From da5ce481de37ba86e42dc922a42ce88d0b9d153e Mon Sep 17 00:00:00 2001 From: Martijn Dierckx Date: Thu, 29 Sep 2022 18:01:23 +0200 Subject: [PATCH] switch to ubuntu 22.04 --- Dockerfile | 21 ++----- README.md | 103 ++-------------------------------- build.sh | 76 +++---------------------- config/samba/smb.conf | 34 +++++++++-- docker-compose.yml | 4 +- scripts/docker-healthcheck.sh | 7 --- scripts/entrypoint.sh | 18 ++++-- 7 files changed, 60 insertions(+), 203 deletions(-) delete mode 100755 scripts/docker-healthcheck.sh diff --git a/Dockerfile b/Dockerfile index b186e5c..96a518f 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,8 @@ -FROM alpine AS wsdd2-builder - -RUN apk add --no-cache make gcc libc-dev linux-headers && wget -O - https://github.com/Netgear/wsdd2/archive/refs/heads/master.tar.gz | tar zxvf - \ - && cd wsdd2-master && make - -FROM alpine -# alpine:3.14 - -COPY --from=wsdd2-builder /wsdd2-master/wsdd2 /usr/sbin +FROM ubuntu:22.04 ENV PATH="/container/scripts:${PATH}" -RUN apk add --no-cache runit \ - avahi \ - samba \ - \ +RUN apt update && apt install runit avahi-daemon samba samba-common samba-client wsdd2 -y \ && sed -i 's/#enable-dbus=.*/enable-dbus=no/g' /etc/avahi/avahi-daemon.conf \ && rm -vf /etc/avahi/services/* \ \ @@ -27,7 +16,9 @@ EXPOSE 139 445 COPY . /container/ -HEALTHCHECK CMD ["/container/scripts/docker-healthcheck.sh"] +HEALTHCHECK --interval=60s --timeout=15s \ + CMD smbclient -L \\localhost -U % -m SMB3 + ENTRYPOINT ["/container/scripts/entrypoint.sh"] -CMD [ "runsvdir","-P", "/container/config/runit" ] +CMD [ "runsvdir","-P", "/container/config/runit" ] \ No newline at end of file diff --git a/README.md b/README.md index 63fc9cc..6b0bcd3 100755 --- a/README.md +++ b/README.md @@ -1,101 +1,8 @@ -# samba - (servercontainers/samba) [x86 + arm] - -samba on alpine - -with timemachine, zeroconf (`avahi`) and WSD (Web Services for Devices) (`wsdd2`) support - -## Versioning and Variants - -You'll find all images tagged like `a3.15.0-s4.15.2` which means `a-s`. -This way you can pin your installation/configuration to a certian version. or easily roll back if you experience any problems -(don't forget to open a issue in that case ;D). - -The `latest` version will be updated/released after I managed to test a new pinned version in my production environment. -This way I can easily find and fix bugs without affecting any users. It will result in a way more stable container. - -Other than that there are the following variants of this container: - -_all of those variants are automatically build and generated in one go_ - -- `latest` or `a-s` - - main version of this repo - - includes everything (smbd, avahi, wsdd2) - - not all services need to start/run -> use ENV variables to disable optional services -- `smbd-only-latest` or `smbd-only-a-s` - - this will only include smbd and my scripts - no avahi, wsdd2 installed -- `smbd-avahi-latest` or `smbd-avahi-a-s` - - this will only include smbd, my scripts and avahi - - optional service can still be disabled using ENV variables -- `smbd-wsdd2-latest` or `smbd-wsdd2-a-s` - - this will only include smbd, my scripts and wsdd2 - - optional service can still be disabled using ENV variables - -## Changelogs - -* 2022-05-31 - * support for `server role` as ENV parameter -* 2022-01-31 - * support for global settings via stanza (similar to volume config) -* 2022-01-28 - * removed old `chmod 777, chown nodboy:nogroup` statements on multi user shares -* 2022-01-20 - * fixed healthcheck for container `avahi` -* 2022-01-08 - * better build script -* 2021-12-30 - * fix for disabling `wsdd2` - * verbose execution of service start - * log to `stdout` - * fixed connection issues by pinning alpine to `3.14` - * made `avahi` optional - * new build process and variants -* 2021-12-25 - * multi user shares for all volumes possible - * removed bash to same some space - * improved `docker-compose.yml` - * improved healthcheck - * improved logging -* 2021-12-24 - * start `smbd` with `--foreground` parameter - * fix for loglevel settings - it works now - * new examples for shared shares in `docker-compose.yml` - * start `wsdd2` after 10 seconds -* 2021-12-02 - * made `wsdd2` service optional - * updated version -* 2021-09-27 - * added support for `wsdd2` parameterization -* 2021-08-30 - * added support for groups -* 2021-08-27 - * removed old multi arch build dockerfiles - `builx is used` - * added `wsdd2` for service discovery on windows -* 2021-08-23 - * fixed `SAMBA_GLOBAL_CONFIG_...` missing key. -* 2021-08-08 - * added env to contorl `log level` - default value `1` - * fixed `SAMBA_GLOBAL_CONFIG_...` with spaces in the key. -* 2021-03-16 - * added support for specifing the `uid` for each `ACCOUNT_` using `UID_username=1234214` env. -* 2021-03-09 - * updated healthcheck to work with external avahi server -* 2020-12-22 - * added support for samba password hashes instead of just plaintext passwords -* 2020-12-10 - * added Timemachine Multiuser Support (samba config path needs to end with `%U`) -* 2020-12-09 - * bug fix: `` gets removed with multiple timemachine volumes -* 2020-11-08 - * fixed samba user creation - * custom avahi service name -* 2020-11-05 - * multiarch build - * rewrite from debian to alpine - * enhanced timemachine support - -## Info - -This is a Samba Server Container running on `_/alpine`. +# Samba - Docker + +Samba on Ubuntu with TimeMachine, zeroconf (`avahi`) and WSD (Web Services for Devices) (`wsdd2`) support + +Forked from [ServerContainers](https://github.com/ServerContainers/samba)' example on Alpine linux. But because the samba build on Alpine doesn't properly support spotlight search with an elastic backend, and Ubuntu's build does, I created this fork. ## Environment variables and defaults diff --git a/build.sh b/build.sh index 6d363d8..51f0d30 100755 --- a/build.sh +++ b/build.sh @@ -1,73 +1,11 @@ -#!/bin/sh -x +#!/bin/sh -IMG="servercontainers/samba" +IMG="martijndierckx/samba" +PLATFORM="linux/amd64" -PLATFORM="linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6" +UBUNTU_VERSION=22.04 -rm -rf variants.tar variants/ 2>/dev/null >/dev/null +SAMBA_V_OUPUT=$(docker run --rm -ti ubuntu:22.04 /bin/bash -c "apt -qq update 2> /dev/null && apt show samba 2> /dev/null") +SAMBA_VERSION=$(echo "$SAMBA_V_OUPUT" | grep "Version: " | grep "[0-9]:[0-9\.]\+" -o | sed "s/[0-9]://g") -if [ -z ${SAMBA_VERSION+x} ] || [ -z ${ALPINE_VERSION+x} ]; then - docker-compose build -q --pull --no-cache - export SAMBA_VERSION=$(docker run --rm -ti "$IMG" apk list 2>/dev/null | grep '\[installed\]' | grep "samba-[0-9]" | cut -d " " -f1 | sed 's/samba-//g' | tr -d '\r') - export ALPINE_VERSION=$(docker run --rm -ti "$IMG" cat /etc/alpine-release | tail -n1 | tr -d '\r') -fi - -if echo "$@" | grep -v "force" 2>/dev/null >/dev/null; then - echo "check if image was already build and pushed - skip check on release version" - echo "$@" | grep -v "release" && docker pull "$IMG:a$ALPINE_VERSION-s$SAMBA_VERSION" 2>/dev/null >/dev/null && echo "image already build" && exit 1 -fi - -docker buildx build -q --pull --no-cache --platform "$PLATFORM" -t "$IMG:a$ALPINE_VERSION-s$SAMBA_VERSION" --push . - -echo "$@" | grep "release" 2>/dev/null >/dev/null && echo ">> releasing new latest" && docker buildx build -q --pull --platform "$PLATFORM" -t "$IMG:latest" --push . - -# make sure this is only executed in main script -echo "$@" | grep "variant" && exit 0 - - -tar cf variants.tar --exclude .git/ --exclude variants.tar . - -mkdir -p variants/smbd-only variants/smbd-avahi variants/smbd-wsdd2 - - -cd variants/smbd-only -tar xf ../../variants.tar -cat Dockerfile | grep -v avahi | grep -v wsdd2 > Dockerfile.new -mv Dockerfile.new Dockerfile -rm -rf config/avahi config/runit/avahi -rm -rf config/runit/wsdd2 - -sed -i.bak 's/:[a]/:smbd-only-a/g' build.sh && rm build.sh.bak -sed -i.bak 's/:[l]atest/:smbd-only-latest/g' build.sh && rm build.sh.bak - -./build.sh "variant" "$@" - -cd ../../ - - -cd variants/smbd-avahi -tar xf ../../variants.tar -cat Dockerfile | grep -v wsdd2 > Dockerfile.new -mv Dockerfile.new Dockerfile -rm -rf config/runit/wsdd2 - -sed -i.bak 's/:[a]/:smbd-avahi-a/g' build.sh && rm build.sh.bak -sed -i.bak 's/:[l]atest/:smbd-avahi-latest/g' build.sh && rm build.sh.bak - -./build.sh "variant" "$@" - -cd ../../ - - -cd variants/smbd-wsdd2 -tar xf ../../variants.tar -cat Dockerfile | grep -v avahi > Dockerfile.new -mv Dockerfile.new Dockerfile -rm -rf config/avahi config/runit/avahi - -sed -i.bak 's/:[a]/:smbd-wsdd2-a/g' build.sh && rm build.sh.bak -sed -i.bak 's/:[l]atest/:smbd-wsdd2-latest/g' build.sh && rm build.sh.bak - -./build.sh "variant" "$@" - -cd ../../ \ No newline at end of file +docker buildx build --push --platform "$PLATFORM" --tag "$IMG:$SAMBA_VERSION" --tag "$IMG:latest" . \ No newline at end of file diff --git a/config/samba/smb.conf b/config/samba/smb.conf index a4ccd5f..b2166a3 100644 --- a/config/samba/smb.conf +++ b/config/samba/smb.conf @@ -3,23 +3,45 @@ log file = /dev/stdout dns proxy = no - # password stuff passdb backend = smbpasswd - obey pam restrictions = yes security = user - printcap name = /dev/null - load printers = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 dns proxy = no wide links = yes follow symlinks = yes unix extensions = no acl allow execute always = yes + ea support = yes + vfs objects = catia fruit streams_xattr + + # Disable printing + printcap name = /dev/null + load printers = no + disable spoolss = yes + + # Security + client ipc max protocol = SMB3 + client ipc min protocol = SMB2_10 + client max protocol = SMB3 + client min protocol = SMB2_10 + server max protocol = SMB3 + server min protocol = SMB2_10 - # Special configuration for Apple's Time Machine + # Apple + fruit:aapl = yes + fruit:encoding = native + fruit:locking = none + fruit:metadata = stream + fruit:resource = xattr + fruit:veto_appledouble = no + fruit:posix_rename = yes + fruit:zero_file_id = yes + fruit:wipe_intentionally_left_blank_rfork = yes + fruit:delete_empty_adfiles = yes + + # Apple TimeMachine fruit:model = TimeCapsule fruit:advertise_fullsync = true - fruit:aapl = yes # Docker Envs global config options diff --git a/docker-compose.yml b/docker-compose.yml index 1573ce9..f74c282 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,8 +3,8 @@ version: '3' services: samba: build: . - image: servercontainers/samba - restart: always + image: martijndierckx/samba + restart: unless-stoppd network_mode: host # uncomment to solve bug: https://github.com/ServerContainers/samba/issues/50 - wsdd2 only - not needed for samba #cap_add: diff --git a/scripts/docker-healthcheck.sh b/scripts/docker-healthcheck.sh deleted file mode 100755 index 725c470..0000000 --- a/scripts/docker-healthcheck.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -NUM_OF_SERVICES=2 -[ -z ${AVAHI_DISABLE+x} ] && [ -f "/external/avahi/not-mounted" ] && NUM_OF_SERVICES=$(expr $NUM_OF_SERVICES + 1) -[ -z ${WSDD2_DISABLE+x} ] && NUM_OF_SERVICES=$(expr $NUM_OF_SERVICES + 1) - -[[ $(ps aux | grep '[0-9] [s]mbd \|/[w]sdd2\|[a]vahi-daemon: r\|[r]unsvdir' | wc -l) -ge "$NUM_OF_SERVICES" ]] -exit $? \ No newline at end of file diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index fa73afc..1d1785e 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -1,11 +1,12 @@ #!/bin/sh -export IFS=$'\n' +IFS=" +" cat </dev/null then echo ">> ACCOUNT: adding account: $ACCOUNT_NAME with UID: $ACCOUNT_UID" - adduser -D -H -u "$ACCOUNT_UID" -s /bin/false "$ACCOUNT_NAME" + adduser --no-create-home --disabled-password --shell /bin/false --gecos GECOS --uid "$ACCOUNT_UID" "$ACCOUNT_NAME" else echo ">> ACCOUNT: adding account: $ACCOUNT_NAME" - adduser -D -H -s /bin/false "$ACCOUNT_NAME" + adduser --no-create-home --disabled-password --shell /bin/false --gecos GECOS "$ACCOUNT_NAME" fi smbpasswd -a -n "$ACCOUNT_NAME" @@ -106,8 +107,13 @@ if [ ! -f "$INITALIZED" ]; then CLEAN_HASH=$(echo "$ACCOUNT_PASSWORD" | sed 's/^.*:[0-9]*://g') sed -i 's/\('"$ACCOUNT_NAME"':[0-9]*:\).*/\1'"$CLEAN_HASH"'/g' /var/lib/samba/private/smbpasswd else - echo -e "$ACCOUNT_PASSWORD\n$ACCOUNT_PASSWORD" | passwd "$ACCOUNT_NAME" - echo -e "$ACCOUNT_PASSWORD\n$ACCOUNT_PASSWORD" | smbpasswd "$ACCOUNT_NAME" + #echo -e "$ACCOUNT_PASSWORD\n$ACCOUNT_PASSWORD" | passwd "$ACCOUNT_NAME" + echo "$ACCOUNT_NAME:$ACCOUNT_PASSWORD" | chpasswd + #echo -e "$ACCOUNT_PASSWORD\n$ACCOUNT_PASSWORD" | smbpasswd -s "$ACCOUNT_NAME" + smbpasswd -s "$ACCOUNT_NAME"<