* Automatic Dockerfile update by release process

Note that we found in the LedgerSMB Matrix chat channel that users
need more straight forward ways to quickly evaluate our proposition
which they are able to offer if we skip the TLS requirement

Also note that the TLS requirement requires a domain, which some
might not have at the stage where the system is only being evaluated.

Dockerfile

@@ -1,70 +1,17 @@
-# Build time variables
-
-ARG SRCIMAGE=debian:stretch-slim
-
-
-FROM  $SRCIMAGE AS builder
-
-ARG LSMB_VERSION="1.7.38"
-ARG LSMB_DL_DIR="Releases"
-ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
-
-
-RUN set -x ; \
-  DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -y upgrade && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -y install dh-make-perl libmodule-cpanfile-perl git wget && \
-  apt-file update
-
-RUN set -x ; \
-  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
-  tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
-  rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
-  cd /srv/ledgersmb && \
-  ( ( for lib in $( cpanfile-dump --with-all-features --recommends --no-configure --no-build --no-test ) ; \
-    do \
-      if dh-make-perl locate "$lib" 2>/dev/null ; \
-      then  \
-        : \
-      else \
-        echo no : $lib ; \
-      fi ; \
-    done ) | grep -v dh-make-perl | grep -v 'not found' | grep -vi 'is in Perl ' | cut -d' ' -f4 | sort | uniq | tee /srv/derived-deps ) && \
-  cat /srv/derived-deps
-
-
-#
-#
-#  The real image build starts here
-#
-#
-
-
-FROM  $SRCIMAGE
+FROM        debian:jessie-slim
 MAINTAINER  Freelock john@freelock.com
 
-
 # Build time variables
-ARG LSMB_VERSION="1.7.38"
-ARG LSMB_DL_DIR="Releases"
-ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
+ENV LSMB_VERSION 1.5.29
+
 
 # Install Perl, Tex, Starman, psql client, and all dependencies
 # Without libclass-c3-xs-perl, performance is terribly slow...
-# Without libclass-accessor-lite-perl, HTML::Entities won't build from CPAN
-# libnet-cidr-lite-perl is a dependency for Plack::Builder::Conditionals
-#   which is being installed from CPAN
-# libtest-requires-perl is a dependency of Module-Build-Pluggable-PPPort
-#   on which HTML::Escape depends
 
 # Installing psql client directly from instructions at https://wiki.postgresql.org/wiki/Apt
 # That mitigates issues where the PG instance is running a newer version than this container
 
-
-COPY --from=builder /srv/derived-deps /tmp/derived-deps
-
-RUN set -x ; \
-  echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \
+RUN echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \
   mkdir -p /usr/share/man/man1/ && \
   mkdir -p /usr/share/man/man2/ && \
   mkdir -p /usr/share/man/man3/ && \
@@ -72,32 +19,44 @@ RUN set -x ; \
   mkdir -p /usr/share/man/man5/ && \
   mkdir -p /usr/share/man/man6/ && \
   mkdir -p /usr/share/man/man7/ && \
-  DEBIAN_FRONTEND="noninteractive" apt-get update -q && \
-  DEBIAN_FRONTEND="noninteractive" apt-get dist-upgrade -y -q && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -y -q install \
-    wget ca-certificates gnupg \
-    $( cat /tmp/derived-deps ) \
-    libclass-c3-xs-perl libclass-accessor-lite-perl \
-    texlive-latex-recommended texlive-fonts-recommended \
+  DEBIAN_FRONTEND=noninteractive apt-get update && \
+    apt-get dist-upgrade -y && apt-get -y install \
+    curl wget ca-certificates \
+    libcgi-emulate-psgi-perl libcgi-simple-perl libconfig-inifiles-perl \
+    libdbd-pg-perl libdbi-perl libdatetime-perl \
+    libdatetime-format-strptime-perl libdigest-md5-perl \
+    libfile-mimeinfo-perl libjson-xs-perl libjson-perl \
+    liblocale-maketext-perl liblocale-maketext-lexicon-perl \
+    liblog-log4perl-perl libmime-base64-perl libmime-lite-perl \
+    libmath-bigint-gmp-perl libmoose-perl libnumber-format-perl \
+    libpgobject-perl libpgobject-simple-perl libpgobject-simple-role-perl \
+    libpgobject-util-dbmethod-perl libplack-perl libtemplate-perl \
+    libnamespace-autoclean-perl \
+    libtemplate-plugin-latex-perl libtex-encode-perl \
+    libmoosex-nonmoose-perl libclass-c3-xs-perl \
+    texlive-latex-recommended \
     texlive-xetex fonts-liberation \
+    starman \
+    libopenoffice-oodoc-perl \
+    postgresql-client \
     ssmtp \
     lsb-release && \
   echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
   (wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -) && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install postgresql-client && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install git cpanminus make gcc libperl-dev && \
-  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
-  tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y install postgresql-client && \
+  DEBIAN_FRONTEND=noninteractive apt-get -y install git cpanminus make gcc libperl-dev && \
+    curl -Lo /tmp/ledgersmb-$LSMB_VERSION.tar.gz "https://download.ledgersmb.org/f/Releases/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz" && \
+    tar -xvzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
     rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
-  cpanm --notest \
+    cpanm --quiet --notest \
       --with-feature=starman \
       --with-feature=latex-pdf-ps \
       --with-feature=openoffice \
       --installdeps /srv/ledgersmb/ && \
-  apt-get purge -q -y git cpanminus make gcc libperl-dev && \
-  apt-get autoremove -q -y && \
-  apt-get autoclean -q && \
+    apt-get purge -y git cpanminus make gcc libperl-dev && \
+    apt-get autoremove -y && \
+    apt-get autoclean && \
     rm -rf ~/.cpanm/ && \
     rm -rf /var/lib/apt/lists/* /usr/share/man/*
 

README.md

@@ -1,18 +1,13 @@
 # ledgersmb-docker
-
 Dockerfile for LedgerSMB Docker image
 
 # Supported tags
 
-- `1.8` - Preview version for the 1.8 branch
-- `1.7`, `1.7.x`, `latest` - Latest official release from 1.7 branch
-- `1.6`, `1.6.33` - Last official release from 1.6 branch 
-- `1.5`, `1.5.30` - Last official release from 1.5 branch
-- `1.4`, `1.4.42` - Last official release from 1.4 branch
+- `1.5`, `1.5.x`, `latest` - Latest release tarball from 1.5 branch
+- `1.4`, `1.4.x` - Latest tagged release of git 1.4 branch
 - `master` - Master branch from git, unstable
+- `master-dev`, `1.5-dev` - Containers to kick off a development setup
 
-Containers supporting the development process are provided
-through the ledgersmb-dev-docker project. See https://github.com/ledgersmb/ledgersmb-dev-docker/blob/master/README.md#getting-started.
 
 # What is LedgerSMB?
 
@@ -29,9 +24,9 @@ This image is designed to be used in conjunction with a running PostgreSQL
 instance (such as may be provided through a separate image).
 
 This image exposes port 5762 running a Starman HTTP application server. We
-do recommend not exposing this port publicly, because
+do not recommend exposing this port publicly, because
 
-1. The Starman author recommends not exposing it
+1. The Starman author recommends it
 2. We strongly recommend TLS encryption of all application traffic
 
 While the exposed port can be used for quick evaluation, it's recommended
@@ -40,65 +35,61 @@ to add the TLS layer by applying Nginx or Apache as reverse proxy.
 Enabling optional functionalities such as outgoing e-mail and printing
 could require additional setup of a mail service or CUPS printer service.
 
+# Quickstart
+
+The quickest way to get this image up and running is by using the
+`docker-compose` file available through the GitHub repository at:
+
+  https://github.com/ledgersmb/ledgersmb-docker/blob/1.5/docker-compose.yml
+
+which sets up both this image and a supporting database image for
+production purposes (i.e. with persistent (database) data, with the
+exception of one thing: setting up an Nginx or Apache reverse proxy
+with TLS 1.2 support -- a requirement if you want to access your
+installation over any type of network.
+
 # How to use this image
 
-This image can be installed either automatically with the Docker compose file
-or manually with docker only.
-
-## Docker-Compose installation and start
-
-This image provides `docker-compose.yml` which can be used to pull related
-images, install them, establish an internal network for their communications,
-adjust environment variables, start and stop LedgerSMB. The only instructions
-required, after the optional edition of the file to adjust the environment
-variables, are:
+## Start a postgres instance
 
 ```plain
- $ docker-compose pull
- $ docker-compose up
+ $ docker run -d --name postgres \
+              -e POSTGRES_PASSWORD=mysecretpassword \
+              postgres:latest
 ```
 
-This will set up two containers: (1) a PostgreSQL container with persistent
-storage which is retained between container updates and (2) a LedgerSMB
-container configured to connect to the PostgreSQL container as its database
-server.
+BEWARE: The command above creates a container with the database data stored
+*inside* the container. Upon removal of the container, the database data will
+be removed too!
 
-The database username and password are:
+To prevent destruction of the database data upon replacement of the container,
+please use these commands instead:
 
 ```plain
-   username: postgres
-   password: abc
+ $ docker volume create dbdata
+ $ docker run -d --name postgres \
+              -e POSTGRES_PASSWORD=mysecretpassword \
+              -e PGDATA=/var/lib/postgresql/data/pgdata \
+              -v dbdata:/var/lib/postgresql/data \
+              postgres:latest
 ```
 
-From here, follow the steps as detailed in the instructions for
-[preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-17-first-use).
-
-## Manual installation
-
-This section assumes availability of a PostgreSQL server to attach to the
-LedgerSMB image as the database server.
-
-### Start LedgerSMB
+## Start LedgerSMB
 
 ```plain
  $ docker run -d -p 5762:5762 --name myledger \
-              -e POSTGRES_HOST=<ip/hostname> ledgersmb/ledgersmb:latest
+              ledgersmb/ledgersmb:latest
 ```
 
 This command maps port 5762 of your container to port 5762 in your host. The
 web application inside the container should now be accessible through
-http://localhost:5762/setup.pl and http://localhost:5762/login.pl.
+http://localhost:5762/setup.pl.
 
-Below are more variables which determine container configuration,
-like `POSTGRES_HOST` above.
-
-# Set up LedgerSMB
+## Set up LedgerSMB
 
  * Visit http://myledger:5762/setup.pl.
- * Log in with the "postgres" user and the password `abc` as given above -
-   or with the credentials of your own database server in case of a manual
-   setup - and provide the name of a company (= database name) you want to
-   create.
+ * Log in with the "postgres" user and the password `mysecretpassword`
+   and provide the name of a company (= database name) you want to create.
  * Go over the steps presented in the browser
 
 Once you have completed the setup steps, you have a fully functional
@@ -148,18 +139,21 @@ affect the performance experience of users.
 
 ## Mail configuration
 
-### Before 1.8.0
+The docker image uses `ssmtp` to send mail. 
 
-These variables are used to set outgoing SMTP defaults.
-
-* `SSMTP_ROOT` (config: `Root` -- DEPRECATED)
+* `SSMTP_ROOT` (config: `Root`)
 * `SSMTP_MAILHUB` (config: `Mailhub`)
 * `SSMTP_HOSTNAME` (config: `Hostname`)
 * `SSMTP_USE_STARTTLS` (config: `UseSTARTTLS`)
 * `SSMTP_AUTH_USER` (config: `AuthUser`)
 * `SSMTP_AUTH_PASS` (config: `AuthPass`)
-* `SSMTP_AUTH_METHOD` (config: `AuthMethod` -- DEPRECATED)
-* `SSMTP_FROMLINE_OVERRIDE` (config: `FromLineOverride` -- DEPRECATED)
+* `SSMTP_AUTH_METHOD` (config: `AuthMethod`)
+* `SSMTP_FROMLINE_OVERRIDE` (config: `FromLineOverride`)
+
+These variables are used to set outgoing SMTP defaults.
+
+To set the outgoing email address, set `SSMTP_ROOT` and `SSMTP_HOSTNAME` at
+a minimum.
 
 `SSMTP_MAILHUB` defaults to the default docker0 interface, so if your host is
 already configured to relay mail, this should relay successfully with only
@@ -170,25 +164,6 @@ Use the [ssmtp.conf man
 page](https://www.systutorials.com/docs/linux/man/5-ssmtp.conf/) to look up
 the meaning and function of each of the mail configuration keys.
 
-### 1.8.0 and higher (under development)
-
-As of 1.8.0, the image is based on Debian Buster instead of Debian Stretch;
-with Buster, the `ssmtp` program has been removed from Debian, this image
-had to change strategy. The main application always came with built-in e-mail
-yet with the deprecation, the abilities have expanded.
-
-The following parameters are now supported to set mail preferences:
-
-* `LSMB_MAIL_SMTPHOST`
-* `LSMB_MAIL_SMTPPORT`
-* `LSMB_MAIL_SMTPTLS`
-* `LSMB_MAIL_SMTPSENDER_HOSTNAME`
-* `LSMB_MAIL_SMTPUSER`
-* `LSMB_MAIL_SMTPPASS`
-* `LSMB_MAIL_SMTPAUTHMECH`
-
-
-
 # Troubleshooting/Developing
 
 Currently the LedgerSMB installation is in /srv/ledgersmb
@@ -199,18 +174,11 @@ and the startup & config script is /usr/bin/start.sh.
 
 ## Issues
 
-If you have any problems with or questions about this image or LedgerSMB,
-please contact us on the [mailing list](http://ledgersmb.org/topic/support/mailing-lists-rss-and-nntp-feeds)
-or through a [GitHub issue](https://github.com/ledgersmb/ledgersmb-docker/issues).
+If you have any problems with or questions about this image or LedgerSMB, please contact us on the [mailing list](http://ledgersmb.org/topic/support/mailing-lists-rss-and-nntp-feeds) or through a [GitHub issue](https://github.com/ledgersmb/ledgersmb-docker/issues).
 
-You can also reach some of the official LedgerSMB maintainers via the
-`#ledgersmb` IRC channel on [Freenode](https://freenode.net), or on the
-bridged [Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org).
-The [Riot.im](https://riot.im/app/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended.
+You can also reach some of the official LedgerSMB maintainers via the `#ledgersmb` IRC channel on [Freenode](https://freenode.net), or on the bridged [Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org). The [Riot.im](https://riot.im/app/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended.
 
 
 ## Contributing
 
-You are invited to contribute new features, fixes, or updates, large or small;
-we are always thrilled to receive pull requests, and do our best to process
-them as fast as we can.
+You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

docker-compose.yml

@@ -28,12 +28,18 @@ services:
   lsmb:
     depends_on:
       - postgres
-    image: ledgersmb/ledgersmb:1.7
+    image: ledgersmb/ledgersmb:1.5
     networks:
       - internal
       - default
-    ports:
-      - "127.0.0.1:5762:5762"
+    # Uncomment the 'ports' section to map the LedgerSMB container port (5762)
+    #  to the host's port of the same number, thus making LedgerSMB
+    #  available on http://<host-dns-or-ip>:5762/
+    #     SECURITY NOTE: Do this for evaluation purposes only!
+    #       In production, be sure to use SSL/TLS to protect user's passwords
+    #       and other sensitive data
+    # ports:
+    #   - "5762:5762"
     environment:
       # The LSMB_WORKERS environment variable lets you select the number
       # of processes serving HTTP requests. The default number of 2 workers
@@ -52,15 +58,6 @@ services:
       # SSMTP_AUTH_METHOD:
       # SSMTP_USE_STARTTLS:
       # SSMTP_FROMLINE_OVERRIDE:
-      #
-      #
-      # The PROXY_IP environment variable lets you set the IP address
-      # (range) of the reverse proxy used for TLS termination, which forwards
-      # its requests to this container. When this reverse proxy runs on the
-      # Docker host, the default below applies. In case the reverse proxy is
-      # hosted in a separate container, this setting needs to be adjusted.
-      #
-      # PROXY_IP: 172.17.0.1/12
 
 # having the dbdata volume is required to persist our
 # data between PostgreSQL container updates; without

start.sh

@@ -16,20 +16,33 @@ default_db = $DEFAULT_DB
 [mail]
 sendmail   = /usr/sbin/ssmtp
 
-[proxy]
-ip=${PROXY_IP:-172.17.0.1/12}
 EOF
   export LSMB_CONFIG_FILE='/tmp/ledgersmb.conf'
 fi
 
-if [ ! -d "/tmp/ledgersmb" ]; then
-  mkdir -p /tmp/ledgersmb
+if [ ! -f "/tmp/ledgersmb" ]; then
+  mkdir /tmp/ledgersmb
 fi
+# Currently unmaintained/untested
+# if [ ! -z ${CREATE_DATABASE+x} ]; then
+#   perl tools/dbsetup.pl --company $CREATE_DATABASE \
+#   --host $POSTGRES_HOST \
+#   --postgres_password "$POSTGRES_PASS"
+#fi
+
+# Needed for modules loaded by cpanm
+export PERL5LIB
+
+for PerlLib in /usr/lib/perl5* /usr/local/lib/perl5*/site_perl/* ; do
+    [[ -d "$PerlLib" ]] && {
+        PERL5LIB="$PerlLib";
+        echo -e "\tmaybe: $PerlLib";
+    }
+done ;
+echo "Selected PERL5LIB=$PERL5LIB";
 
 # start ledgersmb
 # --preload-app allows application initialization to kill the entire
 # starman instance (instead of just the worker, which will immediately
 # get restarted); it also has a positive effect on memory use
-
-exec starman --port 5762 --workers ${LSMB_WORKERS:-5} -I lib -I old/lib \
-        --preload-app bin/ledgersmb-server.psgi
+exec starman --port 5762 --workers ${LSMB_WORKERS:-5} --preload-app tools/starman.psgi