Upgrade: bullseye & borgbackup 1.1.16 (#13)

* Upgrade to bullseye-slim image * Fix(run.sh): authorized_keys permissions * Change(run.sh): Add restrict to client keys & output debian version * Change(Dockerfile): Allow different base images * Update(drone): Build buster & bullseye images * Update README
2022-01-21 10:33:54 +01:00 · 2022-01-21 10:33:54 +01:00 · 0b641a8253
parent 7b241c142b
commit 0b641a8253
4 changed files with 31 additions and 3 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -4,7 +4,7 @@ name: build
 type: kubernetes

 steps:
- name: build-image
+- name: build-bullseye
  image: plugins/kaniko
  settings:
    username:
@ -13,6 +13,24 @@ steps:
      from_secret: docker_password
    repo: nold360/borgserver
    dockerfile: Dockerfile
+    build_args:
+      - BASE_IMAGE=debian:bullseye-slim
    tags:
      - latest
+      - bullseye
+      - 1.1.16
+
+- name: build-buster
+  image: plugins/kaniko
+  settings:
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+    repo: nold360/borgserver
+    dockerfile: Dockerfile
+    build_args:
+      - BASE_IMAGE=debian:buster-slim
+    tags:
      - buster
+      - 1.1.9
--- a/3
+++ b/3
@ -2,7 +2,8 @@
 # Dockerfile to build borgbackup server images
 # Based on Debian
 ############################################################
-FROM debian:buster-slim
+ARG BASE_IMAGE=debian:bullseye-slim
+FROM $BASE_IMAGE

 # Volume for SSH-Keys
 VOLUME /sshkeys
--- a/README.md
+++ b/README.md
@ -132,3 +132,9 @@ And create your first backup!
 ```
 $ borg create backup:my_first_borg_repo::documents-2017-11-01 /home/user/MyImportentDocs
 ```
+
+## Tags
+
+All images are freshly built every week & published as `nold360/borgserver` with the following tags:
+ - Latest / Stable [borg 1.1.16]: `bullseye`, `1.1.16`, `latest`
+ - Legacy / Buster [borg 1.1.9 ]: `buster`, `1.1.9`
--- a/data/run.sh
+++ b/data/run.sh
@ -15,9 +15,11 @@ AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
 # Append only mode?
 BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}

+source /etc/os-release
 echo "########################################################"
 echo -n " * Docker BorgServer powered by "
 borg -V
+echo " * Based on ${PRETTY_NAME}"
 echo "########################################################"
 echo " * User  id: $(id -u borg)"
 echo " * Group id: $(id -g borg)"
@ -74,9 +76,10 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d
 		borg_cmd="${BORG_CMD} --append-only"
 	fi

-    echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
+    echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
 	cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
 done
+chmod 0600 "${AUTHORIZED_KEYS_PATH}"

 echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
 ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null)