From 5a8e23a240e8b163ceb1f791225e44ec6bca1f89 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 7 Sep 2023 10:54:11 +0200 Subject: [PATCH 01/20] Add ckanext-clamav --- sddi-base/Dockerfile | 21 ++++++++++++++++++++- sddi-social/Dockerfile | 2 +- sddi/Dockerfile | 2 +- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 57f0e71..71e36ee 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -87,6 +87,19 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating +# ckanext-repeating ########################################################### +ARG CKANEXT_CALMAV_VERSION="master" +ENV CKANEXT_CALMAV_VERSION=${CKANEXT_CALMAV_VERSION} +ENV CKANEXT_CALMAV_GITHUB_URL="https://github.com/mutantsan/ckanext-clamav" + +RUN set -ex && \ + pip wheel --wheel-dir=/wheels -r \ + https://raw.githubusercontent.com/mutantsan/ckanext-clamav/${CKANEXT_CALMAV_VERSION}/requirements.txt && \ + curl -o /wheels/ckanext-clamav.txt \ + https://raw.githubusercontent.com/mutantsan/ckanext-clamav/${CKANEXT_CALMAV_VERSION}/requirements.txt && \ + pip wheel --wheel-dir=/wheels \ + git+${CKANEXT_CALMAV_GITHUB_URL}.git@${CKANEXT_CALMAV_VERSION}#egg=ckanext-clamav + # ckanext-spatial ############################################################# FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial @@ -124,6 +137,7 @@ FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ + clamav \ envvars" # Extra env for compatibility with ckan/base Docker images for downstream k8s @@ -137,7 +151,7 @@ USER root RUN set -ex && \ apt-get update && \ apt-get install -y --no-install-recommends \ - libxml2-dev libxslt1-dev libgeos-c1v5 && \ + libxml2-dev libxslt1-dev libgeos-c1v5 clamav clamav-daemon && \ pip install --no-cache-dir -U pip && \ rm -rf /var/lib/apt/lists/* @@ -182,6 +196,11 @@ RUN set -ex && \ RUN set -ex && \ pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating +# ckanext-clamav ############################################################## +RUN set -ex && \ + pip install -r ${APP_DIR}/ext_wheels/ckanext-clamav.txt && \ + pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-clamav + # Copy init scripts and additional files COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index 3d3a8c6..532c1e8 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -31,7 +31,7 @@ ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ - restricted \ + restricted clamav \ disqus \ envvars" diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 69e444a..b71e20c 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -57,7 +57,7 @@ ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ - restricted \ + restricted clamav \ envvars" # Copy python wheels from build stage From 91e7b025f00b39e90d5adc561354108bfb2064b6 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 7 Sep 2023 14:47:41 +0200 Subject: [PATCH 02/20] drop clamav daemon --- sddi-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 71e36ee..b24779a 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -151,7 +151,7 @@ USER root RUN set -ex && \ apt-get update && \ apt-get install -y --no-install-recommends \ - libxml2-dev libxslt1-dev libgeos-c1v5 clamav clamav-daemon && \ + libxml2-dev libxslt1-dev libgeos-c1v5 clamav && \ pip install --no-cache-dir -U pip && \ rm -rf /var/lib/apt/lists/* From d4f415079dd2fb47b21cf422266cb7f5fcaa9cbc Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 7 Sep 2023 14:59:12 +0200 Subject: [PATCH 03/20] no clam packages --- sddi-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index b24779a..20fc7e7 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -151,7 +151,7 @@ USER root RUN set -ex && \ apt-get update && \ apt-get install -y --no-install-recommends \ - libxml2-dev libxslt1-dev libgeos-c1v5 clamav && \ + libxml2-dev libxslt1-dev libgeos-c1v5 && \ pip install --no-cache-dir -U pip && \ rm -rf /var/lib/apt/lists/* From 7c736bc7e924e1146d883e76ebc548b8168f87b1 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Wed, 13 Sep 2023 14:31:47 +0200 Subject: [PATCH 04/20] install ckanext-password-policy --- sddi-base/Dockerfile | 23 +++++++++++++++++++++++ sddi-base/who.ini | 35 +++++++++++++++++++++++++++++++++++ sddi-social/Dockerfile | 2 +- sddi/Dockerfile | 2 +- 4 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 sddi-base/who.ini diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 57f0e71..7ffa262 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -87,6 +87,19 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating +# ckanext-password-policy ##################################################### +ARG CKANEXT_PASSWORD_POLICY_VERSION="master" +ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} +ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" + +RUN set -ex && \ + pip install -r \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + curl -o /wheels/ckanext-password-policy.txt \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + pip wheel --wheel-dir=/wheels \ + git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy + # ckanext-spatial ############################################################# FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial @@ -124,6 +137,7 @@ FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ + password_policy \ envvars" # Extra env for compatibility with ckan/base Docker images for downstream k8s @@ -182,8 +196,14 @@ RUN set -ex && \ RUN set -ex && \ pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating +# ckanext-password-policy ##################################################### +RUN set -ex && \ + pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \ + pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy + # Copy init scripts and additional files COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d +COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckan.plugins = ${CKAN__PLUGINS}" && \ @@ -193,6 +213,9 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ diff --git a/sddi-base/who.ini b/sddi-base/who.ini new file mode 100644 index 0000000..a366543 --- /dev/null +++ b/sddi-base/who.ini @@ -0,0 +1,35 @@ +[plugin:auth_tkt] +use = ckan.lib.repoze_plugins.auth_tkt:make_plugin +# If no secret key is defined here, beaker.session.secret will be used +#secret = somesecret + +# [plugin:friendlyform] +# use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin + +[plugin:friendlyform] +use = ckanext.password_policy.views:FriendlyFormPlugin_ +login_form_url= /user/login +login_handler_path = /login_generic +logout_handler_path = /user/logout +rememberer_name = auth_tkt +post_login_url = /user/logged_in +post_logout_url = /user/logged_out +charset = utf-8 + +[general] +request_classifier = repoze.who.classifiers:default_request_classifier +challenge_decider = repoze.who.classifiers:default_challenge_decider + +[identifiers] +plugins = + friendlyform;browser + auth_tkt + +[authenticators] +plugins = + auth_tkt + ckan.lib.authenticator:UsernamePasswordAuthenticator + +[challengers] +plugins = + friendlyform;browser diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index 3d3a8c6..fed58d9 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -29,7 +29,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ disqus \ diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 69e444a..06fcf64 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -55,7 +55,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ envvars" From 4f7ba4e73599f7b213dc1889e48aed06a38d5375 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Wed, 13 Sep 2023 15:46:07 +0200 Subject: [PATCH 05/20] fixed config vars --- sddi-base/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 7ffa262..8647396 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -213,9 +213,9 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ + ckan config-tool "${CKAN_INI}" "ckanext.password_policy.password_length = 12" && \ + ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \ + ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ From 1e38b142de045e4d6e713c248981d7e6c1d9f604 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Wed, 13 Sep 2023 18:00:42 +0200 Subject: [PATCH 06/20] test montreal branch --- sddi-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 8647396..8a83e3e 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -88,7 +88,7 @@ RUN set -ex && \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating # ckanext-password-policy ##################################################### -ARG CKANEXT_PASSWORD_POLICY_VERSION="master" +ARG CKANEXT_PASSWORD_POLICY_VERSION="montreal" ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" From 10d378acd08306717d0f8714ab0c6dd7e04e0648 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 14 Sep 2023 10:54:05 +0200 Subject: [PATCH 07/20] Pin version --- sddi-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 8a83e3e..5fb937d 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -88,7 +88,7 @@ RUN set -ex && \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating # ckanext-password-policy ##################################################### -ARG CKANEXT_PASSWORD_POLICY_VERSION="montreal" +ARG CKANEXT_PASSWORD_POLICY_VERSION="5618dc9" ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" From 28b0d78fb82353a53fb81eeef3c8c6f24f22e82a Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:05:14 +0200 Subject: [PATCH 08/20] Update CHANGELOG.md --- CHANGELOG.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8eef97c..d515787 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). For releases `< 1.0.0` minor version steps may indicate breaking changes too. +## [1.2.1] - 2023-10-14 + +### Fixed +- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) extension tum-gis/ckanext-datesearch/issues/1 +- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) extension tum-gis/ckan-docker/pull/40 + - Reducing the number of emails sent for the "Forgot your password?" function + - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) + +### Added +- other other default basemap since the default basemap used in v1.2.0 is not going to be supported anymore ckan/ckanext-spatial/issues/317 + + ## [1.2.0] - 2023-08-21 ### Changed @@ -175,6 +187,7 @@ for production environments.** ### Known issues [Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...HEAD +[1.2.1]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.2.1 [1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0 [1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3 [1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2 From 908c3b4863a00bf18ef42fff97a9bf6fbd56f3d8 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:16:28 +0200 Subject: [PATCH 09/20] Version pinning and adding password policy extension --- sddi-base/Dockerfile | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 57f0e71..c25a3ae 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -24,7 +24,7 @@ RUN set -ex && \ ls -lah /wheels # ckanext-grouphierarchy ###################################################### -ARG CKANEXT_SDDI_VERSION="1.1.2" +ARG CKANEXT_SDDI_VERSION="1.1.3" ENV CKANEXT_SDDI_VERSION=${CKANEXT_SDDI_VERSION} RUN set -ex && \ @@ -50,7 +50,7 @@ RUN set -ex && \ ls -lah /wheels # ckanext-scheming ############################################################ -ARG CKANEXT_SCHEMING_VERSION="5c30bba" +ARG CKANEXT_SCHEMING_VERSION="8548240" ENV CKANEXT_SCHEMING_VERSION=${CKANEXT_SCHEMING_VERSION} ENV CKANEXT_SCHEMING_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-scheming" @@ -59,7 +59,7 @@ RUN set -ex && \ git+${CKANEXT_SCHEMING_GITHUB_URL}.git@${CKANEXT_SCHEMING_VERSION}#egg=ckanext-scheming # ckanext datesearch ########################################################## -ARG CKANEXT_DATESEARCH_VERSION="1.0.1" +ARG CKANEXT_DATESEARCH_VERSION="1.0.2" ENV CKANEXT_DATESEARCH_VERSION=${CKANEXT_DATESEARCH_VERSION} ENV CKANEXT_DATESEARCH_VERSION_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-datesearch" @@ -87,10 +87,22 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating +# ckanext-password-policy ##################################################### +ARG CKANEXT_PASSWORD_POLICY_VERSION="master" +ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} +ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" +RUN set -ex && \ + pip install -r \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + curl -o /wheels/ckanext-password-policy.txt \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + pip wheel --wheel-dir=/wheels \ + git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy + # ckanext-spatial ############################################################# FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial -ARG CKANEXT_SPATIAL_VERSION="90ba354" +ARG CKANEXT_SPATIAL_VERSION="c2118b9" ENV CKANEXT_SPATIAL_VERSION=${CKANEXT_SPATIAL_VERSION} USER root @@ -123,7 +135,7 @@ FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ - spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ + spatial_metadata spatial_query datesearch repeating composite scheming_datasets password_policy \ envvars" # Extra env for compatibility with ckan/base Docker images for downstream k8s @@ -182,8 +194,14 @@ RUN set -ex && \ RUN set -ex && \ pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating +# ckanext-password-policy ##################################################### +RUN set -ex && \ + pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \ + pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy + # Copy init scripts and additional files COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d +COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckan.plugins = ${CKAN__PLUGINS}" && \ @@ -193,6 +211,9 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ From de892996be53a99b7a8a74ca10ab0ef2054a15eb Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:17:38 +0200 Subject: [PATCH 10/20] Create who.ini --- sddi-base/who.ini | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 sddi-base/who.ini diff --git a/sddi-base/who.ini b/sddi-base/who.ini new file mode 100644 index 0000000..a366543 --- /dev/null +++ b/sddi-base/who.ini @@ -0,0 +1,35 @@ +[plugin:auth_tkt] +use = ckan.lib.repoze_plugins.auth_tkt:make_plugin +# If no secret key is defined here, beaker.session.secret will be used +#secret = somesecret + +# [plugin:friendlyform] +# use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin + +[plugin:friendlyform] +use = ckanext.password_policy.views:FriendlyFormPlugin_ +login_form_url= /user/login +login_handler_path = /login_generic +logout_handler_path = /user/logout +rememberer_name = auth_tkt +post_login_url = /user/logged_in +post_logout_url = /user/logged_out +charset = utf-8 + +[general] +request_classifier = repoze.who.classifiers:default_request_classifier +challenge_decider = repoze.who.classifiers:default_challenge_decider + +[identifiers] +plugins = + friendlyform;browser + auth_tkt + +[authenticators] +plugins = + auth_tkt + ckan.lib.authenticator:UsernamePasswordAuthenticator + +[challengers] +plugins = + friendlyform;browser From a05ad1f357e504a472bda317f6c25dcb15ada43a Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:18:32 +0200 Subject: [PATCH 11/20] Update Dockerfile --- sddi-social/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index 3d3a8c6..fed58d9 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -29,7 +29,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ disqus \ From 685fa91b63e3d47d6299692f252dd60d685a5f87 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:18:51 +0200 Subject: [PATCH 12/20] Update Dockerfile --- sddi/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 69e444a..06fcf64 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -55,7 +55,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ envvars" From c4c7bcf7e7cc72c4ffbd3533e821a7971e58ef5b Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:24:00 +0200 Subject: [PATCH 13/20] Version pinning --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9ea1d58..442d22a 100644 --- a/README.md +++ b/README.md @@ -169,18 +169,19 @@ are alway pinned to a stable release number or commit hash. | Extension | Version | `sddi-base` | `sddi` | `sddi-social` | Description | |---|---|:---:|:---:|:---:|---| -| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `5c30bba` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. | +| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `8548240` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. | | [`hierarchy`](https://github.com/ckan/ckanext-hierarchy) | `v1.2.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Allows to organize organizations and groups in a hierarchy tree (nested groups/orgs). | -| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. | +| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.3` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. | | [`relation`](https://github.com/tum-gis/ckanext-relation-sddi) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Enables to create and visualize different types of relations (*realated_to*, *depends_on*, *part_of*) between catalog entries. | -| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `90ba354` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. | -| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.1` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. | +| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `c2118b9` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. | +| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. | | [`repeating`](https://github.com/MarijaKnezevic/ckanext-repeating) | `1.0.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | This extension provides a way to store repeating fields in CKAN datasets, resources, organizations and groups. | | [`composite`](https://github.com/EnviDat/ckanext-composite) | `1e6d7bb` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | The extension allows to store structured dataset metadata, single or multiple fields. Only one level of subfields is possible. The subfields can be basic text, date type or dropboxes. | | [`restricted`](https://github.com/MarijaKnezevic/ckanext-restricted) | `1.0.0` | | :heavy_check_mark: | :heavy_check_mark: | CKAN extension to restrict the accessibility to the resources of a dataset. This way the package metadata is accesible but not the data itself (resource). The resource access restriction level can be individualy defined for every package. | | [`dcat`](https://github.com/ckan/ckanext-dcat) | `v1.4.0` | | :heavy_check_mark: | :heavy_check_mark: | Allow CKAN to expose and consume metadata from other catalogs using RDF documents serialized using DCAT. | | [`geoview`](https://github.com/ckan/ckanext-geoview) | `v0.0.20` | | :heavy_check_mark: | :heavy_check_mark: | This extension contains view plugins to display geospatial files and services in CKAN. | | [`disqus`](https://github.com/ckan/ckanext-disqus) | | | | :heavy_check_mark: | The Disqus extension allows site visitors to comment on individual packages using an AJAX-based commenting system. The downsides of this plugin are that comments are not stored locally and user information is not shared between CKAN and the commenting system. | +| [`password_policy`](https://github.com/keitaroinc/ckanext-password-policy") | `master`|:heavy_check_mark: |:heavy_check_mark:| :heavy_check_mark: | CKAN extension that adds password policy for all the users. | ## :rocket: Usage From 10b95dabc4800740bee3ec14038b5c07e2828164 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Sun, 15 Oct 2023 19:15:44 +0200 Subject: [PATCH 14/20] Drop ckanext-password-policy stuff --- sddi-base/Dockerfile | 20 -------------------- sddi-social/Dockerfile | 2 +- sddi/Dockerfile | 2 +- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index c25a3ae..5ac51ba 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -87,18 +87,6 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating -# ckanext-password-policy ##################################################### -ARG CKANEXT_PASSWORD_POLICY_VERSION="master" -ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} -ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" -RUN set -ex && \ - pip install -r \ - https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ - curl -o /wheels/ckanext-password-policy.txt \ - https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ - pip wheel --wheel-dir=/wheels \ - git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy - # ckanext-spatial ############################################################# FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial @@ -194,11 +182,6 @@ RUN set -ex && \ RUN set -ex && \ pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating -# ckanext-password-policy ##################################################### -RUN set -ex && \ - pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \ - pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy - # Copy init scripts and additional files COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini @@ -211,9 +194,6 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index fed58d9..3d3a8c6 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -29,7 +29,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ + resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ disqus \ diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 06fcf64..69e444a 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -55,7 +55,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ + resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ envvars" From 029115fdabeb414cd70a32bf1aac1000c2491643 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Sun, 15 Oct 2023 19:15:59 +0200 Subject: [PATCH 15/20] Fixes and corrections --- CHANGELOG.md | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d515787..42124f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,18 +6,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). For releases `< 1.0.0` minor version steps may indicate breaking changes too. -## [1.2.1] - 2023-10-14 - -### Fixed -- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) extension tum-gis/ckanext-datesearch/issues/1 -- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) extension tum-gis/ckan-docker/pull/40 - - Reducing the number of emails sent for the "Forgot your password?" function - - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) +## [1.3.0] - 2023-10-15 ### Added -- other other default basemap since the default basemap used in v1.2.0 is not going to be supported anymore ckan/ckanext-spatial/issues/317 - +- Changed default basemap in map views, see ckan/ckanext-spatial#317 + +### Changed + +- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) + extension tum-gis/ckanext-datesearch#1 +- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) + extension tum-gis/ckan-docker#40 + - Limit emails sent for the "Forgot your password?" function + - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) + ## [1.2.0] - 2023-08-21 ### Changed @@ -104,7 +107,7 @@ for production environments.** - Added `CKAN_INI` env var for CKAN config.ini file path for better compatibility with official CKAN images - Set timezone using `TZ` env var -- Allow setting runtime base image with ` BASEIMAGE_REPOSITORY` build arg +- Allow setting runtime base image with `BASEIMAGE_REPOSITORY` build arg ### Changed @@ -186,8 +189,8 @@ for production environments.** ### Known issues -[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...HEAD -[1.2.1]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.2.1 +[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.3.0...HEAD +[1.3.0]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.3.0 [1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0 [1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3 [1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2 From 46514fb55ec86031de0ddb1c9ec0a65a67f61949 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 19 Oct 2023 19:48:52 +0200 Subject: [PATCH 16/20] Update changelog --- CHANGELOG.md | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 091987a..a55543c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,20 +6,30 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). For releases `< 1.0.0` minor version steps may indicate breaking changes too. -## [1.3.0] - 2023-10-15 +## [2.0.0] - 2023-10-19 + +### Breaking + +- Added [ckanext-password-policy](https://github.com/keitaroinc/ckanext-password-policy/tree/montreal). + This may break existing installations. The default password policy settings are: + + - `ckanext.password_policy.password_length=12` + - `ckanext.password_policy.failed_logins=3` + - `ckanext.password_policy.user_locked_time=600` ### Added - Changed default basemap in map views, see ckan/ckanext-spatial#317 -### Changed +### Security + +This release contains several security relevant changes and fixes. +The issues are discussed in #40. -- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) - extension tum-gis/ckanext-datesearch#1 -- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) - extension tum-gis/ckan-docker#40 - - Limit emails sent for the "Forgot your password?" function - - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) +- Updated dependencies in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch), tum-gis/ckanext-datesearch#1 +- Several fixes in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) +- Limit emails sent for the "Forgot your password?" function +- Added Cross-Site-Scripting protection ## [1.2.0] - 2023-08-21 @@ -201,8 +211,8 @@ for production environments.** ### Known issues -[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.3.0...HEAD -[1.3.0]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.3.0 +[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/2.0.0...HEAD +[2.0.0]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...2.0.0 [1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0 [1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3 [1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2 From a3098735e40ea5ae6d0fbb4dd7b20b1d55addb56 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 19 Oct 2023 20:38:36 +0200 Subject: [PATCH 17/20] minor change --- sddi-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 703bb35..723db32 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -87,7 +87,7 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating -# ckanext-repeating ########################################################### +# ckanext-clamav ############################################################## ARG CKANEXT_CALMAV_VERSION="master" ENV CKANEXT_CALMAV_VERSION=${CKANEXT_CALMAV_VERSION} ENV CKANEXT_CALMAV_GITHUB_URL="https://github.com/mutantsan/ckanext-clamav" From 1c689761b1fe8deabac136480f4fe8fdecfa8a97 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Sat, 21 Oct 2023 19:53:59 +0200 Subject: [PATCH 18/20] Install clam packages --- sddi-base/Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 723db32..740f42a 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -165,7 +165,11 @@ USER root RUN set -ex && \ apt-get update && \ apt-get install -y --no-install-recommends \ - libxml2-dev libxslt1-dev libgeos-c1v5 && \ + clamav \ + clamav-daemon \ + libgeos-c1v5 && \ + libxml2-dev \ + libxslt1-dev \ pip install --no-cache-dir -U pip && \ rm -rf /var/lib/apt/lists/* From 15cafdbe68a82e56d2238305fbef76d94fffd061 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Sat, 21 Oct 2023 19:59:51 +0200 Subject: [PATCH 19/20] fixed command chaining --- sddi-base/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 740f42a..2789497 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -167,9 +167,9 @@ RUN set -ex && \ apt-get install -y --no-install-recommends \ clamav \ clamav-daemon \ - libgeos-c1v5 && \ + libgeos-c1v5 \ libxml2-dev \ - libxslt1-dev \ + libxslt1-dev && \ pip install --no-cache-dir -U pip && \ rm -rf /var/lib/apt/lists/* From fc9def9d5e888f82a05afd05abe56aaaad58197b Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Mon, 4 Mar 2024 15:27:48 +0100 Subject: [PATCH 20/20] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4550911..229212f 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ Read more on CKAN's debug mode in the Debug images are available starting from `v0.0.6`. > **Warning**: The debug image versions should not be used in a production environment! -> With debug mode enabled, a visitor to your site could execute malicious commands. +> With debug mode enabled,a visitor to your site could execute malicious commands. Furthermore, for each commit to a [Pull request](https://github.com/tum-gis/ckan-docker/pulls) all image flavors are build. These images are published in the