diff --git a/gvm/Dockerfile b/gvm/Dockerfile index f5adda6..0129519 100644 --- a/gvm/Dockerfile +++ b/gvm/Dockerfile @@ -5,12 +5,12 @@ LABEL io.hass.name="GVM Scanner" LABEL io.hass.description="un a GVM (OpenVAS) scanner as a Home Assistant add-on." LABEL io.hass.arch="amd64|aarch64" LABEL io.hass.type="addon" -LABEL io.hass.version="0.0.2-beta" +LABEL io.hass.version="0.0.3-beta" # Set timezone ENV TZ=Europe/Rome -# Install jq for parsing config +# Install jq for config parsing RUN apt-get update && apt-get install -y jq \ && apt-get clean && rm -rf /var/lib/apt/lists/* @@ -18,11 +18,11 @@ RUN apt-get update && apt-get install -y jq \ COPY run.sh /run.sh RUN chmod +x /run.sh -# Expose default GVM Web UI port +# Expose GVM Web UI port EXPOSE 9392 -# Optionally persist data +# Mountable volume VOLUME [ "/data" ] -# Set entrypoint -CMD [ "/run.sh" ] +# Entrypoint +CMD [ "/run.sh" ] \ No newline at end of file diff --git a/gvm/config.json b/gvm/config.json index 307cf7e..a9757d9 100644 --- a/gvm/config.json +++ b/gvm/config.json @@ -1,6 +1,6 @@ { "name": "GVM Scanner", - "version": "0.0.2-beta", + "version": "0.0.3-beta", "slug": "gvm", "description": "Run a GVM (OpenVAS) scanner as a Home Assistant add-on.", "startup": "services", diff --git a/gvm/run.sh b/gvm/run.sh index 9678b17..7f2d747 100644 --- a/gvm/run.sh +++ b/gvm/run.sh @@ -7,7 +7,7 @@ log() { echo "[GVM ADD-ON] $(date +"%Y-%m-%d %H:%M:%S") - $*" } -# Load user config passed by Home Assistant (as JSON env vars) +# Path to options provided by Home Assistant CONFIG_PATH="/data/options.json" if [ ! -f "$CONFIG_PATH" ]; then @@ -15,9 +15,13 @@ if [ ! -f "$CONFIG_PATH" ]; then exit 1 fi -# Extract variables using jq +# Read variables from options.json USERNAME=$(jq -r '.username' "$CONFIG_PATH") PASSWORD=$(jq -r '.password' "$CONFIG_PATH") +TZ=$(jq -r '.TZ // empty' "$CONFIG_PATH") +DB_PASSWORD=$(jq -r '.DB_PASSWORD // empty' "$CONFIG_PATH") +HTTPS=$(jq -r '.HTTPS // "false"' "$CONFIG_PATH") +SSHD=$(jq -r '.SSHD // "true"' "$CONFIG_PATH") # Validate if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then @@ -25,17 +29,20 @@ if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then exit 1 fi -# Set them for the environment +# Export variables for GVM export USERNAME export PASSWORD -export DB_PASSWORD="$PASSWORD" +export DB_PASSWORD +export TZ +export HTTPS +export SSHD -log "INFO: Starting GVM (OpenVAS) add-on as user $USERNAME..." +log "INFO: Starting GVM (OpenVAS) add-on as user '$USERNAME'" -# Setup timezone +# Set timezone if available if [ -n "$TZ" ]; then log "INFO: Setting timezone to $TZ" - ln -snf /usr/share/zoneinfo/$TZ /etc/localtime + ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime echo "$TZ" > /etc/timezone fi @@ -47,4 +54,4 @@ if [ ! -d "$DATA_DIR" ]; then fi log "INFO: Launching GVM service..." -exec /usr/local/bin/dumb-init gvm-start | tee -a "$DATA_DIR/gvm.log" +exec gvm-start | tee -a "$DATA_DIR/gvm.log" diff --git a/sonarqube/Dockerfile b/sonarqube/Dockerfile index 8d4e0fe..9ecde32 100644 --- a/sonarqube/Dockerfile +++ b/sonarqube/Dockerfile @@ -5,7 +5,7 @@ LABEL io.hass.name="SonarQube" LABEL io.hass.description="SonarQube Server helps you comply with common code security standards, such as the NIST SSDF, OWASP, CWE, STIG, and CASA." LABEL io.hass.arch="amd64|aarch64" LABEL io.hass.type="addon" -LABEL io.hass.version="0.0.2-beta" +LABEL io.hass.version="0.0.3-beta" # Build parameters ARG SONARQUBE_VERSION=9.9.6.92038 @@ -36,9 +36,8 @@ RUN curl -L "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$ COPY run.sh /usr/local/bin/run.sh RUN chmod +x /usr/local/bin/run.sh -# Expose the internal port (always 9000) +# Expose the internal port EXPOSE 9000 -# Run as the 'sonarqube' user -USER sonarqube +# All setup (timezone, mkdir) runs as root; run.sh will drop to sonarqube ENTRYPOINT ["/usr/local/bin/run.sh"] diff --git a/sonarqube/config.json b/sonarqube/config.json index ed4d008..2d939ed 100644 --- a/sonarqube/config.json +++ b/sonarqube/config.json @@ -1,6 +1,6 @@ { "name": "SonarQube", - "version": "0.0.2-beta", + "version": "0.0.3-beta", "slug": "sonarqube", "description": "SonarQube Server helps you comply with common code security standards, such as the NIST SSDF, OWASP, CWE, STIG, and CASA.", "arch": ["amd64", "armv7", "aarch64"], @@ -11,7 +11,6 @@ "options": { "data_path": "/share/sonarqube/data", "extensions_path": "/share/sonarqube/extensions", - "ui_port": 9000, "jdbc_url": "jdbc:postgresql://sonarqube_db:5432/sonar", "jdbc_username": "", "jdbc_password": "", @@ -20,7 +19,6 @@ "schema": { "data_path": "str", "extensions_path": "str", - "ui_port": "int", "jdbc_url": "str", "jdbc_username": "str", "jdbc_password": "str", diff --git a/sonarqube/run.sh b/sonarqube/run.sh index 8210ee3..40344d0 100644 --- a/sonarqube/run.sh +++ b/sonarqube/run.sh @@ -12,17 +12,18 @@ set -e : "${SONAR_JDBC_PASSWORD:?Serve SONAR_JDBC_PASSWORD}" # --- Imposto timezone a container start --- -ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime && echo "${TZ}" > /etc/timezone +ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime +echo "${TZ}" > /etc/timezone # --- Creo e monto le cartelle host in container --- mkdir -p "${DATA_PATH}" "${EXT_PATH}" cd "${SONARQUBE_HOME}" -# sposto le cartelle interne originali (evt. backup) -[ -d data ] && mv data data.orig || true -[ -d extensions ]&& mv extensions extensions.orig || true +# Sposto le cartelle interne originali (evt. backup) +[ -d data ] && mv data data.orig || true +[ -d extensions ] && mv extensions extensions.orig || true -# link simbolici verso le cartelle condivise +# Link simbolici verso le cartelle condivise ln -s "${DATA_PATH}" data ln -s "${EXT_PATH}" extensions @@ -31,5 +32,5 @@ export SONAR_JDBC_URL export SONAR_JDBC_USERNAME export SONAR_JDBC_PASSWORD -# --- Avvio SonarQube in foreground --- -exec "${SONARQUBE_BIN}/sonar.sh" console \ No newline at end of file +# --- Avvio SonarQube in foreground come utente non-root --- +exec su-exec sonarqube "${SONARQUBE_BIN}/sonar.sh" console