fix TLS support, attempt 1

* add libssl1.0-dev package for tls support to be built in
* fix bug in cert generation script
* make cert generation script noninteractive

Dockerfile

@@ -3,8 +3,14 @@ FROM ubuntu:bionic
 
 ENV DEBIAN_FRONTEND noninteractive
 
+ENV DEFAULT_ADMIN_PASSWORD hunter2
+
 ARG UBUNTU_MIRROR=http://archive.ubuntu.com/ubuntu
 
+ARG UID_TO_ADD=10000
+ARG GID_TO_ADD=10000
+ARG USERNAME_TO_ADD=user
+
 RUN echo "deb $UBUNTU_MIRROR bionic main universe restricted multiverse" > /etc/apt/sources.list.new && \
 echo "deb $UBUNTU_MIRROR bionic-updates main universe restricted multiverse" >> /etc/apt/sources.list.new && \
 echo "deb $UBUNTU_MIRROR bionic-security main universe restricted multiverse" >> /etc/apt/sources.list.new && \
@@ -25,6 +31,7 @@ RUN \
         libreadline-dev \
         locales \
         mercurial \
+        libssl1.0-dev \
         python \
         rsync \
         ruby \
@@ -38,6 +45,9 @@ RUN \
     rsync -avP /tmp/rootoverlay/ / && \
     rm -rf /tmp/rootoverlay && \
     rm -r /root/go && \
+    groupadd -g $GID_TO_ADD $USERNAME_TO_ADD && \
+    useradd -u $UID_TO_ADD -g $GID_TO_ADD -s /bin/bash $USERNAME_TO_ADD && \
+    usermod -p '*' $USERNAME_TO_ADD && \
     chmod a+rx /etc/service/*/run
 
 CMD ["/usr/local/sbin/runsvinit"]

README.md

@@ -1,10 +1,37 @@
 # adchpp-docker
 
-* https://git.eeqj.de/sneak/adchpp-docker
+* adch++ main url: https://adchpp.sourceforge.io/
+* dockerized repository: https://git.eeqj.de/sneak/adchpp-docker
+* docker image: https://hub.docker.com/r/sneak/adchpp 
+
+# Usage
+
+```
+docker run \
+    -p 2780:2780 \
+    -v /etc/adchpp:/config \
+    --name adchpp \
+    --restart unless-stopped \
+    sneak/adchpp@sha256:07a8fe2e1e719a712b075590a4c94d1d3c1a49dcb3da91b0a5c971c2c17bbbf7
+```
+
+# Repo Info
 
 `src` contains `adch++` v2.12.1 extracted from tarball from sourceforge,
-modified only to make build on modern hardware.  I tried getting it running
+modified only to make it build on modern hardware.  I tried getting it running
-on 20.04 but it doesn't work with modern `scons`, sadly.
+on 20.04 but its build file doesn't work with modern `scons`, sadly.
+
+# Docker Image Information
+
+* env:
+    * `DEFAULT_ADMIN_PASSWORD`: set to the admin password you want for the
+      `admin` user.  default: `hunter2`.  Note that passwords are stored
+      unhashed in plaintext on disk (take it up with the duck, I just
+      packaged it)
+        * no-op if `/config/users.txt` already exists, which it will after
+          first run.
+* state/config volume: `/config`
+* logs to stdout like a good docker
 
 # License
 
@@ -12,5 +39,5 @@ GPL
 
 # Authors
 
-* `adch++` &copy 2006-2016 Jacek Sieka iarnetheduck@gmail.com
+* `adch++` © 2006-2016 Jacek Sieka iarnetheduck@gmail.com
 * packaging/dockerizing sneak sneak@sneak.berlin

root/etc/service/adchpp/run

@@ -9,5 +9,16 @@ if [[ ! -d /config/scripts ]]; then
     cp /usr/local/src/adchpp/plugins/Script/examples/*.lua /config/scripts
 fi
 
-cd /tmp
+if [[ ! -d /config/certs ]]; then
-exec /usr/local/bin/adchppd -c /config
+    mkdir -p /config/certs
+    cd /config/certs
+    bash /usr/local/src/adchpp/linux/generate_certs.sh
+fi
+
+if [[ ! -e /config/users.txt ]]; then
+    echo "[{\"password\":\"$DEFAULT_ADMIN_PASSWORD\",\"nick\":\"admin\",\"level\":10,\"regby\":\"admin\",\"regtime\":1322835912}]" > /config/users.txt
+fi
+
+chown -R user:user /config
+cd /config
+exec chpst -u user:user /usr/local/bin/adchppd -c /config

src/etc/adchpp.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?>
 <ADCHubPlusPlus>
 
-<!-- IMPORTANT: under Linux, you should use absolute paths in the various path settings 
+<!-- IMPORTANT: under Linux, you should use absolute paths in the various path settings
 	of this configuration file -->
 
 	<Settings>
@@ -59,7 +59,6 @@
 
 		To create secure connections, set TLS="1" and define the following (preferably absolute)
 		paths: Certificate, PrivateKey, TrustedPath, DHParams. An example secure server setting:
-		<Server Port="2780" TLS="1" Certificate="certs/cacert.pem" PrivateKey="certs/privkey.pem" TrustedPath="certs/trusted/" DHParams="certs/dhparam.pem"/>
 
 		Simple OpenSSL commands to generate files used for secure connections:
 		openssl genrsa -out privkey.pem 2048
@@ -69,8 +68,16 @@
 		Alternatively, you can use the cert generator contributed on
 		<http://launchpadlibrarian.net/31960965/Cert_Generator.7z>.
 
-		-->
 		<Server Port="2780"/>
+		-->
+        <Server
+            Port="2780"
+            TLS="1"
+            Certificate="/config/certs/cacert.pem"
+            PrivateKey="/config/certs/privkey.pem"
+            TrustedPath="/config/certs/trusted/"
+            DHParams="/config/certs/dhparam.pem"
+        />
 	</Servers>
 
 	<!-- Instead of scripts, ADCH++ uses plugins. Plugins can do the same work
@@ -79,9 +86,9 @@
 		 write a script plugin, enabling people to choose their own script language,
 		 if someone's written a script plugin for it. You must specify the path to your
 		 plugins in linux default place it looks for the plugin path is /home/<username>/adchpp/ -->
-		 
+
 	<!--Plugins Path="~/adchpp/"-->
-	
+
 	<Plugins>
 		<!-- This plugins provides the scripting support. -->
 		<Plugin>Script</Plugin>

src/linux/generate_certs.sh

@@ -8,7 +8,13 @@ if [ "$(which openssl)" ];
         openssl genrsa -out privkey.pem 2048
         clear
         openssl dhparam -outform PEM -out dhparam.pem 1024
-        openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
+        openssl req \
+            -new -x509 \
+            -key privkey.pem \
+            -out cacert.pem \
+            -days 1095 \
+            -batch \
+            -subj '/CN=adchpp.example.com/O=ADCH++/C=AU'
         clear
 
         if [ -f certs/trusted ];
@@ -18,7 +24,7 @@ if [ "$(which openssl)" ];
                 mkdir -p certs/trusted
         fi
 
-        mv *.pem certs
+        #mv *.pem certs
 
         echo "All done!"
 else