Merge pull request #45 from speed47/master

feat: add more archs to dockerhub sandbox

.github/workflows/dockerhub.yml

@@ -18,7 +18,7 @@ jobs:
         uses: docker/setup-buildx-action@v1
       -
         name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKERHUB_LOGIN }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -29,7 +29,8 @@ jobs:
         with:
           push: true
           file: docker/Dockerfile.sandbox
-          tags: ovhcom/the-bastion:sandbox-latest
+          tags: ovhcom/the-bastion:sandbox
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
       -
         name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}

README.md

@@ -27,7 +27,7 @@ This is a good way to test The Bastion within seconds, but [read the FAQ](https:
 
 OK, let's run the docker image:
 
-    docker run -d -p 22 --name bastiontest ovhcom/the-bastion:sandbox-latest
+    docker run -d -p 22 --name bastiontest ovhcom/the-bastion:sandbox
 
 Get your public SSH key at hand, then configure the first administrator account:
 

bin/admin/install-ttyrec.sh

@@ -22,38 +22,42 @@ EOF
 set_download_url() {
     pattern="$1"
 
-    action_doing "Checking for prerequisites..."
-    if command -v curl >/dev/null; then
-        action_done curl
-        _apicall() {
-            curl -sL -H 'Accept: application/vnd.github.v3+json' "$1"
-        }
-        _download() {
-            curl -sL -O "$1"
-        }
-    elif command -v wget >/dev/null; then
+    action_doing "Looking for download tool..."
+    if command -v wget >/dev/null; then
         action_done wget
         _apicall() {
-            wget -q -O - --header="Accept: application/vnd.github.v3+json" "$1"
+            wget -q -O - --header="Accept: application/vnd.github.v3+json" "$1" || true
         }
         _download() {
             wget -q "$1"
         }
+    elif command -v curl >/dev/null; then
+        action_done curl
+        _apicall() {
+            curl -sL -H 'Accept: application/vnd.github.v3+json' "$1" || true
+        }
+        _download() {
+            curl -sL -O "$1"
+        }
     else
         action_error "Couldn't find wget nor curl"
         exit 1
     fi
-
     action_doing "Getting latest release for arch $arch..."
+    payload=$(mktemp)
+    # shellcheck disable=SC2064
+    trap "rm -f $payload" EXIT
+
+    _apicall $RELEASE_API_URL > "$payload"
     if command -v jq >/dev/null; then
         # If we have jq, we can do it properly
-        url=$(_apicall $RELEASE_API_URL | jq -r '.[0].assets|.[]|.browser_download_url' | grep -F "$pattern" | head -n1)
+        url=$(jq -r '.[0].assets|.[]|.browser_download_url' < "$payload" | grep -F "$pattern" | head -n1)
     elif perl -MJSON -e 1 2>/dev/null; then
         # If we don't, there's a good chance we have Perl with the JSON module, use it
-        url=$(_apicall $RELEASE_API_URL | perl -MJSON -e 'undef $/; $d=decode_json(<>); foreach(@{ $d->[0]{assets} || [] }) { $_=$_->{browser_download_url}; /\Q'"$pattern"'\E/ && print && exit }' | head -n1)
+        url=$(perl -MJSON -e 'undef $/; $d=decode_json(<>); foreach(@{ $d->[0]{assets} || [] }) { $_=$_->{browser_download_url}; /\Q'"$pattern"'\E/ && print && exit }' "$payload" | head -n1)
     else
         # Otherwise, go the ugly way, don't bother the user in installing jq just for this need
-        url=$(_apicall $RELEASE_API_URL | grep -Eo 'https://[a-z0-9./_-]+' | grep -F "$pattern" | head -n1)
+        url=$(grep -Eo 'https://[a-z0-9./_-]+' "$payload" | grep -F "$pattern" | head -n1)
     fi
 
     if [ -n "$url" ]; then

bin/admin/packages-check.sh

@@ -40,6 +40,11 @@ if echo "$DISTRO_LIKE" | grep -q -w debian; then
                 libwww-perl libdigest-sha-perl libnet-ssleay-perl \
                 libnet-server-perl cryptsetup mosh expect openssh-server locales \
                 coreutils netcat bash libcgi-pm-perl iputils-ping"
+    # workaround for debian/armhf: curl fails to validate some SSL certificates,
+    # whereas wget succeeds; this is needed for e.g. install-ttyrec.sh
+    if [ "$(uname -m)" = armv7l ]; then
+        wanted_list="$wanted_list wget"
+    fi
     [ "$opt_dev" = 1 ] && wanted_list="$wanted_list libperl-critic-perl perltidy shellcheck"
     if { [ "$LINUX_DISTRO" = debian ] && [ "$DISTRO_VERSION_MAJOR" -lt 9 ]; } ||
        { [ "$LINUX_DISTRO" = ubuntu ] && [ "$DISTRO_VERSION_MAJOR" -le 16 ]; }; then