diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml index 2d55377..beaba4f 100644 --- a/.woodpecker/build-container.yml +++ b/.woodpecker/build-container.yml @@ -24,6 +24,7 @@ steps: TRIVY_NO_PROGRESS: "true" TRIVY_SEVERITY: HIGH,CRITICAL TRIVY_TIMEOUT: 1m + TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2 - name: publish-dockerhub image: quay.io/thegeeklab/wp-docker-buildx:5 diff --git a/Containerfile.multiarch b/Containerfile.multiarch index 8888e02..f3b9879 100644 --- a/Containerfile.multiarch +++ b/Containerfile.multiarch @@ -20,18 +20,16 @@ ENV CUPS_FILTERS_VERSION=1.28.17-r6 RUN apk --update --no-cache add libcap && \ apk --update --no-cache add cups=${CUPS_VERSION} cups-filters=${CUPS_FILTERS_VERSION} --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main && \ - mkdir -p /run/cups && \ + mkdir -p /run/cups /cups/conf /cups/cache /cups/data /cups/spool/tmp && \ + cp /etc/cups/*.conf /cups/conf && \ + cp -r /usr/share/cups/. /cups/data && \ setcap 'cap_net_bind_service=+ep' /usr/sbin/cupsd && \ rm -rf /var/cache/apk/* && \ rm -rf /tmp/* ADD overlay/ / -RUN chown -R root:lp /var/log/cups && \ - chown -R root:lp /var/spool/cups && \ - chown -R root:lp /var/cache/cups && \ - chown -R root:lp /run/cups && \ - chown -R root:lp /etc/cups +RUN chown -R root:lp /cups EXPOSE 631 diff --git a/overlay/etc/cups/cups-files.conf b/overlay/cups/conf/cups-files.conf similarity index 91% rename from overlay/etc/cups/cups-files.conf rename to overlay/cups/conf/cups-files.conf index 47d2f67..3951689 100644 --- a/overlay/etc/cups/cups-files.conf +++ b/overlay/cups/conf/cups-files.conf @@ -38,13 +38,13 @@ SystemGroup lpadmin AccessLog stderr # Location of cache files used by the scheduler... -#CacheDir /var/cache/cups +CacheDir /cups/cache # Location of data files used by the scheduler... -#DataDir /usr/share/cups +DataDir /cups/data # Location of the static web content served by the scheduler... -#DocumentRoot /usr/share/cups +DocumentRoot /cups/data # Location of the file logging all messages produced by the scheduler and any # helper programs; may be the name "syslog". If not an absolute path, the value @@ -59,7 +59,7 @@ ErrorLog stderr PageLog stderr # Location of the file listing all of the local printers... -#Printcap /etc/printcap +Printcap /cups/conf/printcap # Format of the Printcap file... #PrintcapFormat bsd @@ -67,21 +67,21 @@ PageLog stderr #PrintcapFormat solaris # Location of all spool files... -#RequestRoot /var/spool/cups +RequestRoot /cups/spool # Location of helper programs... -#ServerBin /usr/lib/cups +ServerBin /usr/lib/cups # SSL/TLS keychain for the scheduler... #ServerKeychain ssl # Location of other configuration files... -#ServerRoot /etc/cups +ServerRoot /cups/conf # Location of scheduler state files... -#StateDir /run/cups +StateDir /run/cups # Location of scheduler/helper temporary files. This directory is emptied on # scheduler startup and cannot be one of the standard (public) temporary # directory locations for security reasons... -#TempDir /var/spool/cups/tmp +TempDir /cups/spool/tmp diff --git a/overlay/etc/cups/cupsd.conf b/overlay/cups/conf/cupsd.conf similarity index 100% rename from overlay/etc/cups/cupsd.conf rename to overlay/cups/conf/cupsd.conf diff --git a/overlay/usr/local/bin/entrypoint b/overlay/usr/local/bin/entrypoint index 9e08849..f529b68 100755 --- a/overlay/usr/local/bin/entrypoint +++ b/overlay/usr/local/bin/entrypoint @@ -17,13 +17,14 @@ trap terminate TERM if [ -n "$CUPS_ADMIN_USERNAME" ] && [ -n "$CUPS_ADMIN_PASSWORD" ]; then if ! id -u "$CUPS_ADMIN_USERNAME" >/dev/null 2>&1; then + echo "Creating user $CUPS_ADMIN_USERNAME..." adduser -S -H -G lpadmin "$CUPS_ADMIN_USERNAME" echo "$CUPS_ADMIN_USERNAME:$CUPS_ADMIN_PASSWORD" | chpasswd 2>/dev/null fi fi # Start CUPS in the background and get its PID -/usr/sbin/cupsd -f & +/usr/sbin/cupsd -f -c /cups/conf/cupsd.conf -s /cups/conf/cups-files.conf & child=$! # Wait for the CUPS process