Today, we do setfacl unconditionally; this can be a problem for
user-provided certificates because they may be located somewhere else.
This patch fixes the problem by only doing setfacl after renewing the
certificates.
Externally provided certificates will be untouched, and the user is
responsible for ensuring that chasquid can read them.
Thanks to Alex Ellwein (aellwein@github) for reporting this in
https://github.com/albertito/chasquid/issues/29!
The latest Debian stable images don't include the `setcap` binary by
default like they used to.
Our Docker build depends on it, so this patch makes the Dockerfile
install the libcap2-bin package (which contains the `setcap` binary).
In commit 5305d584 we fixed an issue with the way the Docker image
adds the "hostname" option to chasquid.conf.
Currently, the Docker entrypoint sets the "hostname" option in
chasquid.conf if it's missing.
That works fine, except when there is a configuration change and the
domain is removed. In that case, the hostname option will have a stale
value, forcing the user to re-create the container, which can be
cumbersome.
This patch fixes the issue by unconditionally setting the hostname
option to one of the available domains at the time of start up.
Thanks to Jaywann@github for finding and reporting this problem on
https://github.com/albertito/chasquid/issues/16, and suggesting an
alternative fix!
When the chasquid docker container is restarted, entrypoint.sh will add
the hostname again, even if it is present.
This causes chasquid to fail to start due to the duplicated option
(`non-repeated field "hostname" is repeated`).
Thanks to Jaywann@github for finding and reporting this problem, on
https://github.com/albertito/chasquid/issues/16.
This patch fixes the issue by only adding the option if it isn't already
present.
This patch adds a new docker directory, which contains a Dockerfile plus
some additional configuration for creating a container that runs
chasquid+dovecot+letsencrypt.
It also updates the gitlab CI pipeline to automatically build and
publish an image on each commit.
This is experimental and likely to break.
