Initial support for hotfix integration as outlined in milestone 6.

Dockerfile.rocky8

@@ -637,12 +637,14 @@ RUN useradd -l -u $UID -g $GID -ms /bin/bash $USER
 ENV MIG_ROOT=/home/$USER
 ENV WEB_DIR=/etc/httpd
 ENV CERT_DIR=$WEB_DIR/MiG-certificates
+ENV HOTFIXES_DIR=/hotfixes
 
 USER root
 
-RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} \
+RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} ${HOTFIXES_DIR} \
     && chown $USER:$GROUP ${CERT_DIR} \
-    && chmod 775 ${CERT_DIR}
+    && chmod 775 ${CERT_DIR} \
+    && chmod 700 ${HOTFIXES_DIR}
 
 #------------------------- next stage -----------------------------#
 # Certs and keys
@@ -1742,6 +1744,7 @@ ENTRYPOINT ["/tini", "--"]
 
 # NOTE: it's recommended to use COPY over ADD except when URL/unpack is needed
 COPY docker-entry.sh /app/docker-entry.sh
+COPY apply-hotfixes.sh /app/apply-hotfixes.sh
 COPY migrid-httpd.env /app/migrid-httpd.env
 COPY migrid-httpd-init.sh /app/migrid-httpd-init.sh
 COPY apache-init-helper /etc/init.d/apache-minimal
@@ -1750,7 +1753,7 @@ RUN sed "s/#LANG=.*/LANG=${LANG}/g" /app/migrid-httpd-init.sh > /etc/sysconfig/a
 RUN grep LANG /etc/sysconfig/apache-minimal > /etc/sysconfig/migrid
 COPY rsyslog-init-helper /etc/init.d/rsyslog-minimal
 RUN chown $USER:$GROUP /app/docker-entry.sh \
-    && chmod +x /app/docker-entry.sh
+    && chmod +x /app/docker-entry.sh /app/apply-hotfixes.sh
 
 USER root
 WORKDIR /app

Dockerfile.rocky9

@@ -596,12 +596,14 @@ RUN useradd -l -u $UID -g $GID -ms /bin/bash $USER
 ENV MIG_ROOT=/home/$USER
 ENV WEB_DIR=/etc/httpd
 ENV CERT_DIR=$WEB_DIR/MiG-certificates
+ENV HOTFIXES_DIR=/hotfixes
 
 USER root
 
-RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} \
+RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} ${HOTFIXES_DIR} \
     && chown $USER:$GROUP ${CERT_DIR} \
-    && chmod 775 ${CERT_DIR}
+    && chmod 775 ${CERT_DIR} \
+    && chmod 700 ${HOTFIXES_DIR}
 
 #------------------------- next stage -----------------------------#
 # Certs and keys
@@ -1629,6 +1631,7 @@ ENTRYPOINT ["/tini", "--"]
 
 # NOTE: it's recommended to use COPY over ADD except when URL/unpack is needed
 COPY docker-entry.sh /app/docker-entry.sh
+COPY apply-hotfixes.sh /app/apply-hotfixes.sh
 COPY migrid-httpd.env /app/migrid-httpd.env
 COPY migrid-httpd-init.sh /app/migrid-httpd-init.sh
 COPY apache-init-helper /etc/init.d/apache-minimal
@@ -1637,7 +1640,7 @@ RUN sed "s/#LANG=.*/LANG=${LANG}/g" /app/migrid-httpd-init.sh > /etc/sysconfig/a
 RUN grep LANG /etc/sysconfig/apache-minimal > /etc/sysconfig/migrid
 COPY rsyslog-init-helper /etc/init.d/rsyslog-minimal
 RUN chown $USER:$GROUP /app/docker-entry.sh \
-    && chmod +x /app/docker-entry.sh
+    && chmod +x /app/docker-entry.sh /app/apply-hotfixes.sh
 
 USER root
 WORKDIR /app

Makefile

@@ -133,6 +133,7 @@ initdirs: initcomposevars
 	mkdir -p ${PERSISTENT_ROOT}/wwwpublic-vgrid
 	mkdir -p ${PERSISTENT_ROOT}/wwwpublic-download
 	mkdir -p ${PERSISTENT_ROOT}/secrets
+	mkdir -p ${PERSISTENT_ROOT}/hotfixes/{scripts,patches}
 	mkdir -p ${PERSISTENT_ROOT}/mig-server-extconfs
 	mkdir -p ${LOG_ROOT}/miglog
 	mkdir -p ${LOG_ROOT}/syslog/migrid

apply-hotfixes.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+#
+# Apply all hot-fixes in specified folder
+
+APPLIED_DIR="/tmp/hotfixes-applied"
+HOTFIXES_DIR="/hotfixes"
+if [ $# -gt 0 ]; then
+    HOTFIXES_DIR="$1"
+fi
+PATCH_SOURCE="${HOTFIXES_DIR}/patches"
+SCRIPT_SOURCE="${HOTFIXES_DIR}/scripts"
+PATCHES_APPLIED="${APPLIED_DIR}/patches"
+SCRIPTS_APPLIED="${APPLIED_DIR}/scripts"
+
+if [ -d "${HOTFIXES_DIR}" ]; then
+    #echo "DEBUG: Applying hot-fixes available in ${HOTFIXES_DIR}"
+    mkdir -p ${PATCHES_APPLIED} ${SCRIPTS_APPLIED}
+    if [ -d "${PATCH_SOURCE}" ]; then
+        #echo "DEBUG: Applying any patches available in ${PATCH_SOURCE}"
+        for PATCH_PATH in "${PATCH_SOURCE}"/* ; do
+            PATCH_NAME=$(basename "${PATCH_PATH}")
+            if [ ! -f "${PATCH_PATH}" ]; then
+                # skip anything but files
+                continue
+            fi
+            if [ -f "${PATCHES_APPLIED}/${PATCH_NAME}" ]; then
+                echo "Skip already applied patch: ${PATCH_NAME}"
+            else
+                #echo "DEBUG: applying patch ${PATCH_PATH}"
+                patch -d / -p0 < "${PATCH_PATH}" && \
+                    cp "${PATCH_PATH}" "${PATCHES_APPLIED}/"
+            fi
+        done
+    fi
+    if [ -d "${SCRIPT_SOURCE}" ]; then
+        #echo "DEBUG: Applying any scripts available in ${SCRIPT_SOURCE}"
+        for SCRIPT_PATH in "${SCRIPT_SOURCE}"/* ; do
+            SCRIPT_NAME=$(basename "${SCRIPT_PATH}")
+            if [ ! -f "${SCRIPT_PATH}" ]; then
+                # skip anything but files
+                continue
+            fi
+            if [ -f "${SCRIPTS_APPLIED}/${SCRIPT_NAME}" ]; then
+                echo "Skip already applied script: ${SCRIPT_NAME}"
+            else
+                #echo "DEBUG: running script ${SCRIPT_PATH}"
+                ${SCRIPT_PATH} && \
+                    cp "${SCRIPT_PATH}" "${SCRIPTS_APPLIED}/"
+            fi
+        done
+    fi
+    #echo "DEBUG: Applied hot-fixes available in ${HOTFIXES_DIR}"
+    exit 0
+else
+    echo "WARNING: no such hot-fixes folder ${HOTFIXES_DIR}"
+    exit 1
+fi
+

docker-compose_development.yml

@@ -51,6 +51,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -111,6 +114,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -176,6 +182,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -227,6 +236,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -286,6 +298,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -340,6 +355,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -428,6 +446,14 @@ volumes:
       device: ${DOCKER_MIGRID_ROOT}/mig
       o: bind
 
+  hotfixes:
+    # Volume used to contain the optional additional container hotfixes
+    driver: local
+    driver_opts:
+      type: none
+      device: ${PERSISTENT_ROOT}/hotfixes
+      o: bind
+
   state:
     # Volume used to contain the migrid state (provided by migrid)
     driver: local

docker-compose_development_gdp.yml

@@ -51,6 +51,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -111,6 +114,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -180,6 +186,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -231,6 +240,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -290,6 +302,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -344,6 +359,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: certs
         target: /etc/httpd/MiG-certificates
@@ -432,6 +450,14 @@ volumes:
       device: ${DOCKER_MIGRID_ROOT}/mig
       o: bind
 
+  hotfixes:
+    # Volume used to contain the optional additional container hotfixes
+    driver: local
+    driver_opts:
+      type: none
+      device: ${PERSISTENT_ROOT}/hotfixes
+      o: bind
+
   state:
     # Volume used to contain the migrid state (provided by migrid)
     driver: local

docker-compose_production.yml

@@ -41,6 +41,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -95,6 +98,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -243,6 +249,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -386,6 +395,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -528,6 +540,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -670,6 +685,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -812,6 +830,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -891,6 +912,14 @@ volumes:
       device: ${DOCKER_MIGRID_ROOT}/mig
       o: bind
 
+  hotfixes:
+    # Volume used to contain the optional additional container hotfixes
+    driver: local
+    driver_opts:
+      type: none
+      device: ${PERSISTENT_ROOT}/hotfixes
+      o: bind
+
   mig-server-extconfs:
     # Volume used to contain the optional additional mig server config snippets
     driver: local

docker-entry.sh

@@ -7,6 +7,7 @@
 CHECKCONF=0
 KEEPALIVE=0
 VERSIONINFO=0
+APPLYHOTFIXES="/app/apply-hotfixes.sh"
 
 # Make sure requested timezone is actually used everywhere for consistent 
 # log time stamps.
@@ -46,6 +47,13 @@ if [ ! -d "${MIG_ROOT}" ]; then
     exit 1
 fi
 
+if [ ! -f "${APPLYHOTFIXES}" ]; then
+    echo "No hot-fix support available in ${APPLYHOTFIXES}"
+else
+    echo "Apply hot-fixes with ${APPLYHOTFIXES}"
+    ${APPLYHOTFIXES}
+fi
+
 
 # Create any user requested
 while getopts cku:p:s:V option; do