Add support for Ubuntu 24.04

2026-05-24 09:28:37 +00:00 · 2024-05-01 13:07:33 +02:00 · 2024-05-01 13:07:33 +02:00 · 6dfb58c836
commit 6dfb58c836
parent d1bf64ab5a
7 changed files with 143 additions and 4 deletions
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@ -43,9 +43,11 @@ jobs:
      packages: write
    strategy:
      matrix:
-        linux: [ubuntu, debian, fedora, rhel, rhel9]
+        linux: [ubuntu-jammy, ubuntu-noble, debian, fedora, rhel, rhel9]
        include:
-          - linux: ubuntu
+          - linux: ubuntu-jammy
+            package: deb
+          - linux: ubuntu-noble
            package: deb
          - linux: debian
            package: deb
@ -196,6 +198,12 @@ jobs:
            suffix: ""
            version: jammy
            package: deb
+          - linux: ubuntu
+            package_arch: amd64
+            separator: _
+            suffix: ""
+            version: noble
+            package: deb
          - linux: debian
            package_arch: amd64
            separator: _
--- a/.github/workflows/push-packagecloud.yml
+++ b/.github/workflows/push-packagecloud.yml
@ -49,7 +49,12 @@ jobs:
        run: gem install package_cloud
      # Download packages
      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
-        if: inputs.LINUX != 'el' && inputs.LINUX != 'el9'
+        if: inputs.LINUX = ubuntu*
+        with:
+          name: package-${{ inputs.LINUX }}-${{ inputs.VERSION }}-${{ inputs.PACKAGE_ARCH }}
+          path: /tmp/${{ inputs.LINUX }}
+      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        if: inputs.LINUX != 'el' && inputs.LINUX != 'el9' && inputs.LINUX != ubuntu*
        with:
          name: package-${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
          path: /tmp/${{ inputs.LINUX }}
--- a/src/deps/install.sh
+++ b/src/deps/install.sh
@ -202,6 +202,9 @@ if [ "$OS" = "fedora" ] ; then
 	CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
 fi

+# Set CFALGS
+export CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1"
+
 export CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx"
 do_and_check_cmd mv auto/configure ./
 echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"
--- a/src/linux/Dockerfile-ubuntu-jammy
+++ b/src/linux/Dockerfile-ubuntu-jammy
@ -99,7 +99,7 @@ COPY --chmod=660 src/bw/misc/country.mmdb /var/tmp/bunkerweb/country.mmdb
 # Copy Linux files
 COPY --chmod=740 src/linux/scripts scripts
 COPY --chmod=740 src/linux/fpm.sh /usr/share/fpm.sh
-COPY src/linux/fpm-ubuntu /usr/share/.fpm
+COPY src/linux/fpm-ubuntu-jammy /usr/share/.fpm
 COPY --chmod=644 src/linux/*.service /lib/systemd/system/
 COPY --chmod=644 src/linux/bunkerweb.logrotate /etc/logrotate.d/bunkerweb

--- a/src/linux/Dockerfile-ubuntu-noble
+++ b/src/linux/Dockerfile-ubuntu-noble
@ -0,0 +1,109 @@
+FROM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8 as builder
+
+ENV OS=ubuntu
+ENV NGINX_VERSION 1.24.0
+
+# Install Nginx and dependencies
+RUN apt update && \
+    apt install -y --no-install-recommends curl gnupg2 ca-certificates lsb-release ubuntu-keyring software-properties-common \
+    bash libssl-dev git zlib1g-dev libyajl2 libyajl-dev yajl-tools pkgconf libcurl4-openssl-dev libgeoip-dev liblmdb-dev apt-utils build-essential autoconf libtool automake g++ gcc libxml2-dev make musl-dev gnupg patch libreadline-dev libpcre3-dev libgd-dev python3 python3-dev python3-pip -y && \
+    echo "deb https://nginx.org/packages/ubuntu/ jammy nginx" > /etc/apt/sources.list.d/nginx.list && \
+    echo "deb-src https://nginx.org/packages/ubuntu/ jammy nginx" >> /etc/apt/sources.list.d/nginx.list && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-1~jammy
+
+WORKDIR /tmp/bunkerweb/deps
+
+# Copy dependencies sources folder
+COPY src/deps/misc misc
+COPY src/deps/src src
+COPY src/deps/deps.json deps.json
+COPY --chmod=644 src/deps/install.sh install.sh
+
+# Compile and install dependencies
+RUN bash install.sh
+
+# Copy dependencies sources folder
+COPY src/deps/requirements.txt /tmp/requirements-deps.txt
+COPY src/scheduler/requirements.txt /tmp/req/requirements-scheduler.txt
+COPY src/ui/requirements.txt /tmp/req/requirements-ui.txt
+COPY src/common/gen/requirements.txt /tmp/req/requirements-gen.txt
+COPY src/common/db/requirements.txt /tmp/req/requirements-db.txt
+
+WORKDIR /usr/share/bunkerweb
+
+# Compile and install dependencies
+RUN export MAKEFLAGS="-j$(nproc)" && \
+    mkdir -p deps/python && \
+    pip install --no-cache-dir --require-hashes --break-system-packages --ignore-installed -r /tmp/requirements-deps.txt && \
+    pip install --no-cache-dir --require-hashes --break-system-packages --target deps/python $(for file in $(ls /tmp/req/requirements*.txt) ; do echo "-r ${file}" ; done | xargs)
+
+# Copy files
+# can't exclude deps from . so we are copying everything by hand
+COPY src/bw/loading loading
+COPY src/bw/lua lua
+COPY src/bw/misc misc
+COPY src/common/api api
+COPY src/common/cli cli
+COPY src/common/confs confs
+COPY src/common/core core
+COPY src/common/db db
+COPY src/common/gen gen
+COPY src/common/helpers helpers
+COPY src/common/settings.json settings.json
+COPY src/common/utils utils
+COPY src/scheduler scheduler
+COPY src/ui ui
+COPY src/VERSION VERSION
+
+FROM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8
+
+# Set default umask to prevent huge recursive chmod increasing the final image size
+RUN umask 027
+
+# Copy dependencies
+COPY --from=builder --chown=0:101 /etc/nginx /etc/nginx
+COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
+
+WORKDIR /usr/share/bunkerweb
+
+# Install fpm
+RUN apt-get update && \
+    apt-get -y install ruby ruby-dev rubygems build-essential autoconf libtool rpm binutils && \
+    gem install -N fpm
+
+# Setup BW
+RUN cp helpers/bwcli /usr/bin/ && \
+    chmod 755 /usr/bin/bwcli && \
+    mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
+    echo "Linux" > INTEGRATION && \
+    for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
+    find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
+    find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
+    chmod 755 /var/log/bunkerweb && \
+    touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
+    chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
+    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
+    find core/*/jobs/* -type f -exec chmod 750 {} \; && \
+    chmod 755 .
+
+# Cleanup
+RUN apt-get -f -y --auto-remove remove build-essential autoconf libtool && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --chmod=660 src/bw/misc/asn.mmdb /var/tmp/bunkerweb/asn.mmdb
+COPY --chmod=660 src/bw/misc/country.mmdb /var/tmp/bunkerweb/country.mmdb
+
+# Copy Linux files
+COPY --chmod=740 src/linux/scripts scripts
+COPY --chmod=740 src/linux/fpm.sh /usr/share/fpm.sh
+COPY src/linux/fpm-ubuntu-noble /usr/share/.fpm
+COPY --chmod=644 src/linux/*.service /lib/systemd/system/
+COPY --chmod=644 src/linux/bunkerweb.logrotate /etc/logrotate.d/bunkerweb
+
+# Generate DEB at startup
+VOLUME /data
+WORKDIR /usr/share/
+ENTRYPOINT [ "./fpm.sh", "deb" ]
--- a/src/linux/fpm-ubuntu-jammy
+++ b/src/linux/fpm-ubuntu-jammy
--- a/src/linux/fpm-ubuntu-noble
+++ b/src/linux/fpm-ubuntu-noble
@ -0,0 +1,14 @@
+-s dir
+--name bunkerweb
+--license agpl3
+--version %VERSION%
+--architecture %ARCH%
+--depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.24.0-1~jammy' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools --depends sudo --depends procps --depends lsof --depends libpq5 --depends libcap2-bin --depends logrotate --depends mariadb-client --depends postgresql-client --depends sqlite3 --depends unzip --depends libpcre3
+--description "BunkerWeb %VERSION% for Ubuntu 24.04"
+--url "https://www.bunkerweb.io"
+--maintainer "Bunkerity <contact at bunkerity dot com>"
+--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
+--after-install /usr/share/bunkerweb/scripts/postinstall.sh
+--after-remove /usr/share/bunkerweb/scripts/afterRemoveDEB.sh
+--deb-no-default-config-files
+/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb/=/var/lib/bunkerweb /etc/logrotate.d/bunkerweb=/etc/logrotate.d/bunkerweb