From 0857806acf002b7b8615d7b977eadc6cfaec781e Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Fri, 27 Aug 2021 17:41:26 +0200
Subject: [PATCH 1/6] Make signer and signer_client work with minimal changes

---
 docker-compose.yml       | 4 +++-
 docker/run-signer        | 2 +-
 docker/run-signer_client | 6 ++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 67cab0e..c84031f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -101,6 +101,7 @@ services:
     volumes:
       - certstaging:/srv/certs
       - signersockets:/srv/sockets
+      - webdbincl:/home/cacert/www/includes/
     depends_on:
       - db
       - smtp
@@ -126,4 +127,5 @@ volumes:
   maildir: { }
   certstaging: { }
   signersockets: { }
-  signerdata: { }
\ No newline at end of file
+  signerdata: { }
+  webdbincl: { }
diff --git a/docker/run-signer b/docker/run-signer
index c145ea5..01848f2 100755
--- a/docker/run-signer
+++ b/docker/run-signer
@@ -23,7 +23,7 @@ if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root
 if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
 
 rm -f /srv/sockets/signer
-socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
+socat -d -d "PTY,link=${SERIAL_PORT}" UNIX-LISTEN:/srv/sockets/signer 2>&1 &
 sleep 1
 
 cd /srv/CommModule/
diff --git a/docker/run-signer_client b/docker/run-signer_client
index 7c19dae..e8fd99c 100755
--- a/docker/run-signer_client
+++ b/docker/run-signer_client
@@ -2,10 +2,12 @@
 
 set -eu
 
-socat -d -d UNIX:/srv/sockets/signer PTY,link=/dev/ttyS0 2>&1 &
+export SERIAL_PORT=/dev/ttyUSB0
+
+socat -d -d "UNIX:/srv/sockets/signer" "PTY,link=${SERIAL_PORT}" 2>&1 &
 sleep 1
 
-export SERIAL_PORT=/dev/ttyS0
+echo "<?php mysql_connect(\"${MYSQL_WEBDB_HOSTNAME}\", \"${MYSQL_WEBDB_USER}\", \"${MYSQL_WEBDB_PASSWORD}\");" > "/home/cacert/www/includes/mysql.php"
 
 cd /srv/CommModule/
 

From dbb500f8e8292f3929f43b56f0ed4bdbafce93a8 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Fri, 27 Aug 2021 18:00:13 +0200
Subject: [PATCH 2/6] Add wget to allow download of translations on first start

---
 webdb.Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/webdb.Dockerfile b/webdb.Dockerfile
index fd3ff3d..0712ed6 100644
--- a/webdb.Dockerfile
+++ b/webdb.Dockerfile
@@ -35,6 +35,7 @@ RUN apt-get update \
     php5-recode \
     psmisc \
     wamerican \
+    wget \
     whois \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* \

From d3a44eb38e8fc7af18258ae85148b7b5d344430a Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Fri, 27 Aug 2021 18:45:42 +0200
Subject: [PATCH 3/6] Add TVERIFY_HOSTNAME to support older code base

---
 docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index c84031f..f8df137 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,6 +42,7 @@ services:
       CRL_DIRECTORY: /srv/certs/crl
       DEFAULT_HOSTNAME: www.cacert.localhost
       SECURE_HOSTNAME: secure.cacert.localhost
+      TVERIFY_HOSTNAME: tverify.cacert.localhost
       INSECURE_PORT: 8080
       SECURE_PORT: 8443
       RETURN_ADDRESS: "returns@cacert.localhost"

From 1f815bad8594d1a205ecf95b872ff8d19658cb32 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Fri, 27 Aug 2021 18:48:09 +0200
Subject: [PATCH 4/6] Point mr to jandd's run-locally github branch

---
 .mrconfig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.mrconfig b/.mrconfig
index 941a88e..a6dbee0 100644
--- a/.mrconfig
+++ b/.mrconfig
@@ -5,4 +5,5 @@ checkout = git clone https://github.com/CAcertOrg/cats cacert-cats
 checkout = git clone git+ssh://git.cacert.org/srv/git/cacert-mgr.git cacert-mgr
 
 [cacert-software]
-checkout = git clone git+ssh://git.cacert.org/srv/git/cacert-devel.git cacert-software
+#checkout = git clone git+ssh://git.cacert.org/srv/git/cacert-devel.git cacert-software
+checkout = git clone -b run-locally https://github.com/jandd/cacert-devel.git cacert-software

From 2c1dc14eaf50659c43d241cb653d449dfc3da26c Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Wed, 21 Dec 2022 18:04:18 +0100
Subject: [PATCH 5/6] Fix image builds for jessie

- jessie's regular archive key expired. This commit switches to
  debian/eol:jessie as base image
---
 cats.Dockerfile          | 2 +-
 mgr.Dockerfile           | 2 +-
 signer.Dockerfile        | 2 +-
 signer_client.Dockerfile | 2 +-
 webdb.Dockerfile         | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/cats.Dockerfile b/cats.Dockerfile
index 3958ac8..be3bd63 100644
--- a/cats.Dockerfile
+++ b/cats.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
diff --git a/mgr.Dockerfile b/mgr.Dockerfile
index 46151f9..73ffd74 100644
--- a/mgr.Dockerfile
+++ b/mgr.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
diff --git a/signer.Dockerfile b/signer.Dockerfile
index 6e4a0ab..7e61bcd 100644
--- a/signer.Dockerfile
+++ b/signer.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
diff --git a/signer_client.Dockerfile b/signer_client.Dockerfile
index 577c018..b0be540 100644
--- a/signer_client.Dockerfile
+++ b/signer_client.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
 COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
 COPY testca/class3/ca.crt.pem /usr/local/share/ca-certificates/testca_class3.crt
diff --git a/webdb.Dockerfile b/webdb.Dockerfile
index 0712ed6..b372516 100644
--- a/webdb.Dockerfile
+++ b/webdb.Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive \

From 8db91abf9e01391ab82bee6a9658b1fb0db5074d Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Sat, 10 Feb 2024 13:48:02 +0100
Subject: [PATCH 6/6] Fix docker build for EOL Debian release

---
 cats.Dockerfile          | 6 +++++-
 mgr.Dockerfile           | 6 +++++-
 signer.Dockerfile        | 6 +++++-
 signer_client.Dockerfile | 6 +++++-
 webdb.Dockerfile         | 6 +++++-
 5 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/cats.Dockerfile b/cats.Dockerfile
index be3bd63..3a8b3e3 100644
--- a/cats.Dockerfile
+++ b/cats.Dockerfile
@@ -1,6 +1,10 @@
 FROM debian/eol:jessie
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     ca-certificates \
diff --git a/mgr.Dockerfile b/mgr.Dockerfile
index 73ffd74..a0a7400 100644
--- a/mgr.Dockerfile
+++ b/mgr.Dockerfile
@@ -1,6 +1,10 @@
 FROM debian/eol:jessie
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     ca-certificates \
diff --git a/signer.Dockerfile b/signer.Dockerfile
index 7e61bcd..68d4a2d 100644
--- a/signer.Dockerfile
+++ b/signer.Dockerfile
@@ -1,6 +1,10 @@
 FROM debian/eol:jessie
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     gnupg \
diff --git a/signer_client.Dockerfile b/signer_client.Dockerfile
index b0be540..c4339da 100644
--- a/signer_client.Dockerfile
+++ b/signer_client.Dockerfile
@@ -3,7 +3,11 @@ FROM debian/eol:jessie
 COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
 COPY testca/class3/ca.crt.pem /usr/local/share/ca-certificates/testca_class3.crt
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     ca-certificates \
diff --git a/webdb.Dockerfile b/webdb.Dockerfile
index b372516..8e1474c 100644
--- a/webdb.Dockerfile
+++ b/webdb.Dockerfile
@@ -1,6 +1,10 @@
 FROM debian/eol:jessie
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     ca-certificates \