From 3669cecc5c6e311b73d712124e4a130f0090307e Mon Sep 17 00:00:00 2001 From: Sukrit Khera Date: Thu, 6 Aug 2015 01:04:22 -0700 Subject: [PATCH 1/4] Fix docker location issue (follow redirect) Fix docker location issue (follow redirect) Upgrade docker to 1.7.1 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 091ea03..63a0c63 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ RUN apt-get update --fix-missing && \ RUN mkdir -p /root/.ssh && chmod 500 /root/.ssh && chown -R root:root /root/.ssh # Install Docker -RUN curl -o /usr/local/bin/docker https://get.docker.io/builds/Linux/x86_64/docker-1.4.1 +RUN curl -L -o /usr/local/bin/docker https://get.docker.io/builds/Linux/x86_64/docker-1.7.1 ADD .docker/wrapdocker /usr/local/bin/wrapdocker RUN chmod +x /usr/local/bin/docker /usr/local/bin/wrapdocker From fd7deeeb558457cba9a4c83135bf95894e1c865c Mon Sep 17 00:00:00 2001 From: Sukrit Khera Date: Wed, 12 Aug 2015 17:00:11 -0700 Subject: [PATCH 2/4] Revert to 1.4.1 version of docker (stability) Revert to 1.4.1 version of docker (stability) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 63a0c63..7eae44d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ RUN apt-get update --fix-missing && \ RUN mkdir -p /root/.ssh && chmod 500 /root/.ssh && chown -R root:root /root/.ssh # Install Docker -RUN curl -L -o /usr/local/bin/docker https://get.docker.io/builds/Linux/x86_64/docker-1.7.1 +RUN curl -L -o /usr/local/bin/docker https://get.docker.io/builds/Linux/x86_64/docker-1.4.1 ADD .docker/wrapdocker /usr/local/bin/wrapdocker RUN chmod +x /usr/local/bin/docker /usr/local/bin/wrapdocker From 74cca70b749b32f2441a1c3462ff9bb61b55e6a0 Mon Sep 17 00:00:00 2001 From: sukrit007 Date: Wed, 19 Aug 2015 20:42:11 -0700 Subject: [PATCH 3/4] Handle UTF-8 characters for the github hook --- lib/restify/authorize-signature.js | 2 +- package.json | 2 +- test/unit/restify/authorize-signature.js | 64 ++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 test/unit/restify/authorize-signature.js diff --git a/lib/restify/authorize-signature.js b/lib/restify/authorize-signature.js index 3bb9b45..f981df0 100644 --- a/lib/restify/authorize-signature.js +++ b/lib/restify/authorize-signature.js @@ -28,7 +28,7 @@ function usingSignedRequest(secret, header) { return function authorize(req, res, next) { var hmac = crypto.createHmac('sha1', secret); - hmac.update(req.body); + hmac.update(new Buffer(req.body, 'utf-8')); var calculatedSignature = 'sha1=' + hmac.digest('hex'); var actualSignature = req.header(header); if (actualSignature !== calculatedSignature) { diff --git a/package.json b/package.json index 4a09e12..ca9ca0a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "image-factory", - "version": "0.6.5", + "version": "0.6.6", "description": "Docker Image Factory", "keywords": [ "docker", diff --git a/test/unit/restify/authorize-signature.js b/test/unit/restify/authorize-signature.js new file mode 100644 index 0000000..7a0200d --- /dev/null +++ b/test/unit/restify/authorize-signature.js @@ -0,0 +1,64 @@ +'use strict'; + +var chai = require('chai'), + sinon = require('sinon'), + usingSignedRequest = require('../../../lib/restify/authorize-signature'), + constants = require('../../../lib/constants'), + EventEmitter = require('events').EventEmitter, + restify = require('restify'), + expect = chai.expect, + sinonChai = require('sinon-chai'); + +describe('Image Factory - authorize', function () { + var authorize,signature,next; + + beforeEach(function () { + authorize = usingSignedRequest('changeit'); + signature = 'X-Hook-Signature'; + next = sinon.stub(); + }); + + + it('should authorize request when valid signature is passed', function (done) { + var req = { + body: '{"test": "data"}', + header: sinon.stub() + }; + req.header.withArgs(signature).returns('sha1=8c2dfb16db7498d0a1085c4b13f141282fbb75fd'); + + authorize(req, null, next); + + next.should.have.been.calledWithExactly(); + done() + }); + + it('should authorize request with utf-8 encoded characters', function (done) { + var req = { + body: '{"test": "a’s"}', + header: sinon.stub() + }; + req.header.withArgs(signature).returns('sha1=d2b5883194460664a460e4523c2056d8e1a48512'); + + authorize(req, null, next); + + next.should.have.been.calledWithExactly(); + done() + }); + + it('should fail to authorize request when invalid signature is passed', function (done) { + var req = { + body: '{"test": "data"}', + header: sinon.stub() + }; + req.header.withArgs(signature).returns('sha1=invalid'); + + authorize(req, null, next); + + next.should.have.been.calledWithExactly( + new restify.errors.InvalidCredentialsError( + 'Mismatch in computed signature and the passed signature of the request payload.')); + + done() + }); + +}); \ No newline at end of file From 99e1fd15dceef634ab9c9c8b1bc7824aa1548641 Mon Sep 17 00:00:00 2001 From: sukrit007 Date: Wed, 19 Aug 2015 21:21:48 -0700 Subject: [PATCH 4/4] Automatically determine value for HOST_IP if not specified Use HOST_IP as default value for ETCD_HOST --- README.md | 4 ++-- bin/supervisord-wrapper.sh | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e124869..6879109 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ docker run -P -d -h image-factory.$USER -v /dev/log:/dev/log -v /var/run/docker. ``` ### Docker in Docker (using privileged mode) -In this mode, imagefactury runs Docker-in-Docker and therefore has several unique requirements when running the image. +In this mode, imagefactory runs Docker-in-Docker and therefore has several unique requirements when running the image. Most notably you need to run the image in a `--privileged` mode with custom LXC arguments to disable AppArmor. An example run command is below: ```bash @@ -97,7 +97,7 @@ might be removed in future releases. ## Run Configuration (Environment Variables) | Env Variable | Description | Default Value (Docker)| | ------------ | ----------- | --------------------- | -| ETCD_HOST | Etcd server host. | 172.17.42.1 | +| ETCD_HOST | Etcd server host. | | | ETCD_PORT | Etcd server port. | 4001 | | ETCD_TOTEM_BASE | Base path for totem configurations | /totem | | HOOK_POST_URL | URL to be used for post build notification | | diff --git a/bin/supervisord-wrapper.sh b/bin/supervisord-wrapper.sh index 8550f60..b8f0924 100644 --- a/bin/supervisord-wrapper.sh +++ b/bin/supervisord-wrapper.sh @@ -1,7 +1,9 @@ #!/bin/bash -le +HOST_IP="${HOST_IP:-$(/sbin/ip route|awk '/default/ { print $3 }')}" + cat <> /etc/profile.d/image-factory-env.sh -export ETCD_HOST='${ETCD_HOST:-172.17.42.1}' +export ETCD_HOST='${ETCD_HOST:-$HOST_IP}' export ETCD_PORT='${ETCD_PORT:-4001}' export ETCD_TOTEM_BASE='${ETCD_TOTEM_BASE:-/totem}' export SSH_HOST_KEY='${SSH_HOST_KEY:-/root/.ssh/id_rsa}'