategy: matrix: - linux: [ubuntu, debian, fedora, rhel] + linux: [ubuntu, debian, fedora, rhel, rockylinux] platforms: [linux/amd64, linux/arm64] include: - release: latest @@ -189,55 +189,46 @@ jobs: needs: [wait-builds] strategy: matrix: - linux: [ubuntu, debian, fedora, el] + linux: [ubuntu, debian, fedora, el, rockylinux] arch: [amd64, arm64] include: - release: latest repo: bunkerweb - linux: ubuntu + arch: arm64 + package_arch: arm64 separator: _ suffix: "" version: jammy package: deb - linux: debian + arch: arm64 + package_arch: arm64 separator: _ suffix: "" version: bookworm package: deb - linux: fedora + arch: arm64 + package_arch: aarch64 separator: "-" suffix: "1." version: 39 package: rpm - linux: el + arch: arm64 + package_arch: aarch64 separator: "-" suffix: "1." version: 8 package: rpm - - linux: ubuntu - arch: amd64 - package_arch: amd64 - - linux: debian - arch: amd64 - package_arch: amd64 - - linux: fedora + - linux: rockylinux arch: amd64 package_arch: x86_64 - - linux: el - arch: amd64 - package_arch: x86_64 - - linux: ubuntu - arch: arm64 - package_arch: arm64 - - linux: debian - arch: arm64 - package_arch: arm64 - - linux: fedora - arch: arm64 - package_arch: aarch64 - - linux: el - arch: arm64 - package_arch: aarch64 + separator: "-" + suffix: "1." + version: 9 + package: rpm uses: ./.github/workflows/push-packagecloud.yml with: SEPARATOR: ${{ matrix.separator }} diff --git a/.github/workflows/staging-tests.yml b/.github/workflows/staging-tests.yml index 4cc8dd436..17e14dc57 100644 --- a/.github/workflows/staging-tests.yml +++ b/.github/workflows/staging-tests.yml @@ -84,6 +84,9 @@ jobs: - name: Pull BW linux rhel test image if: inputs.TYPE == 'linux' run: docker pull ghcr.io/bunkerity/rhel-tests:testing && docker tag ghcr.io/bunkerity/rhel-tests:testing local/rhel:latest + - name: Pull BW linux rockylinux test image + if: inputs.TYPE == 'linux' + run: docker pull ghcr.io/bunkerity/rockylinux-tests:testing && docker tag ghcr.io/bunkerity/rockylinux-tests:testing local/rockylinux:latest # Do tests - name: Run tests if: inputs.TYPE == 'docker' @@ -136,3 +139,9 @@ jobs: env: TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + - name: Run Linux rockylinux tests + if: inputs.TYPE == 'linux' + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "rockylinux" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index a00d03d0c..2755a25b4 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -43,7 +43,7 @@ jobs: packages: write strategy: matrix: - linux: [ubuntu, debian, fedora, rhel] + linux: [ubuntu, debian, fedora, rhel, rockylinux] include: - linux: ubuntu package: deb @@ -53,6 +53,8 @@ jobs: package: rpm - linux: rhel package: rpm + - linux: rockylinux + package: rpm uses: ./.github/workflows/linux-build.yml with: RELEASE: testing @@ -197,43 +199,46 @@ jobs: needs: [staging-tests, tests-ui-linux, tests-core-linux] strategy: matrix: - linux: [ubuntu, debian, fedora, el] + linux: [ubuntu, debian, fedora, el, rockylinux] arch: [amd64] include: - release: testing repo: bunkerweb - linux: ubuntu + arch: arm64 + package_arch: arm64 separator: _ suffix: "" version: jammy package: deb - linux: debian + arch: arm64 + package_arch: arm64 separator: _ suffix: "" version: bookworm package: deb - linux: fedora + arch: arm64 + package_arch: aarch64 separator: "-" suffix: "1." version: 39 package: rpm - linux: el + arch: arm64 + package_arch: aarch64 separator: "-" suffix: "1." version: 8 package: rpm - - linux: ubuntu - arch: amd64 - package_arch: amd64 - - linux: debian - arch: amd64 - package_arch: amd64 - - linux: fedora - arch: amd64 - package_arch: x86_64 - - linux: el + - linux: rockylinux arch: amd64 package_arch: x86_64 + separator: "-" + suffix: "1." + version: 9 + package: rpm uses: ./.github/workflows/push-packagecloud.yml with: SEPARATOR: ${{ matrix.separator }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 1f7d6c44b..e1e1fd5bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## v1.5.6 - YYYY/MM/DD +- [LINUX] Support Rocky Linux 9.3 - [BUGFIX] Fix issues with the antibot feature ([#866](https://github.com/bunkerity/bunkerweb/issues/866), [#870](https://github.com/bunkerity/bunkerweb/issues/870)) - [UI] Add bans management page in the web UI - [UI] Add blocked requests page in the web UI diff --git a/README.md b/README.md index bb5462235..fb6632fd0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@

- BunkerWeb logo + BunkerWeb logo

@@ -26,7 +26,7 @@ | 👨‍đŸ’ģ Demo | - 🛡ī¸ Examples + 🛡ī¸ Examples | đŸ’Ŧ Chat | @@ -42,14 +42,14 @@ # BunkerWeb

- Overview banner + Overview banner

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF). -Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes), â€Ļ) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. +Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#kubernetes), â€Ļ) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.6/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. -BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github). +BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.6/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.6/plugins/?utm_campaign=self&utm_source=github). ## Why BunkerWeb ? @@ -74,7 +74,7 @@ A non-exhaustive list of security features : - **Block known bad IPs** with external blacklists and DNSBL - And much more ... -Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation. +Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.6/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation. ## Demo @@ -113,10 +113,10 @@ Community and social networks : # Concepts

- Concepts banner + Concepts banner

-You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.5/concepts/?utm_campaign=self&utm_source=github). +You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.6/concepts/?utm_campaign=self&utm_source=github). ## Integrations @@ -124,13 +124,13 @@ The first concept is the integration of BunkerWeb into the target environment. W The following integrations are officially supported : -- [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker) -- [Docker autoconf](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) -- [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm) -- [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes) -- [Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux) -- [Ansible](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible) -- [Vagrant](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant) +- [Docker](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker) +- [Docker autoconf](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) +- [Swarm](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#swarm) +- [Kubernetes](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#kubernetes) +- [Linux](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#linux) +- [Ansible](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#ansible) +- [Vagrant](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#vagrant) ## Settings @@ -162,7 +162,7 @@ When multisite mode is enabled, BunkerWeb will serve and protect multiple web ap ## Custom configurations -Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges. +Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.6/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges. Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block). @@ -171,7 +171,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall ## Database

- Database model + Database model

State of the current configuration of BunkerWeb is stored in a backend database which contains the following data : @@ -200,7 +200,7 @@ In other words, the scheduler is the brain of BunkerWeb. ## Docker

- Docker banner + Docker banner

We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity). @@ -211,46 +211,46 @@ Docker integration key concepts are : - **Scheduler** container to store configuration and execute jobs - **Networks** to expose ports for clients and connect to upstream web services -You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation. +You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation. ## Docker autoconf

- Docker autoconf banner + Docker autoconf banner

The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container. Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest. -You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation. +You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation. ## Swarm

- Swarm banner + Swarm banner

To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime. -Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix. +Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix. -You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation. +You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation. ## Kubernetes

- Kubernetes banner + Kubernetes banner

The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations. -You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation. +You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation. ## Linux

- Linux banner + Linux banner

List of supported Linux distros : @@ -259,15 +259,16 @@ List of supported Linux distros : - Ubuntu 22.04 "Jammy" - Fedora 39 - RHEL 8.9 +- Rocky Linux 9.3 Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer). -You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation. +You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation. ## Ansible

- Ansible banner + Ansible banner

List of supported Linux distros : @@ -276,12 +277,13 @@ List of supported Linux distros : - Ubuntu 22.04 "Jammy" - Fedora 39 - RHEL 8.9 +- Rocky Linux 9.3 [Ansible](https://www.ansible.com/) is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates. A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)). -You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible) of the documentation. +You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#ansible) of the documentation. ## Vagrant @@ -290,11 +292,11 @@ We maintain ready to use Vagrant boxes hosted on Vagrant cloud for the following - virtualbox - libvirt -You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant) of the documentation. +You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#vagrant) of the documentation. # Quickstart guide -Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.5/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases : +Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.6/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases : - Protecting a single HTTP application - Protecting multiple HTTP application @@ -305,9 +307,9 @@ Once you have setup BunkerWeb with the integration of your choice, you can follo # Security tuning -BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives. +BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.6/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives. -You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.6/security-tuning/?utm_campaign=self&utm_source=github) of the documentation. # Settings @@ -317,13 +319,13 @@ As a general rule when multisite mode is enabled, if you want to apply settings When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example. -Check the [settings section](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list. +Check the [settings section](https://docs.bunkerweb.io/1.5.6/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list. # Web UI

- +

@@ -337,7 +339,7 @@ The "Web UI" is a web application that helps you manage your BunkerWeb instance - Monitor jobs execution - View the logs and search pattern -You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.6/web-ui/?utm_campaign=self&utm_source=github) of the documentation. # Plugins @@ -355,7 +357,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug | **VirusTotal** | 1.3 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) | | **WebHook** | 1.3 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) | -You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.6/plugins/?utm_campaign=self&utm_source=github) of the documentation. # Support @@ -378,15 +380,15 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) # License -This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/LICENSE.md). +This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.6/LICENSE.md). # Contribute -If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/CONTRIBUTING.md) to get started. +If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.6/CONTRIBUTING.md) to get started. # Security policy -We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/SECURITY.md) for more information. +We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.6/SECURITY.md) for more information. # Stargazers over time diff --git a/docs/integrations.md b/docs/integrations.md index a88369fe8..6b90c5ae3 100644 --- a/docs/integrations.md +++ b/docs/integrations.md @@ -950,6 +950,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch - Ubuntu 22.04 "Jammy" - Fedora 39 - Red Hat Enterprise Linux (RHEL) 8.9 +- Rocky Linux 9.3 Please ensure that you have **NGINX 1.24.0 installed before installing BunkerWeb**. For all distributions, except Fedora, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source. @@ -1097,6 +1098,49 @@ To simplify the installation process, Linux package repositories for BunkerWeb a sudo dnf versionlock add bunkerweb ``` +=== "Rocky Linux" + + The first step is to add NGINX official repository. Create the following file at `/etc/yum.repos.d/nginx.repo` : + + ```conf + [nginx-stable] + name=nginx stable repo + baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ + gpgcheck=1 + enabled=1 + gpgkey=https://nginx.org/keys/nginx_signing.key + module_hotfixes=true + + [nginx-mainline] + name=nginx mainline repo + baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ + gpgcheck=1 + enabled=0 + gpgkey=https://nginx.org/keys/nginx_signing.key + module_hotfixes=true + ``` + + You should now be able to install NGINX 1.24.0 : + + ```shell + sudo dnf install nginx-1.24.0 + ``` + And finally install BunkerWeb 1.5.6 : + + ```shell + dnf install -y epel-release && \ + curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \ + sudo dnf check-update && \ + sudo dnf install -y bunkerweb-1.5.6 + ``` + + To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command : + + ```shell + sudo dnf versionlock add nginx && \ + sudo dnf versionlock add bunkerweb + ``` + The configuration of BunkerWeb is done by editing the `/etc/bunkerweb/variables.env` file : ```conf @@ -1125,6 +1169,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch - Ubuntu 22.04 "Jammy" - Fedora 39 - Red Hat Enterprise Linux (RHEL) 8.9 +- Rocky Linux 9.3 To simplify the deployment and configuration process, [Ansible](https://docs.ansible.com/ansible/latest/index.html) can be used as an IT automation tool. Ansible enables you to configure systems, deploy software, and perform advanced IT tasks such as continuous deployments or zero downtime rolling updates. diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 9f1ee4e16..2e2e9f8da 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -309,7 +309,7 @@ In case you lost your UI credentials or have 2FA issues, you can connect to the sudo apt install sqlite3 ``` - Install SQLite (Fedora/RedHat) : + Install SQLite (Fedora/RedHat/Rocky Linux) : ```shell sudo dnf install sqlite diff --git a/src/linux/Dockerfile-rockylinux b/src/linux/Dockerfile-rockylinux new file mode 100644 index 000000000..2a5321159 --- /dev/null +++ b/src/linux/Dockerfile-rockylinux @@ -0,0 +1,97 @@ +FROM rockylinux:9.3@sha256:c944604c0c759f5d164ffbdf0bbab2fac582b739938937403c067ab634a0518a + +ENV OS=rockylinux +ENV NGINX_VERSION 1.24.0 + +# Install Nginx, fpm and dependencies +RUN dnf install -y epel-release ruby ruby-devel make gcc redhat-rpm-config rpm-build wget \ + yum-utils && \ + dnf module -y reset ruby && dnf module -y enable ruby:3.1 && dnf module -y install ruby:3.1/common && \ + gem install fpm && \ + dnf install -y --skip-broken --setopt=install_weak_deps=False readline-devel python39 python39-devel python39-setuptools brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 yajl yajl-devel libxslt bash gd gd-devel gcc-c++ curl znc-modtcl gawk libtool pcre-devel automake autoconf gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel && \ + wget https://nginx.org/packages/rhel/9/$(uname -m)/RPMS/nginx-${NGINX_VERSION}-1.el9.ngx.$(uname -m).rpm && \ + dnf install nginx-${NGINX_VERSION}-1.el9.ngx.$(uname -m).rpm -y && \ + rm -rf nginx-${NGINX_VERSION}-1.el9.ngx.$(uname -m).rpm + +WORKDIR /tmp/bunkerweb/deps + +# Copy dependencies sources folder +COPY src/deps/misc misc +COPY src/deps/src src +COPY src/deps/deps.json deps.json +COPY src/deps/install.sh install.sh + +# Compile and install dependencies +RUN mkdir -p /usr/share/bunkerweb/deps/python && \ + chmod +x install.sh && \ + bash install.sh + +# Copy dependencies sources folder +COPY src/deps/requirements.txt /tmp/requirements-deps.txt +COPY src/scheduler/requirements.txt /tmp/req/requirements.txt +COPY src/ui/requirements.txt /tmp/req/requirements.txt.1 +COPY src/common/gen/requirements.txt /tmp/req/requirements.txt.2 +COPY src/common/db/requirements.txt /tmp/req/requirements.txt.3 + +WORKDIR /usr/share/bunkerweb + +RUN mkdir -p deps/python && \ + cat /tmp/req/requirements.txt* > deps/requirements.txt && \ + rm -rf /tmp/req + +# Compile and install dependencies +RUN export MAKEFLAGS="-j$(nproc)" && \ + python3 -m ensurepip --upgrade && \ + python3 -m pip install --no-cache-dir --ignore-installed --require-hashes -r /tmp/requirements-deps.txt && \ + python3 -m pip install --no-cache-dir --require-hashes --target deps/python -r deps/requirements.txt + +# Copy BW files +# can't exclude deps from . so we are copying everything by hand +COPY src/bw/loading loading +COPY src/bw/lua lua +COPY src/bw/misc misc +COPY src/common/api api +COPY src/common/cli cli +COPY src/common/confs confs +COPY src/common/core core +COPY src/common/db db +COPY src/common/gen gen +COPY src/common/helpers helpers +COPY src/common/settings.json settings.json +COPY src/common/utils utils +COPY src/scheduler scheduler +COPY src/ui ui +COPY src/VERSION VERSION + +# Setup BW +RUN cp helpers/bwcli /usr/bin/ && \ + chmod 755 /usr/bin/bwcli && \ + mkdir -p /etc/bunkerweb/configs && \ + mkdir -p /var/cache/bunkerweb/ && \ + mkdir -p /etc/bunkerweb/plugins && \ + mkdir -p /var/tmp/bunkerweb/ && \ + mkdir -p /var/run/bunkerweb/ && \ + mkdir -p /var/log/bunkerweb/ && \ + mkdir -p /var/www/html && \ + mkdir -p /var/lib/bunkerweb && \ + echo "Linux" > INTEGRATION && \ + mkdir -p /etc/bunkerweb/plugins && \ + for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \ + find /usr/share/bunkerweb -path deps -prune -o -type f -exec chmod 0740 {} \; && \ + find /usr/share/bunkerweb -path deps -prune -o -type d -exec chmod 0750 {} \; && \ + chmod -R 770 /var/cache/bunkerweb/ /var/lib/bunkerweb/ /etc/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \ + chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py deps/python/bin/* helpers/*.sh /var/www/ && \ + find core/*/jobs/* -type f -exec chmod 750 {} \; && \ + chmod 755 /usr/share/bunkerweb + +# Copy Linux files +COPY src/linux/scripts scripts +COPY src/linux/fpm.sh /usr/share/fpm.sh +RUN chmod +x scripts/*.sh /usr/share/fpm.sh +COPY src/linux/fpm-rockylinux /usr/share/.fpm +COPY src/linux/*.service /lib/systemd/system/ + +# Generate RPM at startup +VOLUME /data +WORKDIR /usr/share/ +ENTRYPOINT [ "./fpm.sh", "rpm" ] diff --git a/src/linux/fpm-rockylinux b/src/linux/fpm-rockylinux new file mode 100644 index 000000000..0f5e5b6aa --- /dev/null +++ b/src/linux/fpm-rockylinux @@ -0,0 +1,13 @@ +-s dir +--name bunkerweb +--license agpl3 +--version %VERSION% +--architecture %ARCH% +--depends bash --depends python39 --depends 'nginx >= 1:1.24.0' --depends 'nginx < 1:1.25.0' --depends libcurl-devel --depends libxml2 --depends yajl --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof --depends libmaxminddb --depends libpq --depends libcap --depends openssl +--description "BunkerWeb %VERSION% for Rocky Linux 9" +--url "https://www.bunkerweb.io" +--maintainer "Bunkerity " +--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh +--after-install /usr/share/bunkerweb/scripts/postinstall.sh +--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh +/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb/=/var/lib/bunkerweb diff --git a/src/linux/package.sh b/src/linux/package.sh index 5698b9fa7..c7f5786f0 100755 --- a/src/linux/package.sh +++ b/src/linux/package.sh @@ -38,7 +38,7 @@ if [ -f "src/VERSION" ] ; then version="$(tr -d '\n' < src/VERSION)" fi type="deb" -if [ "$linux" = "fedora" ] || [ "$linux" = "centos" ] || [ "$linux" = "rhel" ] ; then +if [ "$linux" = "fedora" ] || [ "$linux" = "centos" ] || [ "$linux" = "rhel" ] || [ "$linux" = "rockylinux" ] ; then type="rpm" fi do_and_check_cmd docker run --rm -v "${package_dir}:/data" "local/bunkerweb-${linux}:latest" "$type" diff --git a/src/linux/scripts/afterRemoveRPM.sh b/src/linux/scripts/afterRemoveRPM.sh index e856fbc4b..5b34477a4 100644 --- a/src/linux/scripts/afterRemoveRPM.sh +++ b/src/linux/scripts/afterRemoveRPM.sh @@ -118,7 +118,7 @@ else OS=$(lsb_release -is | tr '[:upper:]' '[:lower:]') fi -if ! [[ "$OS" =~ (centos|fedora|redhat) ]]; then +if ! [[ "$OS" =~ (centos|fedora|redhat|rockylinux) ]]; then echo "❌ Unsupported Operating System" exit 1 fi diff --git a/src/linux/scripts/beforeInstall.sh b/src/linux/scripts/beforeInstall.sh index 4a677a757..17c595481 100644 --- a/src/linux/scripts/beforeInstall.sh +++ b/src/linux/scripts/beforeInstall.sh @@ -29,7 +29,7 @@ if [ -f /etc/os-release ]; then echo "ℹī¸ Copy /var/tmp/ui.env to /etc/bunkerweb/ui.env" do_and_check_cmd cp -f /var/tmp/ui.env /etc/bunkerweb/ui.env fi - elif [[ "$OS" == "Red Hat Enterprise Linux" || "$OS" == "Fedora" ]]; then + elif [[ "$OS" == "Red Hat Enterprise Linux" || "$OS" == "Fedora" || "$OS" == "Rocky Linux" ]]; then # Get the version of the package VERSION=$(rpm -q --queryformat '%{VERSION}' bunkerweb) if [ "$(printf '%s\n' "$VERSION" "$(echo '1.5.6' | tr -d ' ')" | sort -V | head -n 1)" = "$VERSION" ] && [ -f /var/tmp/variables.env ] && [ -f /var/tmp/ui.env ]; then diff --git a/tests/LinuxTest.py b/tests/LinuxTest.py index c2ef8700c..cb8922c10 100644 --- a/tests/LinuxTest.py +++ b/tests/LinuxTest.py @@ -11,7 +11,7 @@ class LinuxTest(Test): def __init__(self, name, timeout, tests, distro, domains={}): super().__init__(name, "linux", timeout, tests, delay=20) self._domains = domains - if distro not in ("ubuntu", "debian", "fedora", "centos", "rhel"): + if distro not in ("ubuntu", "debian", "fedora", "centos", "rhel", "rockylinux"): raise Exception(f"unknown distro {distro}") self.__distro = distro @@ -26,7 +26,7 @@ class LinuxTest(Test): raise Exception("docker run failed (linux stack)") if distro in ("ubuntu", "debian"): cmd = "echo force-bad-version >> /etc/dpkg/dpkg.cfg ; apt install -y /opt/\\$(ls /opt | grep deb)" - elif distro in ("centos", "fedora", "rhel"): + elif distro in ("centos", "fedora", "rhel", "rockylinux"): cmd = "dnf install -y /opt/\\$(ls /opt | grep rpm)" proc = LinuxTest.docker_exec(distro, cmd) if proc.returncode != 0: @@ -53,7 +53,7 @@ class LinuxTest(Test): "/etc/php/8.2/fpm/pool.d/www.conf", ) LinuxTest.docker_exec(distro, "systemctl stop php8.2-fpm ; systemctl start php8.2-fpm") - elif distro in ("centos", "fedora", "rhel"): + elif distro in ("centos", "fedora", "rhel", "rockylinux"): LinuxTest.docker_exec(distro, "dnf install -y php-fpm unzip") LinuxTest.docker_cp(distro, "./tests/www-rpm.conf", "/etc/php-fpm.d/www.conf") LinuxTest.docker_exec( diff --git a/tests/Upgrade.py b/tests/Upgrade.py index b1e52f366..6f868cf58 100644 --- a/tests/Upgrade.py +++ b/tests/Upgrade.py @@ -2095,6 +2095,376 @@ elif distro == "rhel": if "KO" in test_results.values(): sys.exit(1) +elif distro == "rockylinux": + test_results = { + "Installation test": None, + "Reloading test": None, + "Removing test": None, + "Upgrading test": None, + } + subprocess.run( + [ + "sudo", + "docker", + "build", + "-t", + "rockylinux-image", + "-f", + "src/linux/Dockerfile-rockylinux", + ".", + ] + ) + subprocess.run( + [ + "sudo", + "docker", + "run", + "-it", + "--name", + "rockylinux-container", + "-v", + "deb:/data", + "rockylinux-image", + ] + ) + subprocess.run( + [ + "docker", + "run", + "-d", + "--name", + "systemd-rockylinux", + "-v", + "deb:/data", + "--privileged", + "-v", + "/sys/fs/cgroup:/sys/fs/cgroup", + "rockylinux:9.3", + ] + ) + + # Installing test + print("Installing bunkerweb...") + bash_script = """ + dnf install yum-utils wget sudo -y + wget https://nginx.org/packages/rhel/9/x86_64/RPMS/nginx-1.24.0-1.el9.ngx.x86_64.rpm + dnf install nginx-1.24.0-1.el9.ngx.x86_64.rpm -y + dnf install /data/bunkerweb.rpm -y + """ + + with tempfile.NamedTemporaryFile(mode="w") as f: + f.write(bash_script) + f.flush() + subprocess.run(["docker", "cp", f.name, "systemd-rockylinux:/data/install_nginx.sh"]) + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "/data/install_nginx.sh", + ] + ) + if result.returncode != 0: + bunkerweb_logs = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "systemctl status bunkerweb.service", + ], + capture_output=True, + ) + print("Logs from bunkerweb:", bunkerweb_logs.stdout.decode()) + + bunkerweb_ui_logs = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "systemctl status bunkerweb-ui.service", + ], + capture_output=True, + ) + print("Logs from bunkerweb-ui:", bunkerweb_ui_logs.stdout.decode()) + sys.exit(result.returncode) + exit(result.returncode) + else: + print("✔ī¸ Installation successful ✔ī¸") + # Checking Installation test + try: + if result.returncode == 0: + test_results["Installation test"] = "OK" + else: + test_results["Installation test"] = "KO" + sys.exit(1) + except: + test_results["Installation test"] = "KO" + sys.exit(1) + + # Reloading test + print("Reloading bunkerweb...") + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "echo 'HTTPS_PORT=8443' >> /etc/bunkerweb/variables.env", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "echo 'new_value=1' >> /etc/bunkerweb/ui.env", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "systemctl reload bunkerweb", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "systemctl reload bunkerweb-ui", + ] + ) + + bunkerweb_state = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "systemctl is-active bunkerweb.service", + ], + capture_output=True, + ) + if bunkerweb_state.stdout.decode().strip() != "active": + bunkerweb_logs = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "journalctl -u bunkerweb.service", + ], + capture_output=True, + ) + print("❌ bunkerweb.service is not running. Logs:", bunkerweb_logs.stdout.decode()) + + bunkerweb_ui_state = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "systemctl is-active bunkerweb-ui.service", + ], + capture_output=True, + ) + if bunkerweb_ui_state.stdout.decode().strip() != "active": + bunkerweb_ui_logs = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "journalctl -u bunkerweb-ui.service", + ], + capture_output=True, + ) + print( + "❌ bunkerweb-ui.service is not running. Logs:", + bunkerweb_ui_logs.stdout.decode(), + ) + else: + print("✔ī¸ bunkerweb.service and bunkerweb-ui.service are running ✔ī¸") + # Checking Reloading test + try: + if bunkerweb_state.stdout.decode().strip() == "active": + test_results["Reloading test"] = "OK" + else: + test_results["Reloading test"] = "KO" + except: + test_results["Reloading test"] = "KO" + + # Removing test + print("Removing bunkerweb...") + subprocess.run( + [ + "sudo", + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "dnf remove -y bunkerweb", + ] + ) + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "[ -d /usr/share/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔ī¸ /usr/share/bunkerweb not found.") + else: + print("❌ /usr/share/bunkerweb found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "[ -d /var/tmp/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔ī¸ /var/tmp/bunkerweb not found.") + else: + print("❌ /var/tmp/bunkerweb found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "[ -d /var/cache/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔ī¸ /var/cache/bunkerweb not found.") + else: + print("❌ /var/cache/bunkerweb found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "[ -f /usr/bin/bwcli ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔ī¸ /usr/bin/bwcli not found.") + else: + print("❌ /usr/bin/bwcli found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "[ -d /var/lib/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔ī¸ /var/lib/bunkerweb not found.") + else: + print("❌ /var/lib/bunkerweb found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rockylinux", + "bash", + "-c", + "[ -d /etc/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔ī¸ /etc/bunkerweb not found.") + else: + print("❌ /etc/bunkerweb found.") + # Checking Removing test + try: + if ( + pathlib.Path("/usr/share/bunkerweb").is_dir() + or pathlib.Path("/var/tmp/bunkerweb").is_dir() + or pathlib.Path("/var/cache/bunkerweb").is_dir() + or pathlib.Path("/usr/bin/bwcli").is_file() + or pathlib.Path("/var/lib/bunkerweb").is_dir() + or pathlib.Path("/etc/bunkerweb").is_dir() + ): + test_results["Removing test"] = "KO" + else: + test_results["Removing test"] = "OK" + except: + test_results["Removing test"] = "KO" + + ############################################################################################################ + # Upgrading test is disabled because Rocky Linux is the new Integration test # + ############################################################################################################ + + # Print summary + for key, value in test_results.items(): + print(f"{key}: {value}") + if "KO" in test_results.values(): + sys.exit(1) + elif distro == "centos": test_results = { "Installation test": None, @@ -2611,5 +2981,5 @@ elif distro == "centos": if "KO" in test_results.values(): sys.exit(1) else: - print("Invalid argument. Please pass one of: ubuntu, debian, fedora, rhel, centos") + print("Invalid argument. Please pass one of: ubuntu, debian, fedora, rhel, centos, rockylinux") sys.exit(1) diff --git a/tests/linux.sh b/tests/linux.sh index b7d71d5bd..131753e8c 100755 --- a/tests/linux.sh +++ b/tests/linux.sh @@ -17,7 +17,7 @@ function gen_package() { mode="$1" linux="$2" version="$(tr -d '\n' < VERSION)" - if [ "$linux" = "fedora" ] || [ "$linux" = "centos" ] || [ "$linux" = "rhel" ] ; then + if [ "$linux" = "fedora" ] || [ "$linux" = "centos" ] || [ "$linux" = "rhel" ] || [ "$linux" = "rockylinux" ] ; then type="rpm" else type="deb" @@ -59,6 +59,8 @@ echo "Building fedora package ..." gen_package "$1" "fedora" echo "Building rhel package ..." gen_package "$1" "rhel" +echo "Building rockylinux package ..." +gen_package "$1" "rockylinux" # Copy packages in the Docker context do_and_check_cmd cp -r "/opt/packages/$1" ./packages @@ -74,5 +76,7 @@ echo "Building fedora test image ..." build_image "fedora" echo "Building rhel test image ..." build_image "rhel" +echo "Building rockylinux test image ..." +build_image "rockylinux" exit 0 diff --git a/tests/linux/Linux.sh b/tests/linux/Linux.sh index 68d9b3a65..3e2b23e09 100755 --- a/tests/linux/Linux.sh +++ b/tests/linux/Linux.sh @@ -31,6 +31,12 @@ function buildPackage() { if [ "$DISTRO" = "fedora" ]; then sudo docker build -t linux-fedora -f src/linux/Dockerfile-fedora . fi + if [ "$DISTRO" = "rhel" ]; then + sudo docker build -t linux-rhel -f src/linux/Dockerfile-rhel . + fi + if [ "$DISTRO" = "rockylinux" ]; then + sudo docker build -t linux-rockylinux -f src/linux/Dockerfile-rockylinux . + fi fi } @@ -50,13 +56,19 @@ function createContainer() { if [ "$DISTRO" = "fedora" ]; then sudo docker run -v /tmp/fedora:/data linux-fedora fi + if [ "$DISTRO" = "rhel" ]; then + sudo docker run -v /tmp/rhel:/data linux-rhel + fi + if [ "$DISTRO" = "rockylinux" ]; then + sudo docker run -v /tmp/rockylinux:/data linux-rockylinux + fi fi } # Retrieve $DISTRO from the user function retrieveDistro() { - echo "Which distro do you want to use? (ubuntu, debian, centos, fedora)" + echo "Which distro do you want to use? (ubuntu, debian, centos, fedora, rhel, rockylinux)" read -r DISTRO }