Prepare Alpine OIDC (#5764)

* Prepare Alpine OIDC * Prepare syntax for OpenID Connect in Alpine. * Update :newest Alpine development image to PHP 8.3 * Fix a little bug in test of OIDC_SCOPES * Changelog + syntax * shellchecks
2023-10-28 13:40:22 +02:00 · 2023-10-28 13:40:22 +02:00 · 51a95afdbb
parent b228342b2f
commit 51a95afdbb
3 changed files with 18 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,7 +5,7 @@
 * Bug fixing
 	* Fix regression in i18n English fallback for extensions [#5752](https://github.com/FreshRSS/FreshRSS/pull/5752)
 	* Fix identification of thumbnails [#5750](https://github.com/FreshRSS/FreshRSS/pull/5750)
-	* OpenID Connect compatibility with colon `:` in `OIDC_SCOPES` [#5753](https://github.com/FreshRSS/FreshRSS/pull/5753)
+	* OpenID Connect compatibility with colon `:` in `OIDC_SCOPES` [#5753](https://github.com/FreshRSS/FreshRSS/pull/5753), [#5764](https://github.com/FreshRSS/FreshRSS/pull/5764)
 	* Avoid a warning on non-numeric `TRUSTED_PROXY` environment variable [#5733](https://github.com/FreshRSS/FreshRSS/pull/5733)
 	* Better identification of proxied client IP with `RemoteIPInternalProxy` in Apache [#5740](https://github.com/FreshRSS/FreshRSS/pull/5740)
 * i18n
@ -15,6 +15,10 @@
 	* Improve *Origine* theme (dark mode) [#5745](https://github.com/FreshRSS/FreshRSS/pull/5745)
 	* Improve *Nord* theme [#5754](https://github.com/FreshRSS/FreshRSS/pull/5754)
 	* Various UI and style improvements [#5737](https://github.com/FreshRSS/FreshRSS/pull/5737)
+* Deployment
+	* Docker: Upgraded Alpine dev image `freshrss/freshrss:newest` to PHP 8.3 [#5764](https://github.com/FreshRSS/FreshRSS/pull/5764)
+* Compatibility
+	* Test compatibility with PHP 8.3 [#5764](https://github.com/FreshRSS/FreshRSS/pull/5764)
 * Misc.
 	* Move to GitHub Actions for our GitHub Pages [#5681](https://github.com/FreshRSS/FreshRSS/pull/5681)

--- a/Docker/Dockerfile-Newest
+++ b/Docker/Dockerfile-Newest
@ -5,11 +5,11 @@ SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories && \
 	apk add --no-cache \
 	tzdata \
-	apache2 php82-apache2 \
+	apache2 php83-apache2 \
 	apache-mod-auth-openidc \
-	php82 php82-curl php82-gmp php82-intl php82-mbstring php82-xml php82-zip \
-	php82-ctype php82-dom php82-fileinfo php82-iconv php82-json php82-opcache php82-openssl php82-phar php82-session php82-simplexml php82-xmlreader php82-xmlwriter php82-xml php82-tokenizer php82-zlib \
-	php82-pdo_sqlite php82-pdo_mysql php82-pdo_pgsql
+	php83 php83-curl php83-gmp php83-intl php83-mbstring php83-xml php83-zip \
+	php83-ctype php83-dom php83-fileinfo php83-iconv php83-json php83-opcache php83-openssl php83-phar php83-session php83-simplexml php83-xmlreader php83-xmlwriter php83-xml php83-tokenizer php83-zlib \
+	php83-pdo_sqlite php83-pdo_mysql php83-pdo_pgsql

 RUN mkdir -p /var/www/FreshRSS /run/apache2/
 WORKDIR /var/www/FreshRSS
@ -41,8 +41,9 @@ RUN rm -f /etc/apache2/conf.d/languages.conf /etc/apache2/conf.d/info.conf \
 		/etc/apache2/httpd.conf && \
 	sed -r -i "/^\s*(CustomLog|ErrorLog|Listen) /s/^/#/" \
 		/etc/apache2/httpd.conf && \
-	if [ ! -f /usr/bin/php ]; then ln -s /usr/bin/php82 /usr/bin/php; else true; fi && \
-	echo 'memory_limit = 256M' > /etc/php82/conf.d/10_memory.ini && \
+	mv /etc/apache2/conf.d/mod-auth-openidc.conf /etc/apache2/conf.d/mod-auth-openidc.conf.bak && \
+	if [ ! -f /usr/bin/php ]; then ln -s /usr/bin/php83 /usr/bin/php; else true; fi && \
+	echo 'memory_limit = 256M' > /etc/php83/conf.d/10_memory.ini && \
 	# Disable built-in updates when using Docker, as the full image is supposed to be updated instead.
 	sed -r -i "\\#disable_update#s#^.*#\t'disable_update' => true,#" ./config.default.php && \
 	touch /var/www/FreshRSS/Docker/env.txt && \
--- a/Docker/entrypoint.sh
+++ b/Docker/entrypoint.sh
@ -22,9 +22,12 @@ if [ -n "$TRUSTED_PROXY" ]; then
 fi

 if [ -n "$OIDC_ENABLED" ] && [ "$OIDC_ENABLED" -ne 0 ]; then
-	a2enmod -q auth_openidc
-	if [ -n "$OIDC_ENABLED" ]; then
-		# Compatibility with : as separator instead of space:
+	# Debian
+	(which a2enmod >/dev/null && a2enmod -q auth_openidc) ||
+		# Alpine
+		(mv /etc/apache2/conf.d/mod-auth-openidc.conf.bak /etc/apache2/conf.d/mod-auth-openidc.conf && echo 'Enabling module auth_openidc.')
+	if [ -n "$OIDC_SCOPES" ]; then
+		# Compatibility with : as separator instead of space
 		OIDC_SCOPES=$(echo "$OIDC_SCOPES" | tr ':' ' ')
 		export OIDC_SCOPES
 	fi