build sasl from source

gcompany · Jun 28, 2021 · 0699f99 · 0699f99
1 parent ddc147f
commit 0699f99
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 47 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,56 +1,23 @@
-ARG BASE_IMAGE=alpine:latest
-# ARG BASE_IMAGE=ubuntu:focal
-# ============================ BUILD SASL XOAUTH2 ============================
-FROM ${BASE_IMAGE} as build
-
-ARG SASL_XOAUTH2_REPO_URL=https://github.com/tarickb/sasl-xoauth2.git
-ARG SASL_XOAUTH2_GIT_REF=release-0.10
-
-RUN        true && \
-           if [ -f /etc/alpine-release ]; then \
-             apk add --no-cache --upgrade git && \
-             apk add --no-cache --upgrade cmake clang make gcc g++ libc-dev pkgconfig curl-dev jsoncpp-dev cyrus-sasl-dev; \
-           else \
-             export DEBIAN_FRONTEND=noninteractive && \
-             echo "Europe/Berlin" > /etc/timezone && \
-             apt-get update -y -qq && \
-             apt-get install -y git build-essential cmake pkg-config libcurl4-openssl-dev libssl-dev libjsoncpp-dev libsasl2-dev; \
-           fi
-RUN        git clone --depth 1 --branch ${SASL_XOAUTH2_GIT_REF} ${SASL_XOAUTH2_REPO_URL} /sasl-xoauth2
-RUN        true && \
-           cd /sasl-xoauth2 && \
-           mkdir build && \
-           cd build && \
-           cmake -DCMAKE_INSTALL_PREFIX=/ .. && \
-           make
-
-# ============================ BUILD SASL XOAUTH2 ============================
-FROM ${BASE_IMAGE}
-LABEL maintainer="Bojan Cekrlic - https://github.com/bokysan/docker-postfix/"
+FROM alpine:3.9.6
+# LABEL maintainer="Bojan Cekrlic - https://github.com/bokysan/docker-postfix/"
 
 # Install supervisor, postfix
 # Install postfix first to get the first account (101)
 # Install opendkim second to get the second account (102)
-RUN        true && \
-           if [ -f /etc/alpine-release ]; then \
-             apk add --no-cache --upgrade cyrus-sasl cyrus-sasl-static cyrus-sasl-digestmd5 cyrus-sasl-crammd5 cyrus-sasl-login cyrus-sasl-ntlm && \
-             apk add --no-cache postfix && \
-             apk add --no-cache opendkim && \
-             apk add --no-cache --upgrade ca-certificates tzdata supervisor rsyslog musl musl-utils bash opendkim-utils libcurl jsoncpp lmdb && \
-             (rm "/tmp/"* 2>/dev/null || true) && (rm -rf /var/cache/apk/* 2>/dev/null || true); \
-           else \
-             export DEBIAN_FRONTEND=noninteractive && \
-             echo "Europe/Berlin" > /etc/timezone && \
-             apt-get update -y -q && \
-             apt-get install -y libsasl2-modules && \
-             apt-get install -y postfix && \
-             apt-get install -y opendkim && \
-             apt-get install -y ca-certificates tzdata supervisor rsyslog bash opendkim-tools curl libcurl4 libjsoncpp1 postfix-lmdb netcat; \
-           fi && \
-           cp -r /etc/postfix /etc/postfix.template
+RUN apk add --no-cache curl cmake clang make gcc g++ libc-dev pkgconfig curl-dev  && \
+  curl -L  https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz --output /tmp/cyrus-sasl-2.1.27.tar.gz && \
+  tar xvf /tmp/cyrus-sasl-2.1.27.tar.gz  -C /tmp/ && \
+  cd /tmp/cyrus-sasl-2.1.27 && \
+  ./configure && make && make install && \
+  ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 && \
+  apk add --no-cache postfix postfix-lmdb && \
+  apk add --no-cache opendkim && \
+  apk add --no-cache --upgrade ca-certificates tzdata supervisor rsyslog musl musl-utils bash opendkim-utils libcurl jsoncpp lmdb && \
+  (rm "/tmp/"* 2>/dev/null || true) && (rm -rf /var/cache/apk/* 2>/dev/null || true); \
+  cp -r /etc/postfix /etc/postfix.template
 
 # Copy SASL-XOAUTH2 plugin
-COPY       --from=build /sasl-xoauth2/build/src/libsasl-xoauth2.so /usr/lib/sasl2/
+# COPY       --from=build /sasl-xoauth2/build/src/libsasl-xoauth2.so /usr/lib/sasl2/
 
 # Set up configuration
 COPY       /configs/supervisord.conf     /etc/supervisord.conf
@@ -68,6 +35,8 @@ VOLUME     [ "/var/spool/postfix", "/etc/postfix", "/etc/opendkim/keys" ]
 USER       root
 WORKDIR    /tmp
 
+ADD additional-config.sh /docker-init.db/
+
 HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 CMD printf "EHLO healthcheck\n" | nc 127.0.0.1 587 | grep -qE "^220.*ESMTP Postfix"
 
 EXPOSE     587

diff --git a/additional-config.sh b/additional-config.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -e
+
+echo "running additional config"
+
+# setup SSL
+# Self-signed server certificate
+# The following commands (credits: Viktor Dukhovni) generate and install a 2048-bit RSA private key and 10-year self-signed certificate for the local Postfix system. This requires super-user privileges. (By using date-specific filenames for the certificate and key files, and updating main.cf with new filenames, a potential race condition in which the key and certificate might not match is avoided).
+# @see http://www.postfix.org/TLS_README.html
+
+echo "generating self-signed certificate"
+
+dir="$(postconf -h config_directory)"
+fqdn=$(postconf -h myhostname)
+case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
+ymd=$(date +%Y-%m-%d)
+key="${dir}/key-${ymd}.pem"; rm -f "${key}"
+cert="${dir}/cert-${ymd}.pem"; rm -f "${cert}"
+(umask 077; openssl genrsa -out "${key}" 2048) &&
+  openssl req -new -key "${key}" \
+    -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert}" &&
+  postconf -e \
+    "smtpd_tls_cert_file = ${cert}" \
+    "smtpd_tls_key_file = ${key}"
+