Currently, we rely on Debian to pick a UID and GID for daemon users.
However, those numbers can change as software evolves over time, in
particular as the base distribution changes.
Because those IDs are relevant in the data volume, which has a lifetime
independent from the daemon container, it is important that they don't
change.
Other projects have run into this issue over the years too, this is not
a purely theoretical concern.
This patch fixes the UID/GIDs for the daemon users to their current
values, to prevent problems in the future.
See https://github.com/albertito/chasquid/pull/72 for further
discussion.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Adjusted commit message, formatted RUN command line, changed the
dovecot group ID to match the previous value.
Using the "slim" version of the debian:stable image helps reduce size,
while having no impact on runtime usability or performance. The main
differences are around locale and manpages.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Adjusted commit message.
Today, we launch dovecot in the background and chasquid in the
foreground using sudo.
This means that dovecot failures won't propagate, and signals to the
container (e.g. to stop it) also don't get propagated to dovecot
(because it's in the background) or chasquid (because they don't go
beyond the sudo process).
Thanks to [Guiorgy@github](https://github.com/Guiorgy) for identifying
the problem, proposing alternatives, help debugging, and discussing this
in https://github.com/albertito/chasquid/pull/70.
From the Dockerfile docs:
> Environment variable persistence can cause unexpected side effects.
> For example, setting ENV DEBIAN_FRONTEND=noninteractive changes the
> behavior of apt-get, and may confuse users of your image.
>
> If an environment variable is only needed during build, and not in the
> final image, consider setting a value for a single command instead.
So this patch adjusts the use of the DEBIAN_FRONTEND variable to match
the documented best practice.
https://github.com/albertito/chasquid/pull/68
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Adjusted commit message.
This patch fixes some Dockerfile style warnings:
- `WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match`
- `LegacyKeyValueFormat: "ENV key=value" should be used instead of
legacy "ENV key value" format`
https://github.com/albertito/chasquid/pull/68
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Adjusted commit message.
The latest Debian stable images don't include the `setcap` binary by
default like they used to.
Our Docker build depends on it, so this patch makes the Dockerfile
install the libcap2-bin package (which contains the `setcap` binary).
This patch adds a new docker directory, which contains a Dockerfile plus
some additional configuration for creating a container that runs
chasquid+dovecot+letsencrypt.
It also updates the gitlab CI pipeline to automatically build and
publish an image on each commit.
This is experimental and likely to break.
