Bot Updating Package Versions

Allow setting sudo password via hash

.github/workflows/external_trigger.yml

@@ -22,8 +22,9 @@ jobs:
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
             echo "**** Can't retrieve external version, exiting ****"
             FAILURE_REASON="Can't retrieve external version for code-server branch master"
+            GHA_TRIGGER_URL="https://github.com/linuxserver/docker-code-server/actions/runs/${{ github.run_id }}"
             curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
-              "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
+              "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n**Trigger URL:** '"${GHA_TRIGGER_URL}"' \n"}],
               "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
             exit 1
           fi

.github/workflows/greetings.yml

@@ -8,6 +8,6 @@ jobs:
     steps:
     - uses: actions/first-interaction@v1
       with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [issue template](https://github.com/linuxserver/docker-code-server/blob/master/.github/ISSUE_TEMPLATE.md)!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-code-server/blob/master/.github/ISSUE_TEMPLATE/issue.bug.md) or [feature](https://github.com/linuxserver/docker-code-server/blob/master/.github/ISSUE_TEMPLATE/issue.feature.md) issue templates!'
         pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-code-server/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/package_trigger_scheduler.yml

@@ -2,7 +2,7 @@ name: Package Trigger Scheduler
 
 on:
   schedule:
-    - cron:  '04 6 * * 6'
+    - cron:  '00 12 * * 0'
   workflow_dispatch:
 
 jobs:

Jenkinsfile

@@ -265,13 +265,30 @@ pipeline {
               fi
               mkdir -p ${TEMPDIR}/gitbook
               git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation
-              if [[ "${BRANCH_NAME}" == "master" ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
+              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
                 cp ${TEMPDIR}/docker-${CONTAINER_NAME}/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/
                 cd ${TEMPDIR}/gitbook/docker-documentation/
                 git add images/docker-${CONTAINER_NAME}.md
                 git commit -m 'Bot Updating Documentation'
                 git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all
               fi
+              mkdir -p ${TEMPDIR}/unraid 
+              git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
+              git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
+              if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
+                sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/${CONTAINER_NAME}.xml
+              fi
+              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
+                if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
+                  echo "Image is on the ignore list, skipping Unraid template upload"
+                else
+                  cp ${TEMPDIR}/docker-${CONTAINER_NAME}/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
+                  cd ${TEMPDIR}/unraid/templates/
+                  git add unraid/${CONTAINER_NAME}.xml
+                  git commit -m 'Bot Updating Unraid Template'
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all
+                fi
+              fi
               rm -Rf ${TEMPDIR}'''
         script{
           env.FILES_UPDATED = sh(

README.md

@@ -92,6 +92,7 @@ services:
       - TZ=Europe/London
       - PASSWORD=password #optional
       - SUDO_PASSWORD=password #optional
+      - SUDO_PASSWORD_HASH= #optional
       - PROXY_DOMAIN=code-server.my.domain #optional
     volumes:
       - /path/to/appdata/config:/config
@@ -110,6 +111,7 @@ docker run -d \
   -e TZ=Europe/London \
   -e PASSWORD=password `#optional` \
   -e SUDO_PASSWORD=password `#optional` \
+  -e SUDO_PASSWORD_HASH= `#optional` \
   -e PROXY_DOMAIN=code-server.my.domain `#optional` \
   -p 8443:8443 \
   -v /path/to/appdata/config:/config \
@@ -130,6 +132,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London |
 | `-e PASSWORD=password` | Optional web gui password, if not provided, there will be no auth. |
 | `-e SUDO_PASSWORD=password` | If this optional variable is set, user will have sudo access in the code-server terminal with the specified password. |
+| `-e SUDO_PASSWORD_HASH=` | Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`. |
 | `-e PROXY_DOMAIN=code-server.my.domain` | If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains) |
 | `-v /config` | Contains all relevant configuration files. |
 
@@ -247,6 +250,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **23.12.20:** - Allow setting sudo password via hash using env var `SUDO_PASSWORD_HASH`.
 * **29.05.20:** - Add --domain-proxy support.
 * **21.05.20:** - Shrink images, install via yarn, fix arm32v7 build.
 * **18.05.20:** - Switch to multi-arch images, install via npm.

package_versions.txt

@@ -52,7 +52,7 @@ libbsd00.8.7-1ubuntu0.1
 libbz2-1.01.0.6-8.1ubuntu0.2
 libc62.27-3ubuntu1.4
 libcap-ng00.7.7-3.1
-libc-bin2.27-3ubuntu1.2
+libc-bin2.27-3ubuntu1.4
 libcom-err21.44.1-1ubuntu1.3
 libcurl3-gnutls7.58.0-2ubuntu3.12
 libcurl47.58.0-2ubuntu3.12
@@ -99,7 +99,7 @@ libnettle63.4-1
 libnghttp2-141.30.0-1ubuntu1
 libnpth01.5-3
 libonig46.7.0-1
-libp11-kit00.23.9-2
+libp11-kit00.23.9-2ubuntu0.1
 libpam0g1.1.8-3.6ubuntu2.18.04.2
 libpam-modules1.1.8-3.6ubuntu2.18.04.2
 libpam-modules-bin1.1.8-3.6ubuntu2.18.04.2
@@ -114,9 +114,9 @@ libpython-stdlib2.7.15~rc1-1
 libreadline77.0-3
 libroken18-heimdal7.5.0+dfsg-1
 librtmp12.4+20151223.gitfa8646d.1-1
-libsasl2-22.1.27~101-g0780600+dfsg-3ubuntu2.1
-libsasl2-modules2.1.27~101-g0780600+dfsg-3ubuntu2.1
-libsasl2-modules-db2.1.27~101-g0780600+dfsg-3ubuntu2.1
+libsasl2-22.1.27~101-g0780600+dfsg-3ubuntu2.3
+libsasl2-modules2.1.27~101-g0780600+dfsg-3ubuntu2.3
+libsasl2-modules-db2.1.27~101-g0780600+dfsg-3ubuntu2.3
 libseccomp22.4.3-1ubuntu3.18.04.3
 libselinux12.7-2build2
 libsemanage12.7-2build2
@@ -128,10 +128,10 @@ libss21.44.1-1ubuntu1.3
 libssl1.0.01.0.2n-1ubuntu5.5
 libssl1.11.1.1-1ubuntu2.1~18.04.7
 libstdc++68.4.0-1ubuntu1~18.04
-libsystemd0237-3ubuntu10.42
+libsystemd0237-3ubuntu10.43
 libtasn1-64.13-2
 libtinfo56.1-1ubuntu1.18.04
-libudev1237-3ubuntu10.42
+libudev1237-3ubuntu10.43
 libunistring20.9.9-0ubuntu2
 libuuid12.31.1-0.4ubuntu3.7
 libwind0-heimdal7.5.0+dfsg-1
@@ -155,7 +155,7 @@ ncurses-base6.1-1ubuntu1.18.04
 ncurses-bin6.1-1ubuntu1.18.04
 netbase5.4
 net-tools1.60+git20161116.90da8a0-1ubuntu1
-nodejs12.20.0-1nodesource1
+nodejs12.20.1-1nodesource1
 openssh-client1:7.6p1-4ubuntu0.3
 openssl1.1.1-1ubuntu2.1~18.04.7
 passwd1:4.5-1ubuntu2
@@ -175,8 +175,8 @@ sed4.4-2
 sensible-utils0.0.12
 sudo1.8.21p2-3ubuntu1.3
 sysvinit-utils2.88dsf-59.10ubuntu1
-tar1.29b-2ubuntu0.1
-tzdata2020d-0ubuntu0.18.04
+tar1.29b-2ubuntu0.2
+tzdata2020f-0ubuntu0.18.04
 ubuntu-keyring2018.09.18.1~18.04.0
 util-linux2.31.1-0.4ubuntu3.7
 xauth1:1.0.10-1

readme-vars.yml

@@ -42,13 +42,14 @@ param_ports:
   - { external_port: "8443", internal_port: "8443", port_desc: "web gui" }
 param_usage_include_env: true
 param_env_vars:
-  - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"}
+  - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London" }
 
 # optional container parameters
 opt_param_usage_include_env: true
 opt_param_env_vars:
-  - { env_var: "PASSWORD", env_value: "password", desc: "Optional web gui password, if not provided, there will be no auth."}
-  - { env_var: "SUDO_PASSWORD", env_value: "password", desc: "If this optional variable is set, user will have sudo access in the code-server terminal with the specified password."}
+  - { env_var: "PASSWORD", env_value: "password", desc: "Optional web gui password, if not provided, there will be no auth." }
+  - { env_var: "SUDO_PASSWORD", env_value: "password", desc: "If this optional variable is set, user will have sudo access in the code-server terminal with the specified password." }
+  - { env_var: "SUDO_PASSWORD_HASH", env_value: "", desc: "Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`." }
   - { env_var: "PROXY_DOMAIN", env_value: "code-server.my.domain", desc: "If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains)" }
 
 optional_block_1: false
@@ -68,7 +69,8 @@ app_setup_block: |
 
 # changelog
 changelogs:
-  - { date: "29.05.20:", desc: "Add --domain-proxy support."}
+  - { date: "23.12.20:", desc: "Allow setting sudo password via hash using env var `SUDO_PASSWORD_HASH`." }
+  - { date: "29.05.20:", desc: "Add --domain-proxy support." }
   - { date: "21.05.20:", desc: "Shrink images, install via yarn, fix arm32v7 build." }
   - { date: "18.05.20:", desc: "Switch to multi-arch images, install via npm." }
   - { date: "29.04.20:", desc: "Update start arguments." }

root/etc/cont-init.d/30-config

@@ -2,14 +2,19 @@
 
 mkdir -p /config/{extensions,data,workspace,.ssh}
 
-if [ -n "${SUDO_PASSWORD}" ]; then
+if [ -n "${SUDO_PASSWORD}" ] || [ -n "${SUDO_PASSWORD_HASH}" ]; then
   echo "setting up sudo access"
   if ! grep -q 'abc' /etc/sudoers; then
     echo "adding abc to sudoers"
     echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
   fi
-  echo "setting sudo password"
-  echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
+  if [ -n "${SUDO_PASSWORD_HASH}" ]; then
+    echo "setting sudo password using sudo password hash"
+    sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
+  else
+    echo "setting sudo password using SUDO_PASSWORD env var"
+    echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
+  fi
 fi
 
 # permissions