From 28b5d91b9a5b0c39e9b24a7f9c60ac37cf6d9ba7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?N=C3=A9munaire?= <nemunaire@pomail.fr>
Date: Sun, 14 Dec 2014 13:16:22 +0100
Subject: [PATCH] Sanitize Dockerfile

---
 Dockerfile       |  43 +++++++++----
 front/Dockerfile |  13 ++--
 gen_site.sh      | 156 -----------------------------------------------
 3 files changed, 39 insertions(+), 173 deletions(-)
 delete mode 100755 gen_site.sh

diff --git a/Dockerfile b/Dockerfile
index 987fd9dd..b7e19797 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -29,36 +29,53 @@ RUN apt-get -y update && \
 
 RUN cpanm Mcrypt
 
+WORKDIR /var/www/fic-server/misc
+
 # Copying files #######################################################
 
 ADD . /var/www/fic-server/
 
 # Configure softwares #################################################
 
-RUN ln -sf /var/www/fic-server/nginx-server.conf /etc/nginx/sites-enabled/default
-RUN ln -sf /var/www/fic-server/php-fpm.conf /etc/php5/fpm/pool.d/www.conf
+RUN ln -sf /var/www/fic-server/nginx-server.conf /etc/nginx/sites-enabled/default && \
+    ln -sf /var/www/fic-server/php-fpm.conf /etc/php5/fpm/pool.d/www.conf
 
 # Generate test certificates ##########################################
 
-RUN cd /var/www/fic-server/misc; bash ./CA.sh -newca
+RUN bash ./CA.sh -newca
 
 # Import DB ###########################################################
 
-RUN service mysql start && echo "CREATE DATABASE fic;" | mysql -u root && cat /var/www/fic-server/db/fic2014.sql | mysql -u root fic
+RUN service mysql start && \
+    echo "CREATE DATABASE fic;" | mysql -u root && \
+    cat /var/www/fic-server/db/fic2014.sql | mysql -u root fic
 
 # Uncomment the following line to fill with random values
-#RUN service mysql start && cat /var/www/fic-server/db/feed.sql | mysql -u root fic
+RUN service mysql start && cat /var/www/fic-server/db/feed.sql | mysql -u root fic
 
 # Configure site ######################################################
 
-RUN ln -sf /var/www/fic-server/onyx/config/sample.root.xml /var/www/fic-server/onyx/config/root.xml
-RUN sed -i "s/1386827772/`date -d 'now + 4 hours' +%s`/" /var/www/fic-server/onyx/config/root.xml
-RUN sed -i "s/challenge-public//" /var/www/fic-server/onyx/config/root.xml
-
-RUN chmod 777 /var/www/fic-server/onyx/cache/ /var/www/fic-server/onyx/cache/templates/cache/ /var/www/fic-server/onyx/cache/templates/compile/
+RUN ln -sf /var/www/fic-server/onyx/config/sample.root.xml /var/www/fic-server/onyx/config/root.xml && \
+    sed -i "s/1386827772/`date -d 'now + 4 hours' +%s`/" /var/www/fic-server/onyx/config/root.xml && \
+    sed -i "s/challenge-public//" /var/www/fic-server/onyx/config/root.xml && \
+    chmod 777 /var/www/fic-server/onyx/cache/ /var/www/fic-server/onyx/cache/templates/cache/ /var/www/fic-server/onyx/cache/templates/compile/
 
 # ENVIRONNEMENT #######################################################
 
-EXPOSE     80/tcp 443/tcp
-VOLUME	   ["/var/www/fic-server/out","/var/www/fic-server/files","/var/www/fic-server/submission","/var/www/fic-server/misc/shared"]
-CMD ["sh", "-c", "chown -R www-data:www-data /var/www/fic-server/misc /var/www/fic-server/submission; cd /var/www/fic-server/misc; if ! [ -f server.crt ]; then bash ./CA.sh -newserver; fi; bash ./CA.sh -gencrl && service nginx start && service php5-fpm start && service mysql start && echo 'Copying files...' && ../gen_hash_link_files.sh --copy ../files-in ../files && ../nginx_gen_team.sh > ../misc/shared/nginx-teams.conf && (../launch_local.sh &); /bin/bash"]
+EXPOSE 80/tcp 443/tcp
+VOLUME ["/var/www/fic-server/out","/var/www/fic-server/files","/var/www/fic-server/submission","/var/www/fic-server/misc/shared"]
+
+CMD    chown -R www-data:www-data /var/www/fic-server/misc /var/www/fic-server/submission; \
+       if ! [ -f server.crt ]; \
+       then \
+           bash ./CA.sh -newserver; \
+       fi; \
+       bash ./CA.sh -gencrl && \
+       service nginx start && \
+       service php5-fpm start && \
+       service mysql start && \
+       ../nginx_gen_team.sh > ../misc/shared/nginx-teams.conf && \
+       echo 'Copying files...' && \
+       ../gen_hash_link_files.sh --copy ../files-in ../files; \
+       (../launch_local.sh &); \
+       /bin/bash
diff --git a/front/Dockerfile b/front/Dockerfile
index 833e9d89..d2c63d0a 100644
--- a/front/Dockerfile
+++ b/front/Dockerfile
@@ -15,16 +15,21 @@ RUN apt-get -y update && \
     && \
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
+WORKDIR /var/www/fic-server/front/
+
 # Copying files #######################################################
 
 ADD . /var/www/fic-server/front/
 
 # Configure softwares #################################################
 
-RUN ln -sf /var/www/fic-server/front/nginx.conf /etc/nginx/sites-enabled/default
-RUN ln -sf /var/www/fic-server/front/php-fpm.conf /etc/php5/fpm/pool.d/www.conf
+RUN ln -sf /var/www/fic-server/front/nginx.conf /etc/nginx/sites-enabled/default && \
+    ln -sf /var/www/fic-server/front/php-fpm.conf /etc/php5/fpm/pool.d/www.conf
 
 # ENVIRONNEMENT #######################################################
 
-EXPOSE     80/tcp 443/tcp
-CMD ["sh", "-c", "service nginx start && service php5-fpm start && /bin/bash"]
+EXPOSE 80/tcp 443/tcp
+
+CMD    service nginx start && \
+       service php5-fpm start && \
+       /bin/bash
diff --git a/gen_site.sh b/gen_site.sh
deleted file mode 100755
index 4fa11caf..00000000
--- a/gen_site.sh
+++ /dev/null
@@ -1,156 +0,0 @@
-#!/bin/bash
-
-BASEURL="localhost"
-SALT_TEAM="connected"
-OUT_TEAM="./teams"
-OUT_HTDOCS="./htdocs"
-
-MAX_PARAL=10
-
-DEBUG=0
-
-
-cd `dirname "$0"`
-
-if [ "$UID" = "0" ]
-then
-    SCRIPT=`pwd`/`basename "$0"`
-    su -c "sh -c '$SCRIPT $@'" synchro
-    exit $?
-fi
-
-if [ -f "/tmp/generate_site" ]
-then
-    echo "This script is already running" 1>&2
-    echo "Remove the file /tmp/generate_site if you are sure this is not true" 1>&2
-    exit 1
-fi
-
-touch /tmp/generate_site
-
-WGET_OPT="--no-check-certificate -c"
-
-if [ $DEBUG -ne 1 ]
-then
-    WGET_OPT="-q"
-fi
-
-./clear_cache.sh top
-
-mkdir -p out
-
-ORIG_DIR=`pwd`
-MYTMPDIR=`mktemp -d`
-cd "$MYTMPDIR"
-
-# First, remove existing version if any
-rm -rf "$BASEURL" "$OUT_TEAM"
-
-wget $WGET_OPT -m -b "http://$BASEURL/" -o /dev/null
-
-mkdir -p "$BASEURL"
-ln -sf "$ORIG_DIR/files/" "$BASEURL/files"
-
-# Get list of teams
-TEAMS=
-if [ $# -gt 0 ]
-then
-    while [ $# -gt 0 ]
-    do
-	TEAMS="$TEAMS /$SALT_TEAM/$1/"
-	shift
-    done
-    FULLSYNC=0
-else
-    for l in $(curl -k "http://$BASEURL/$SALT_TEAM/" 2> /dev/null | grep -oE "/[^/]+/[0-9]+/")
-    do
-	TEAMS="$TEAMS $l"
-    done
-    FULLSYNC=1
-fi
-
-echo "Team list to generate: $TEAMS"
-
-NB=0
-PIDLIST=
-# Fetch them in parallel
-for l in $TEAMS
-do
-    (
-	if ! wget $WGET_OPT -m "http://$BASEURL/$l"
-	then
-	    exit 1
-	fi
-
-	for m in $(grep -R "<form " "$BASEURL/$l" | grep -oE "/[^/]+/([^/]+)/([0-9]+)-[^/]+/([a-zA-Z0-9_]+)/submission")
-	do
-	    OUT=`echo "$m" | sed -E 's#/([^/]+)/([^/]+)/([0-9]+)-[^/]+/([a-zA-Z0-9_]+)/submission#\1/\2/submission-\3-\4#'`
-	    wget $WGET_OPT "http://$BASEURL/$m" -O "$BASEURL/$OUT.html"
-	    wget $WGET_OPT "http://$BASEURL/$m/gerr" -O "$BASEURL/$OUT-bad.html"
-	    wget $WGET_OPT "http://$BASEURL/$m/serr" -O "$BASEURL/$OUT-already.html"
-	done
-
-	# Remove /connected/XY
-	for f in `find "$BASEURL/$l" -type f`
-	do
-	    sed -Ei "s#/[^/]+/([0-9]+)/#/#" "$f" &&
-	    sed -Ei "s#/([0-9]+)-[^/]*/([a-zA-Z0-9_]+)/submission#/submission-\1-\2.html#" "$f"
-	done
-    ) &
-
-    PIDLIST="$PIDLIST $!"
-    NB=$(($NB + 1))
-
-    if [ $NB -ge $MAX_PARAL ]
-    then
-	echo "Generating teams ...$PIDLIST"
-	wait $PIDLIST
-	PIDLIST=
-	NB=0
-    fi
-done
-
-echo "Generating teams ...$PIDLIST"
-
-ERR=0
-for i in $PIDLIST
-do
-    if ! wait $i
-    then
-	ERR=$(($ERR + 1))
-    fi
-done
-
-# Move connected/ at root
-mv "$BASEURL/$SALT_TEAM/" "$OUT_TEAM"
-mv "$BASEURL/" "$OUT_HTDOCS"
-
-# Remove all robots.txt
-find . -name robots.txt -exec rm {} \;
-
-# Remove useless symlink
-rm "$BASEURL/files"
-
-# Ready to launch another gen_site
-rm /tmp/generate_site
-
-if [ $ERR -gt 0 ]
-then
-    cd "$ORIG_DIR"
-    rm -rf "$MYTMPDIR"
-
-    echo "Some errors occurs" 1>&2
-    exit $ERR
-
-else
-    MOREOPT=
-    if [ "$FULL" -eq "1" ]
-    then
-	MOREOPT="--delete"
-    fi
-    # Ok, now, sync files with prod
-    rsync -av $MOREOPT * "$ORIG_DIR/out"
-
-    cd "$ORIG_DIR"
-    rm -rf "$MYTMPDIR"
-fi