From 6c115e3997454b131a3e44af7c067a40b45a7ed0 Mon Sep 17 00:00:00 2001
From: 1thorsten <thorsten.winkler@online.de>
Date: Mon, 12 Feb 2024 08:55:19 +0100
Subject: [PATCH] RELEASE 1.2.0-09

adjust modification date for git repositories
obfuscate password checking out git repositories
improve error detection in conjunction with git
---
 Dockerfile                      |   8 ++++++--
 favicon.png                     | Bin 578141 -> 578141 bytes
 incontainer/connect-services.sh |  29 ++++++++++++++++++++++++-----
 incontainer/helper.sh           |  22 +++++++++++++---------
 tools/doclig/Dockerfile         |   5 ++++-
 tools/doclig/go.mod             |  14 +++++++-------
 6 files changed, 54 insertions(+), 24 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4275762..7a6dbb6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -49,7 +49,7 @@ ENV PHP_SOCK=/var/run/php/php${PHP_VERSION}-fpm.sock
 ENV PHP_LOG_SYSOUT=true
 
 # http-over-all part
-ARG RELEASE="1.2.0-08"
+ARG RELEASE="1.2.0-09"
 
 ARG SSL_COUNTRY=DE
 ARG SSL_STATE=Berlin
@@ -81,7 +81,11 @@ RUN set -x && \
     find /scripts -name "*.sh" -exec sed -i 's/\r$//' {} + && \
     echo "\nexport RELEASE=${RELEASE}\n" >> /scripts/system-helper.sh && \
     echo "source /scripts/system-helper.sh" >> /etc/bash.bashrc && \
-    echo "http-over-all part successfully terminated" && \
+    # colors (bash)
+    sed -i 's/^# export/export/' /root/.bashrc && \
+    sed -i 's/^# alias l/alias l/g' /root/.bashrc && \
+    echo "alias grep=\"grep --color=always\"" >> /root/.bashrc && \
+    echo "alias grep=\"grep --color=always\"" >> /home/$USER/.bashrc && \
     set +x
 
 HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "/scripts/healthcheck.sh" ]
diff --git a/favicon.png b/favicon.png
index cc950183b6b0e7f26f335d91616e1749c6914854..035c2d548d701a17417f7f9c63e5fd76bbc3acb7 100644
GIT binary patch
delta 82
zcmcb+MEUL#<qcDqSxt?tjLj#{WY&bRHXmo+$OILvWy@oEz3j_@=J#yv@7WlEm<foP
UftUq|S%DZN&c6LU8%N%00N!RE{Qv*}

delta 82
zcmcb+MEUL#<qcDqS&dDsj7=ubWY&bRHXmo+$OILvWy@oECir4W^Lw`T_iT(n%ml>D
UK+FQftUwGBXW#ywjU(?g0KJkPF8}}l

diff --git a/incontainer/connect-services.sh b/incontainer/connect-services.sh
index c3b5c17..6408736 100644
--- a/incontainer/connect-services.sh
+++ b/incontainer/connect-services.sh
@@ -340,10 +340,15 @@ function connect_or_update_git_repos() {
 
     # check accessibility
     local ACCESSIBLE
+
+    local OBF_REPO_URL=$REPO_URL
     parse_url "${REPO_URL%/}/"
+
     local URL_STRICT="${PARSED_PROTO}${PARSED_HOST}${PARSED_PORT}"
     if [ -n "$PARSED_USER" ]; then
       local CURL_CREDENTIALS="--user ${PARSED_USER%@}"
+      local OBF_CURL_CREDENTIALS="--user obfuscated"
+      OBF_REPO_URL=${REPO_URL//$PARSED_USER/obfuscated@}
     fi
     # shellcheck disable=SC2086
     local HTTP_STATUS="$(curl ${CURL_CREDENTIALS} -s -o /dev/null -I -w "%{http_code}" --connect-timeout 1 "${URL_STRICT}")"
@@ -351,8 +356,8 @@ function connect_or_update_git_repos() {
       ACCESSIBLE=true
     else
       ACCESSIBLE=false
-      echo "command: curl ${CURL_CREDENTIALS} -s -o /dev/null -I -w %{http_code} --connect-timeout 1 ${URL_STRICT}"
-      echo "resource ('${REPO_URL}' -> '${URL_STRICT}') is not accessible -> ${HTTP_STATUS}"
+      echo "command: curl ${OBF_CURL_CREDENTIALS} -s -o /dev/null -I -w %{http_code} --connect-timeout 1 ${URL_STRICT}"
+      echo "resource ('${OBF_REPO_URL}' -> '${URL_STRICT}') is not accessible -> ${HTTP_STATUS}"
     fi
 
     if [ ! -d "${GIT_MOUNT}" ]; then
@@ -360,11 +365,11 @@ function connect_or_update_git_repos() {
         echo "${GIT_MOUNT} not exists -> ignore"
         continue
       fi
-      clone_git_repo "${GIT_REPO_PATH}" "${REPO_URL}" "$RESOURCE_NAME"
+      clone_git_repo "${GIT_REPO_PATH}" "${REPO_URL}" "${OBF_REPO_URL}" "$RESOURCE_NAME"
     elif [ -e "${GIT_REPO_PATH}.error" ]; then
       echo "detect previous error: ${GIT_REPO_PATH}.error"
       if ${ACCESSIBLE}; then
-        clone_git_repo_safe "${GIT_REPO_PATH}" "${REPO_URL}" "$RESOURCE_NAME"
+        clone_git_repo_safe "${GIT_REPO_PATH}" "${REPO_URL}" "${OBF_REPO_URL}" "$RESOURCE_NAME"
       fi
       # if error file still exists, go with the existing local repo
       if [ -e "${GIT_REPO_PATH}.error" ]; then
@@ -384,7 +389,9 @@ function connect_or_update_git_repos() {
 
     if ${ACCESSIBLE}; then
       local git_checkout=$(git -C "${GIT_MOUNT}" checkout "${git_branch}" -f 2>&1)
-      if [[ "${git_checkout}" != *"Already on"* ]]; then echo "${git_checkout}"; fi
+      if [[ "${git_checkout}" != *"Already on"* ]]; then
+        echo "${git_checkout}";
+      fi
 
       git -C "${GIT_MOUNT}" clean -df
       git -C "${GIT_MOUNT}" reset --hard >/dev/null
@@ -409,6 +416,9 @@ function connect_or_update_git_repos() {
       elif [[ "${git_output}" == *"Authentication failed"* ]]; then
         echo "git repo is currently not accessible -> Authentication failed"
         ACCESSIBLE=false
+      elif [[ "${git_output}" == "fatal:"* ]]; then
+        echo "local git repo is not accessible"
+        ACCESSIBLE=false
       else
         echo "error resetting state, retrieve repo again"
         echo "touch ${GIT_REPO_PATH}.error"
@@ -421,6 +431,15 @@ function connect_or_update_git_repos() {
       # all works well / show subject of last commit
       local git_log=$(git -C "${GIT_MOUNT}" log -1 --pretty=format:'%s (%ar, %an)')
       echo "last_commit_log: ${git_log}"
+
+      # set file times
+      if pushd "$GIT_MOUNT" > /dev/null ; then
+        local num=$(/usr/share/rsync/scripts/git-set-file-times | wc -l)
+        if [ "$num" != "0" ]; then
+          echo "set time for $num files -> /usr/share/rsync/scripts/git-set-file-times"
+        fi
+        popd > /dev/null || echo "ERR: popd from '$(pwd)'"
+      fi
     fi
 
     # update -> call from periodic_jobs
diff --git a/incontainer/helper.sh b/incontainer/helper.sh
index 541c582..13f446d 100644
--- a/incontainer/helper.sh
+++ b/incontainer/helper.sh
@@ -512,39 +512,43 @@ function initial_create_symlinks_for_resources() {
 function clone_git_repo() {
   local GIT_REPO_PATH="${1}"
   local REPO_URL="${2}"
-  local RESOURCE_NAME="${3}"
+  local OBF_REPO_URL="${3}"
+  local RESOURCE_NAME="${4}"
 
   echo mkdir -p "${GIT_REPO_PATH}"
   mkdir -p "${GIT_REPO_PATH}"
 
-  echo git -C "${GIT_REPO_PATH}" clone "${REPO_URL}"
-  git -C "${GIT_REPO_PATH}" clone "${REPO_URL}"
+  echo git -C "${GIT_REPO_PATH}" clone "${OBF_REPO_URL}"
+  if ! git -C "${GIT_REPO_PATH}" clone "${REPO_URL}"; then
+    echo "cloning repo failed"
+  fi
 
-  echo "$(date +'%T'): git cloned: ${RESOURCE_NAME}"
+  echo "$(date +'%T'): git repo cloned: ${RESOURCE_NAME}"
 }
 
 function clone_git_repo_safe() {
   local GIT_REPO_PATH="${1}"
   local REPO_URL="${2}"
-  local RESOURCE_NAME="${3}"
+  local OBF_REPO_URL="${3}"
+  local RESOURCE_NAME="${4}"
 
   local PATH_SAFE="${GIT_REPO_PATH}_safe"
   rm -rf "${PATH_SAFE}"
   mkdir -p "${PATH_SAFE}"
 
-  echo git -C "${PATH_SAFE}" clone "${REPO_URL}"
+  echo git -C "${PATH_SAFE}" clone "${OBF_REPO_URL}"
   if git -C "${PATH_SAFE}" clone "${REPO_URL}"; then
-    echo "clone succeeded"
+    echo "cloning repo succeeded"
     rm -f "${GIT_REPO_PATH}.error"
     rm -rf "${GIT_REPO_PATH}"
     echo "mv ${PATH_SAFE} ${GIT_REPO_PATH}"
     mv "${PATH_SAFE}" "${GIT_REPO_PATH}"
   else
-    echo "clone failed"
+    echo "cloning repo failed"
     rm -rf "${PATH_SAFE}"
   fi
 
-  echo "$(date +'%T'): git safe cloned: ${RESOURCE_NAME}"
+  echo "$(date +'%T'): git repo safe cloned: ${RESOURCE_NAME}"
 }
 
 function periodic_jobs() {
diff --git a/tools/doclig/Dockerfile b/tools/doclig/Dockerfile
index 1aa9287..e1da83a 100644
--- a/tools/doclig/Dockerfile
+++ b/tools/doclig/Dockerfile
@@ -69,7 +69,10 @@ RUN set -x && \
     find /scripts -name "*.sh" -exec sed -i 's/\r$//' {} + && \
     echo "\nexport RELEASE=${RELEASE}\n" >> /scripts/system-helper.sh && \
     echo "source /scripts/system-helper.sh" >> /etc/bash.bashrc && \
-    echo "http-over-all part successfully terminated" && \
+    # colors (bash)
+    sed -i 's/^# export/export/' /root/.bashrc && \
+    sed -i 's/^# alias l/alias l/g' /root/.bashrc && \
+    echo "alias grep=\"grep --color=always\"" >> /root/.bashrc && \
     set +x
 
 ADD tools/doclig/bin/doclig_lnx /usr/local/bin/doclig
diff --git a/tools/doclig/go.mod b/tools/doclig/go.mod
index 96deecb..7ab5f8e 100644
--- a/tools/doclig/go.mod
+++ b/tools/doclig/go.mod
@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/docker/distribution v2.8.3+incompatible
-	github.com/docker/docker v25.0.0+incompatible
+	github.com/docker/docker v25.0.3+incompatible
 )
 
 require (
@@ -24,12 +24,12 @@ require (
 	github.com/opencontainers/image-spec v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
-	go.opentelemetry.io/otel v1.22.0 // indirect
-	go.opentelemetry.io/otel/metric v1.22.0 // indirect
-	go.opentelemetry.io/otel/trace v1.22.0 // indirect
-	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect
+	go.opentelemetry.io/otel v1.23.1 // indirect
+	go.opentelemetry.io/otel/metric v1.23.1 // indirect
+	go.opentelemetry.io/otel/trace v1.23.1 // indirect
+	golang.org/x/mod v0.15.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.17.0 // indirect
 	gotest.tools/v3 v3.5.1 // indirect