Commits · 4.11.2 · MIkhail Golovanov / kong-build-tools

Oct 26, 2020
- tests(rhel) fix rhel image name (#349) · 60f2c3b7
  Guilherme Salazar authored 4 years ago
  
  4.11.2
  
  60f2c3b7
Oct 25, 2020
- Update dependency zipp to v3.4.0 · 6924e48a
  Renovate Bot authored 4 years ago
  
  6924e48a
Oct 24, 2020
- Update dependency pbr to v5.5.1 · db0798c7
  Renovate Bot authored 4 years ago
  
  db0798c7
Oct 17, 2020
- Update dependency zipp to v3.3.1 · a58cc007
  Renovate Bot authored 4 years ago
  
  a58cc007
Oct 13, 2020
- Update dependency importlib-metadata to v2 (#337) · ec37fe2b
  renovate[bot] authored 4 years ago
  
  Co-authored-by: Renovate Bot <bot@renovateapp.com>
  ec37fe2b
Oct 09, 2020
- chore(labels) apply docker labels to our unofficial docker images (#342) · 81050278
  Colin Hutchinson authored 4 years ago
  
  81050278
Oct 07, 2020

fix(cache) utilize luarocks purge --old-versions to keep our luarocks current (#341) · 8682de98
Colin Hutchinson authored 4 years ago
```
* fix(cache) dont cache luarocks in our openresty container

* chore(ci) adjust our cleanup so retrying can be more successful
```
4.11.1

8682de98

feat(*) allow running kong as the 'kong' user (#339) · d8a318cd

Murillo Paula authored 4 years ago

* feat(*) allow running kong as the 'kong' user

Previously, Kong was, by default, running as root on non-docker systems,
which is not a security best practice. For docker environments, we take
steps to provide more security [2] (create a kong user by default, grant
the same /usr/local/kong/* files and directories ownership to that user
and to the root group) and these are the same steps that are being
employed here for non-docker environments. Post-installation fpm scripts
are being leveraged to create the kong user and change the permissions
of the kong package's contents to that user and to the root group. See
the fpm wiki [1] for details. See all the the files and directories
owned by the kong package here: [files.txt](https://github.com/Kong/kong-build-tools/files/5314643/files.txt)

Note that when `kong start` is run without changing the `$USER`, the
nginx master process will be run as the 'root' user and the nginx
workers processes will run as the 'nobody' user. That is the default
behavior in Kong because the nginx master process needs to run as 'root'
in order for nginx to execute certain actions (listen on privileged
ports such as port 80, for example).

In order to run kong as the 'kong' user, first switch to the kong user:

```
su kong
```

Then start `kong` normally:

```
kong start
```

This will make both the nginx master and worker processes to run as the
'kong' user.

[1] https://github.com/jordansissel/fpm/wiki
[2] https://github.com/Kong/docker-kong/blob/2.1.3/rhel/Dockerfile#L36-L43



* chore(makefile) change DOCKER_KONG_VERSION temporarily

* tests(package) add minimal tests

* tests(package) add chown and chmod tests

* tests(package) validate Kong is running as the correct user

* chore(ci) temporarily remove non-build tests

* tests(package) add 'chmod -R g=u' verification tests

Also fixes a small issue where the user-validation-tests was getting
pulled.

* tests(package) install needed dependencies to run the tests

* tests(package) install debs with dpkg -i /src/kong.deb || apt install --fix-broken -y

Debian jessie can't install local packages with apt-get

* tests(amd64) pin the user-validation tests to as to amd64

* chore(ci) pin DOCKER_KONG_VERSION to master

* Revert "chore(ci) temporarily remove non-build tests"

This reverts commit 66abe497fdbbc414a128c1269cdbc1a9ec35d07a.

Co-authored-by: Colin Hutchinson <chutchic@gmail.com>

d8a318cd

Oct 03, 2020
- Update dependency zipp to v3.3.0 · d6052a07
  Renovate Bot authored 4 years ago
  
  d6052a07
Sep 26, 2020
- Update dependency zipp to v3.2.0 · 137d5611
  Renovate Bot authored 4 years ago
  
  137d5611
- Update dependency paho-mqtt to v1.5.1 · 5040e87d
  Renovate Bot authored 4 years ago
  
  5040e87d
Sep 24, 2020
- Update dependency stevedore to v3.2.2 · 622b5a10
  Renovate Bot authored 4 years ago
  
  622b5a10
Sep 23, 2020
- Merge pull request #318 from Kong/renovate/attrs-20.x · 3c31ccad
  Colin Hutchinson authored 4 years ago
  
  Update dependency attrs to v20
  4.10.1
  
  3c31ccad
- Merge pull request #334 from Kong/chore/ci-retry · ca84a4d8
  Colin Hutchinson authored 4 years ago
  
  chore(ci) add some naive retries to our CI
  ca84a4d8
- Merge pull request #330 from Kong/chore/test-signed-release · 398a6408
  Colin Hutchinson authored 4 years ago
  
  chore(release) if we try to sign a package but fail we should fail
  398a6408
- chore(ci) add some naive retries to our CI · 06bd8308
  Colin Hutchinson authored 4 years ago
  
  06bd8308
- Merge pull request #333 from Kong/chore/luarocks-cache · f6715f79
  Colin Hutchinson authored 4 years ago
  
  chore(cache) dont recycle the cache that includes luarocks as downgrading a luarock isnt possible
  f6715f79
- chore(cache) dont recycle the cache that includes luarocks as downgrading a luarock isnt possible · 8edf9c5c
  Colin Hutchinson authored 4 years ago
  
  8edf9c5c
- chore(makefile) read libyaml version from .requirements · 144d5486
  Aapo Talvensaari authored 4 years ago
  
  144d5486
Sep 18, 2020
- Merge pull request #324 from Kong/chore/ci-alpine-arm · 9158d300
  Colin Hutchinson authored 4 years ago
  
  chore(ci) setup CI to test and release alpine arm build
  9158d300
- chore(release) if we try to sign a package but fail we should fail · cecdf3bc
  Colin Hutchinson authored 4 years ago
  
  cecdf3bc
- Merge pull request #329 from Kong/fix/systemd-reload · 1b7feed4
  Colin Hutchinson authored 4 years ago
  
  fix(system) adjust systemd reload to do a kong prepare
  4.10.0
  
  1b7feed4
Sep 17, 2020
- fix(system) adjust systemd reload to do a kong prepare · b0da2512
  Colin Hutchinson authored 4 years ago
  
  b0da2512
Sep 14, 2020
- chore(ci) reimplement kbt testing against next not master · a00b84dc
  Colin Hutchinson authored 4 years ago
  
  a00b84dc
Sep 12, 2020
- Update dependency pytest to v6.0.2 · 22d66be0
  Renovate Bot authored 4 years ago
  
  22d66be0
Sep 11, 2020
- Merge pull request #326 from Kong/feat/ngx_stream_lua_ffi_crc2-1.15.8.3 · f82569ed
  Colin Hutchinson authored 4 years ago
  
  feat(openresty-patches) add ngx_stream_lua-0.0.7_04-ffi_crc32_api.patch
  f82569ed
- feat(openresty-patches) add ngx_stream_lua-0.0.7_04-ffi_crc32_api.patch · 02db81e3
  Hisham Muhammad authored 4 years ago
  
  Adds missing patch in the family of: * ngx_lua-0.10.15_03-ffi_crc32_api.patch * lua-resty-core-0.1.17_05-ffi_crc32_api.patch
  02db81e3
Sep 10, 2020
- Revert "debug: temp commit to test building alpine arm on jenkins" · 5bfe6b03
  Colin Hutchinson authored 4 years ago
  
  This reverts commit 9aad4a1a.
  5bfe6b03
- Merge branch 'master' into chore/ci-alpine-arm · f1a0f999
  Colin Hutchinson authored 4 years ago
  
  f1a0f999
- fix(patches) update the patches for 1.17.8.2 · bc2cb077
  Colin Hutchinson authored 4 years ago
  
  bc2cb077
- debug: temp commit to test building alpine arm on jenkins · 9aad4a1a
  Colin Hutchinson authored 4 years ago
  
  9aad4a1a
- chore(release) adjust kong-build-tools docker releases to capture alpine multi-arch · f2e0a03b
  Colin Hutchinson authored 4 years ago
  
  f2e0a03b
- chore(jenkins) use `next` branch instead of `master` · e7f4590c
  Aapo Talvensaari authored 4 years ago
  
  ### Summary Just changes the `KONG_SOURCE` to point to our `next` instead of `master` branch.
  e7f4590c
- fix(patches) remove req-time-api patch · 232f5bf0
  Aapo Talvensaari authored 4 years ago
  
  ### Summary This makes compiling OpenResty 1.17.8.x fail because the API is removed in this commit: https://github.com/openresty/stream-lua-nginx-module/commit/44f68b9e6000deea1ed982d53d2bf472ce6d0b89#diff-383967f66f2c8340f2dbb7fb1765bc16 We need to figure out if this has any effect on Kong, but the patches should go away, because they don't make sense anymore.
  232f5bf0
Sep 09, 2020

chore(ci) setup CI to test alpine arm build · 05759195
Colin Hutchinson authored 4 years ago

05759195

chore(patches) make 1.17.8.1 and 1.17.8.2 patches to apply cleanly (#323) · 60c95f28

Aapo Talvensaari authored 4 years ago

### Summary

```
patching file LuaJIT-2.1-20200102/src/lj_api.c
patching file LuaJIT-2.1-20200102/src/lj_arch.h
Hunk #1 succeeded at 241 (offset 4 lines).
patching file LuaJIT-2.1-20200102/src/lj_cconv.c
patching file LuaJIT-2.1-20200102/src/lj_obj.h
Hunk #1 succeeded at 831 (offset 1 line).
patching file LuaJIT-2.1-20200102/src/lj_state.c
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core.lua
Hunk #1 succeeded at 19 with fuzz 1 (offset -2 lines).
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/ngx/balancer.lua
patching file lua-resty-core-0.1.19/lib/ngx/balancer.lua
Hunk #1 succeeded at 45 (offset 7 lines).
Hunk #2 succeeded at 348 (offset 137 lines).
patching file lua-resty-core-0.1.19/lib/resty/core.lua
patching file lua-resty-core-0.1.19/lib/resty/core/request.lua
patching file lua-resty-core-0.1.19/lib/resty/core/utils.lua
patching file lua-resty-websocket-0.07/lib/resty/websocket/client.lua
patching file nginx-1.17.8/src/http/ngx_http_upstream.c
Hunk #2 succeeded at 1688 (offset -3 lines).
Hunk #3 succeeded at 1719 (offset -3 lines).
Hunk #4 succeeded at 1765 (offset -3 lines).
patching file nginx-1.17.8/src/http/ngx_http_special_response.c
patching file nginx-1.17.8/src/stream/ngx_stream_proxy_module.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.h
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_balancer.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_common.h
patching file ngx_lua-0.10.17/src/ngx_http_lua_module.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_balancer.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_balancer.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_common.h
patching file ngx_lua-0.10.17/src/ngx_http_lua_balancer.c
patching file ngx_stream_lua-0.0.8/src/ngx_stream_lua_util.c
Hunk #1 succeeded at 1965 with fuzz 2 (offset 10 lines).
patching file ngx_stream_lua-0.0.8/src/api/ngx_stream_lua_api.h
```

vs.

```
patching file LuaJIT-2.1-20200102/src/lj_api.c
patching file LuaJIT-2.1-20200102/src/lj_arch.h
patching file LuaJIT-2.1-20200102/src/lj_cconv.c
patching file LuaJIT-2.1-20200102/src/lj_obj.h
patching file LuaJIT-2.1-20200102/src/lj_state.c
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/resty/core.lua
patching file lua-resty-core-0.1.19/lib/resty/core/socket_tcp.lua
patching file lua-resty-core-0.1.19/lib/ngx/balancer.lua
patching file lua-resty-core-0.1.19/lib/ngx/balancer.lua
patching file lua-resty-core-0.1.19/lib/resty/core.lua
patching file lua-resty-core-0.1.19/lib/resty/core/request.lua
patching file lua-resty-core-0.1.19/lib/resty/core/utils.lua
patching file lua-resty-websocket-0.07/lib/resty/websocket/client.lua
patching file nginx-1.17.8/src/http/ngx_http_upstream.c
patching file nginx-1.17.8/src/http/ngx_http_special_response.c
patching file nginx-1.17.8/src/stream/ngx_stream_proxy_module.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.h
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_socket_tcp.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_balancer.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_common.h
patching file ngx_lua-0.10.17/src/ngx_http_lua_module.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_balancer.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_balancer.c
patching file ngx_lua-0.10.17/src/ngx_http_lua_common.h
patching file ngx_lua-0.10.17/src/ngx_http_lua_balancer.c
patching file ngx_stream_lua-0.0.8/src/ngx_stream_lua_util.c
patching file ngx_stream_lua-0.0.8/src/api/ngx_stream_lua_api.h
```

60c95f28

Sep 08, 2020
- chore(arm64) enable alpine arm64 images · 630b31d3
  Colin Hutchinson authored 4 years ago
  
  630b31d3
- Increase ARM64 lightuserdata mapping from 8 to 16 sectors · 60714856
  Javier Guerra authored 4 years ago
  
  60714856
Sep 05, 2020
- Update dependency attrs to v20 · 0ab70377
  Renovate Bot authored 4 years ago
  
  0ab70377
- Update dependency stevedore to v3.2.1 · 5e1a8148
  Renovate Bot authored 4 years ago
  
  5e1a8148