fix(startup): undo changes that caused regression in startup script

Author: psanders

.gitignore

@@ -28,6 +28,7 @@ bin
 .project
 ${sys:DATA}
 *.log
+.certs
 
 # User-specific stuff:
 .idea/workspace.xml

.scripts/convert-to-p12.sh

@@ -1,27 +1,29 @@
 #!/bin/sh
 
-certPath=${1:-"."} # if $1 is not passed, use current directory
+set -e
+
+certPath=${1:-"."}
 serverCrt="$certPath/server.crt"
 serverKey="$certPath/server.key"
-caCrt="$certPath/ca.crt" # Path to the Certificate Authority certificate
+caCrt="$certPath/ca.crt"
 pkcs12File="$certPath/signaling.p12"
-pkcs12Password=${2:-"changeme"} # if $2 is not passed, use "changeme"
+pkcs12Password=${2:-"changeme"}
 
 mkdir -p $certPath
 
-# Check if server.crt and server.key files exist
 if [ ! -f "$serverCrt" ] || [ ! -f "$serverKey" ]; then
   echo "server.crt or server.key files not found. Generating certificates..."
-  . "$(dirname "$0")/generate-certs.sh" $certPath
+  . "$(dirname "$0")/generate-certs.sh" "$certPath"
 fi
 
-# Check if ca.crt file exists to create a full chain of certificates
 if [ -f "$caCrt" ]; then
   echo "ca.crt file found. Creating a full chain of certificates..."
   cat $serverCrt $caCrt > "$certPath/fullchain.crt"
   openssl pkcs12 -export -in "$certPath/fullchain.crt" -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcs12Password
 else
-  openssl pkcs12 -export -in $serverCrt -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcsPassword
+  openssl pkcs12 -export -in $serverCrt -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcs12Password
 fi
 
+openssl pkcs12 -info -in "$pkcs12File" -noout -passin pass:"$pkcs12Password" # Verifies the keystore
+
 echo "PKCS12 keystore has been created at $pkcs12File"

.scripts/generate-certs.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+set -e
+
 basepath=${1:-"."}  # if $1 is not passed, use current directory
 
 mkdir -p $basepath

.scripts/init-postgres.sh

@@ -5,5 +5,5 @@ set -e
 # This scripts initializes the postgres database
 initdb /var/lib/postgresql/data
 pg_ctl start -D /var/lib/postgresql/data
-npx prisma@5.9.1 migrate deploy --schema=/service/schema.prisma
+npx prisma migrate deploy --schema=/service/schema.prisma
 pg_ctl stop -D /var/lib/postgresql/data

Dockerfile

@@ -26,46 +26,47 @@ RUN chmod +x heplify
 ##
 FROM alpine:3.19 AS runner
 
-ARG PKCS12_PASSWORD=changeme
-ARG POSTGRES_USER=postgres
-ARG POSTGRES_PASSWORD=postgres
+ARG PKCS12_PASSWORD="changeme"
+ARG POSTGRES_USER="postgres"
+ARG POSTGRES_PASSWORD="postgres"
 ARG CA_CERT_SUBJECT="/CN=Self Signed CA"
 ARG SERVER_CERT_SUBJECT="/CN=localhost"
-ARG PRISMA_VERSION=5.9.1
-ARG DATABASE_URL=postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/routr
+ARG PRISMA_VERSION="5.9.1"
+ARG DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/routr"
 
 ENV PKCS12_PASSWORD=$PKCS12_PASSWORD \
-  PATH_TO_CERTS=/etc/routr/certs \
-  USER=fonoster \
+  PATH_TO_CERTS="/etc/routr/certs" \
+  USER="fonoster" \
   GID=5000 \
   UID=5000 \
-  JAVA_HOME=/service/jre \
-  EDGEPORT_RUNNER=/service/edgeport.sh \
+  JAVA_HOME="/service/jre" \
+  EDGEPORT_RUNNER="/service/edgeport.sh" \
   TLS_ON=false \
   VERIFY_CLIENT_CERT=false \
   CA_CERT_SUBJECT=$CA_CERT_SUBJECT \
   SERVER_CERT_SUBJECT=$SERVER_CERT_SUBJECT \
   DATABASE_URL=$DATABASE_URL \
   IGNORE_LOOPBACK_FROM_LOCALNETS=true \
   PRISMA_VERSION=$PRISMA_VERSION \
-  START_INTERNAL_DB=true
+  START_INTERNAL_DB=true \
+  LOG4J2="/etc/routr/log4j2.yaml"
 
 WORKDIR /service
 
 COPY mods/edgeport/edgeport.sh .
 COPY mods/edgeport/libs libs
+COPY mods/pgdata/schema.prisma .
+COPY mods/pgdata/migrations migrations
+COPY mods/edgeport/etc/log4j2.yaml /etc/routr/log4j2.yaml
 COPY etc/edgeport.yaml config/edgeport.yaml
-COPY config/log4j2.yaml mods/edgeport/etc/log4j2.yaml
 COPY .scripts/convert-to-p12.sh .
 COPY .scripts/generate-certs.sh .
+COPY .scripts/init-postgres.sh .
 COPY --from=builder /work/dist dist
 COPY --from=builder /work/node_modules node_modules
 COPY --from=builder /work/package.json .
 COPY --from=builder /work/jre jre
 COPY --from=builder /work/heplify /usr/local/bin/
-COPY .scripts/init-postgres.sh .
-COPY mods/pgdata/schema.prisma .
-COPY mods/pgdata/migrations migrations
 
 RUN apk add --no-cache libcap nodejs npm openssl postgresql sed sngrep su-exec tini \
   && npm install -g prisma@${PRISMA_VERSION} \
@@ -74,25 +75,26 @@ RUN apk add --no-cache libcap nodejs npm openssl postgresql sed sngrep su-exec t
   && adduser --disabled-password --gecos "" --ingroup ${USER} --home ${HOME} --uid ${UID} ${USER} \
   && chown -R ${USER}:${USER} /service /etc/routr \
   && chown -R postgres:postgres /var/lib/postgresql/data /run/postgresql /root/.npm \
-  && chmod +x edgeport.sh convert-to-p12.sh init-postgres.sh \
+  && chmod +x edgeport.sh convert-to-p12.sh init-postgres.sh generate-certs.sh \
   && chmod 2777 /run/postgresql \
   && setcap 'CAP_NET_RAW+eip' /usr/bin/sngrep \
   && rm -rf /var/cache/apk/* /tmp/* \
-  && rm -rf /root/.npm /root/.config /root/.cache /root/.local \
+  && rm -rf /root/.npm /root/.config /root/.cache /root/.local package.json \
   && apk del libcap
 
 # Re-mapping the signal from 143 to 0
 ENTRYPOINT ["tini", "-v", "-e", "143", "--"]
 
-CMD ["sh", "-c", "if [ \"$START_INTERNAL_DB\" = \"true\" ]; then \
+CMD ["/bin/sh", "-c", "if [ \"$START_INTERNAL_DB\" = \"true\" ]; then \
     su-exec postgres /service/init-postgres.sh; \
     su-exec postgres pg_ctl start -D /var/lib/postgresql/data --options='-h 0.0.0.0'; \
-  fi && \
-  DATABASE_URL=${DATABASE_URL} npx prisma@${PRISMA_VERSION} migrate deploy --schema=/service/schema.prisma && \
-  su-exec $USER ./convert-to-p12.sh $PATH_TO_CERTS $PKCS12_PASSWORD && \
+  fi; \
   if [ -n \"$HEPLIFY_OPTIONS\" ]; then \
     heplify $HEPLIFY_OPTIONS & \
-  fi && \
-  sed -i 's|keyStorePassword: .*|keyStorePassword: ${PKCS12_PASSWORD}|g' config/edgeport.yaml && \
-  sed -i 's|trustStorePassword: .*|trustStorePassword: ${PKCS12_PASSWORD}|g' config/edgeport.yaml && \
-  su-exec $USER node ./dist/runner"]
+  fi; \
+  npx prisma migrate deploy --schema=/service/schema.prisma; \
+  sed -i \"s|keyStorePassword:.*|keyStorePassword: $PKCS12_PASSWORD|g\" config/edgeport.yaml; \
+  sed -i \"s|trustStorePassword:.*|trustStorePassword: $PKCS12_PASSWORD|g\" config/edgeport.yaml; \
+  su-exec $USER ./convert-to-p12.sh $PATH_TO_CERTS $PKCS12_PASSWORD; \
+  su-exec $USER node ./dist/runner" \
+]

etc/certs/signaling.p12

@@ -17,21 +17,21 @@ RUN apk add --no-cache --update g++ openjdk17-jdk \
 ##
 FROM alpine:3.19 AS runner 
 
-ARG PKCS12_PASSWORD=changeme
-ARG PATH_TO_CERTS=/etc/routr/certs
-ARG PATH_TO_LOGS=/opt/routr/logs
+ARG PKCS12_PASSWORD="changeme"
+ARG PATH_TO_CERTS="/etc/routr/certs"
+ARG PATH_TO_LOGS="/opt/routr/logs"
 ARG CA_CERT_SUBJECT="/CN=Self Signed CA"
 ARG SERVER_CERT_SUBJECT="/CN=localhost"
 
 ENV PKCS12_PASSWORD=$PKCS12_PASSWORD \
   PATH_TO_CERTS=$PATH_TO_CERTS \
   PATH_TO_LOGS=$PATH_TO_LOGS \
-  CONFIG_PATH=/etc/routr/edgeport.yaml \
+  CONFIG_PATH="/etc/routr/edgeport.yaml" \
   CA_CERT_SUBJECT=$CA_CERT_SUBJECT \
   SERVER_CERT_SUBJECT=$SERVER_CERT_SUBJECT \
   IGNORE_LOOPBACK_FROM_LOCALNETS=true \
-  LOG4J2=/etc/routr/log4j2.yaml \
-  JAVA_HOME=/opt/routr/jre
+  LOG4J2="/etc/routr/log4j2.yaml" \
+  JAVA_HOME="/opt/routr/jre"
 
 WORKDIR /opt/routr
 

mods/edgeport/Dockerfile

@@ -22,7 +22,7 @@
     "start:deps": "docker compose -f compose.dev.yaml up rtpengine redis postgres adminer -d",
     "stop:deps": "docker compose -f compose.dev.yaml down rtpengine redis postgres adminer",
     "db:migrate": "npx prisma migrate dev --schema ./mods/pgdata/schema.prisma --name changeme",
-    "generate:certs": "./.scripts/generate-certs.sh",
+    "generate:certs": "SERVER_CERT_SUBJECT='/CN=localhost' CA_CERT_SUBJECT='/CN=Self Signed CA' ./.scripts/generate-certs.sh .certs",
     "convert:certs": "./.scripts/convert-to-p12.sh && mv signaling.p12 etc/certs/",
     "transpile": "tsc",
     "make": "npm install && npm run build && npm run setup",