Skip to content

Commit 21d3d7e

Browse files
TardoTardo
committed
del: supervisor, upd: poetry and scripts
1 parent 0c3894e commit 21d3d7e

File tree

7 files changed

+377
-232
lines changed

7 files changed

+377
-232
lines changed

Dockerfile

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,9 @@ RUN set -ex; \
1515
chown privoxy:privoxy /var/lib/privoxy/;
1616

1717
ARG PRIVOXY_VERSION=4.0.0
18+
ARG PRIVOXY_CONFIG_OPTIONS="--disable-toggle --disable-editor --disable-force --with-openssl --with-brotli"
19+
ARG PRIVOXY_BUILD_EXTRA="openssl-dev brotli-dev"
20+
ARG SYSTEM_EXTRA_PKGS="openssl brotli net-tools"
1821

1922
# Build Privoxy
2023
RUN set -eux; \
@@ -27,15 +30,14 @@ RUN set -eux; \
2730
libc-dev \
2831
zlib-dev \
2932
pcre2-dev \
30-
openssl-dev \
31-
brotli-dev; \
33+
$PRIVOXY_BUILD_EXTRA; \
3234
mkdir -p /usr/local/src/privoxy-${PRIVOXY_VERSION}-stable; \
3335
wget -O /var/lib/privoxy/privoxy-src.tar.gz https://sourceforge.net/projects/ijbswa/files/Sources/${PRIVOXY_VERSION}%20%28stable%29/privoxy-${PRIVOXY_VERSION}-stable-src.tar.gz/download; \
3436
tar -zxvf /var/lib/privoxy/privoxy-src.tar.gz -C /usr/local/src/; \
3537
cd /usr/local/src/privoxy-${PRIVOXY_VERSION}-stable; \
3638
autoheader; \
3739
autoconf; \
38-
./configure --disable-toggle --disable-editor --disable-force --with-openssl --with-brotli; \
40+
./configure $PRIVOXY_CONFIG_OPTIONS; \
3941
make; \
4042
make -s install USER=privoxy GROUP=privoxy; \
4143
chown -R privoxy:privoxy /usr/local/etc/privoxy/; \
@@ -45,14 +47,11 @@ RUN set -eux; \
4547
# Add system tools
4648
RUN set -eux; \
4749
apk add --no-cache --virtual runtime-deps \
48-
openssl \
4950
python3 \
5051
pcre2 \
51-
brotli \
52-
supervisor \
5352
bash \
5453
sed \
55-
net-tools;
54+
$SYSTEM_EXTRA_PKGS;
5655

5756
# Enable Privoxy HTTPS inspection
5857
RUN set -ex; \
@@ -61,7 +60,6 @@ RUN set -ex; \
6160

6261
# Copy project scripts/configs
6362
COPY data/rules/ /usr/local/etc/privoxy/privman-rules/
64-
COPY data/supervisord.conf /usr/local/etc/privoxy/
6563
COPY data/config /usr/local/etc/privoxy/
6664
COPY data/privoxy-blocklist.conf /var/lib/privoxy/
6765
RUN set -eux; \
@@ -84,11 +82,11 @@ RUN set -ex; \
8482
sed -i 's/\r$//' /var/lib/privoxy/privman.py /var/lib/privoxy/privoxy-blocklist.sh; \
8583
head -1 /var/lib/privoxy/privman.py | grep -q '^#!' || \
8684
sed -i '1i #!/usr/bin/env python3' /var/lib/privoxy/privman.py; \
87-
mkdir -p /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules; \
88-
chown -R privoxy:privoxy /usr/local/etc/privoxy/config /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules /var/lib/privoxy/privoxy-blocklist.conf; \
85+
mkdir -p /var/log/privoxy /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules; \
86+
chown -R privoxy:privoxy /var/log/privoxy/ /usr/local/etc/privoxy/config /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules /var/lib/privoxy/privoxy-blocklist.conf; \
8987
chmod +x /var/lib/privoxy/privman.py; \
90-
ln -sf /var/lib/privoxy/privman.py /usr/local/bin/privman; \
91-
ln -sf /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/privoxy-blocklist;
88+
ln -sf /var/lib/privoxy/privman.py /usr/local/sbin/privman; \
89+
ln -sf /var/lib/privoxy/privoxy-blocklist.sh /usr/local/sbin/privoxy-blocklist;
9290

9391
ENV ADBLOCK_URLS="" \
9492
ADBLOCK_FILTERS=""
@@ -103,4 +101,4 @@ EXPOSE 8118/tcp
103101
USER privoxy
104102

105103
WORKDIR /usr/local/etc/privoxy/
106-
CMD ["/usr/bin/supervisord", "-c", "supervisord.conf"]
104+
CMD ["/usr/local/sbin/privoxy", "--no-daemon"]

bin/privman.py

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -37,12 +37,13 @@ def generate_crt_bundle(subj, forced=False):
3737
if not os.path.isfile(ca_bundle_file) or forced:
3838
os.system(f"openssl ecparam -out {ca_key_file} -name secp384r1 -genkey")
3939
os.system(
40-
f'openssl req -new -x509 '
40+
'openssl req -new -x509 '
4141
f'-key {ca_key_file} -sha384 -days 3650 '
4242
f'-out {ca_bundle_file} '
4343
f'-subj "{subj}" '
44-
f'-addext "basicConstraints=critical,CA:TRUE" '
45-
f'-addext "keyUsage=critical,keyCertSign,cRLSign"'
44+
'-addext "basicConstraints=critical,CA:TRUE" '
45+
'-addext "keyUsage=critical,keyCertSign,cRLSign" '
46+
'-addext "subjectKeyIdentifier=hash"'
4647
)
4748
print_log("CRT Bundle", f"Generated successfully in '{ca_bundle_file}'")
4849
else:

0 commit comments

Comments
 (0)