GUACAMOLE-374: Support absolutely all properties and extensions.

guacamole-docker/build.d/000-build-and-install-guacamole.sh

@@ -0,0 +1,62 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+## 
+## @fn 010-build-and-install-guacamole.sh
+##
+## Builds the Guacamole web application and all main extensions, installing the
+## resulting binaries to standard locations within the Docker image. After the
+## build and install process, the resulting binaries can be found beneath:
+##
+## /opt/guacamole/webapp:
+##   The web application, "guacamole.war".
+##
+## /opt/guacamole/extensions:
+##   All extensions, each within their own subdirectory and identical to the
+##   result of extracting a released .tar.gz except that version numbers of been
+##   stripped.
+##
+
+#
+# Build guacamole.war and all extensions, applying any provided Maven build
+# arguments
+#
+
+cd "$BUILD_DIR"
+mvn $MAVEN_ARGUMENTS package
+
+#
+# Copy built web application (guacamole.war) to destination location
+#
+
+mkdir -p "$DESTINATION/webapp"
+cp guacamole/target/*.war "$DESTINATION/webapp/guacamole.war"
+
+#
+# Extract all extensions to destination location, stripping version number
+# suffix from .jar files and top-level directory name
+#
+
+mkdir -p "$DESTINATION/extensions"
+find extensions/ -path "**/target/*.tar.gz" -exec tar -xzf "{}" \
+    -C "$DESTINATION/extensions"                                \
+    --xform='s#^\([^/]*\)-[0-9]\+\.[0-9]\+\.[0-9]\+#\1#g'       \
+    --xform='s#-[0-9]\+\.[0-9]\+\.[0-9]\+\(\.jar$\)#\1#g'       \
+    ";"
+

guacamole-docker/build.d/010-map-guacamole-extensions.sh

@@ -0,0 +1,118 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+##
+## @fn 020-map-guacamole-extensions.sh
+##
+## Maps all installed Guacamole extensions (built in a previous step) to their
+## corresponding environment variable prefixes, adding symbolic links so that
+## the changes to the contents of GUACAMOLE_HOME can be easily made by the
+## container's entrypoint based on which environment variables are set, without
+## requiring that the entrypoint be specifically aware of all supported
+## environment variables.
+##
+
+##
+## Reads a mapping of Guacamole extension to environment variable prefix from
+## STDIN, creating a hierarchy of directories and symbolic links on the
+## filesystem that can be easily consumed by the container's entrypoint later.
+##
+## Each mapping consists of a single line with two values separated by
+## whitespace, where the first (leftmost) value is the path to the directory
+## containing the extension .jar file (relative to /opt/guacamole/extensions)
+## and the second (rightmost) value is the environment variable prefix used by
+## that extension. For readability, periods may be used in lieu of spaces.
+##
+## After mapping has occurred, the resulting mappings are located beneath
+## /opt/guacamole/environment. They consist of directories named after the
+## provided environment variable prefixes, where the contents of those
+## directories are subsets of the contents of GUACAMOLE_HOME that would need to
+## be added to the actual GUACAMOLE_HOME to enable that extension.
+##
+map_extensions() {
+
+    # Read through each provided path/prefix mapping pair
+    mkdir -p "$DESTINATION/environment"
+    tr . ' ' | while read -r EXT_PATH VAR_PREFIX; do
+
+        # Add mappings only for extensions that were actually built as part of
+        # the build process (some extensions, like the RADIUS support, will
+        # only be built if specific build arguments are provided)
+        if [ -d "$DESTINATION/extensions/$EXT_PATH/" ]; then
+            echo "Mapped: $EXT_PATH -> $VAR_PREFIX"
+            mkdir -p "$DESTINATION/environment/$VAR_PREFIX/extensions"
+            ln -s "$DESTINATION/extensions/$EXT_PATH"/*.jar "$DESTINATION/environment/$VAR_PREFIX/extensions/"
+        else
+            echo "Skipped: $EXT_PATH (not built)"
+        fi
+
+    done
+
+}
+
+#
+# This section is a mapping of all bundled extensions to their corresponding
+# variable prefixes. Each line consists of a whitespace-separated pair of
+# extension path (the relative directory containing the .jar file) to that
+# extension's variable prefix. For readability, a period may be used in lieu of
+# a space.
+#
+# NOTES:
+#
+# (1) The actual variables used by each extension are not determined here, but
+# rather by the transformation of their configuration properties to variables
+# ("lowercase-with-dashes" to "UPPERCASE_WITH_UNDERSCORES"). The variable
+# prefixes listed here should be chosen to match the prefixes resulting from
+# that transformation of the extensions' properties.
+#
+# (2) The paths on the left side of this mapping are the paths of the extension
+# .jar files relative to the "/opt/guacamole/extensions" directory used by the
+# container to store extensions prior to use. They are identical to the paths
+# used by the distribution .tar.gz files provided with each Guacamole release,
+# except that the version numbers have been stripped from the top-level path.
+#
+# (3) The script processing this file uses these prefixes to define and process
+# an additional "ENABLED" variable (ie: "BAN_ENABLED", "TOTP_ENABLED", etc.)
+# that can be used to enable/disable an extension entirely regardless of the
+# presence/absence of other variables with the prefix. This allows extensions
+# that need no configuration to be easily enabled. It also allows extensions
+# that already have configuration present to be easily disabled without
+# requiring that all other configuration be removed.
+#
+map_extensions <<'EOF'
+    guacamole-auth-ban..........................BAN_
+    guacamole-auth-duo..........................DUO_
+    guacamole-auth-header.......................HTTP_AUTH_
+    guacamole-auth-jdbc/mysql...................MYSQL_
+    guacamole-auth-jdbc/postgresql..............POSTGRESQL_
+    guacamole-auth-jdbc/sqlserver...............SQLSERVER_
+    guacamole-auth-json.........................JSON_
+    guacamole-auth-ldap.........................LDAP_
+    guacamole-auth-quickconnect.................QUICKCONNECT_
+    guacamole-auth-radius.......................RADIUS_
+    guacamole-auth-sso/cas......................CAS_
+    guacamole-auth-sso/openid...................OPENID_
+    guacamole-auth-sso/saml.....................SAML_
+    guacamole-auth-sso/ssl......................SSL_
+    guacamole-auth-totp.........................TOTP_
+    guacamole-display-statistics................DISPLAY_STATISTICS_
+    guacamole-history-recording-storage.........RECORDING_
+    guacamole-vault/ksm.........................KSM_
+EOF
+

guacamole-docker/build.d/020-download-drivers.sh

@@ -0,0 +1,99 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+##
+## @fn 030-download-drivers.sh
+##
+## Downloads all JDBC drivers required by the various supported databases. Each
+## downloaded driver is stored beneath /opt/guacamole/drivers, with symbolic
+## links added to the mappings beneath /opt/guacamole/environment to ensure any
+## required drivers are added to GUACAMOLE_HOME if necessary to support a
+## requested database.
+##
+
+##
+## Downloads the JDBC driver at the given URL, storing the driver's .jar file
+## under the given name and environment variable prefix. The downloaded .jar
+## file is stored such that it is pulled into GUACAMOLE_HOME automatically if
+## environment variables with that prefix are used.
+##
+## If the URL is for a .tar.gz file and not a .jar file, the .jar will be
+## automatically extracted from the .tar.gz as it is downloaded.
+##
+## @param VAR_PREFIX
+##     The environment variable prefix used by the extension that requires the
+##     driver.
+##
+## @param URL
+##     The URL that the driver should be downloaded from.
+##
+## @param DEST_JAR
+##     The filename to assign to the downloaded .jar file. This is mainly
+##     needed to ensure that the drivers bundled with the image have names that
+##     are predictable and reliable enough that they can be consumed by
+##     third-party use of this image.
+##
+download_driver() {
+
+    local VAR_PREFIX="$1"
+    local URL="$2"
+    local DEST_JAR="$3"
+
+    # Ensure primary destination path for .jar file exists
+    local DEST_PATH="$DESTINATION/drivers/"
+    mkdir -p "$DEST_PATH"
+
+    # Download requested .jar file, extracting from .tar.gz if necessary
+    if [[ "$URL" == *.tar.gz ]]; then
+        curl -L "$URL" | tar -xz       \
+            --wildcards                \
+            --no-anchored              \
+            --no-wildcards-match-slash \
+            --to-stdout                \
+            "*.jar" > "$DEST_PATH/$DEST_JAR"
+    else
+        curl -L "$URL" > "$DEST_PATH/$DEST_JAR"
+    fi
+
+    # Add any required link to ensure the .jar file is loaded along with the
+    # extension that requires it
+    mkdir -p "$DESTINATION/environment/$VAR_PREFIX/lib"
+    ln -s "$DEST_PATH/$DEST_JAR" "$DESTINATION/environment/$VAR_PREFIX/lib/"
+
+}
+
+#
+# Download and link any required JDBC drivers
+#
+
+# MySQL JDBC driver
+download_driver "MYSQL_" \
+    "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-$MYSQL_JDBC_VERSION.tar.gz" \
+    "mysql-jdbc.jar"
+
+# PostgreSQL JDBC driver
+download_driver "POSTGRESQL_" \
+    "https://jdbc.postgresql.org/download/postgresql-$PGSQL_JDBC_VERSION.jar" \
+    "postgresql-jdbc.jar"
+
+# SQL Server JDBC driver
+download_driver "SQLSERVER_" \
+    "https://github.com/microsoft/mssql-jdbc/releases/download/v$MSSQL_JDBC_VERSION/mssql-jdbc-$MSSQL_JDBC_VERSION.jre8.jar" \
+    "mssql-jdbc.jar"
+

guacamole-docker/build.d/999-verify-sanity.sh

@@ -0,0 +1,47 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+##
+## @fn 999-verify-sanity.sh
+##
+## Performs sanity checks on the results of the build that verify the image
+## contains everything it is expected to contain, including all built
+## extensions. If symbolic links were not correctly constructed, or some built
+## extensions were not mapped to environment variable prefixes, this script
+## will log errors and fail the build.
+##
+
+# Perform basic sanity checks that the symbolic links used to associated
+# environment variables with extensions/libraries have been correctly created,
+# bailing out if any problems are found.
+(
+
+    # Search for any broken symbolic links intended to map files for
+    # environment variables
+    find "$DESTINATION/environment/" -xtype l | sed 's/^/Broken link: /'
+
+    # Search for extensions that have not been mapped to any environment
+    # variables at all
+    comm -23 \
+        <(find "$DESTINATION/extensions/" -name "*.jar" -exec realpath "{}" ";" | sort -u) \
+        <(find "$DESTINATION/environment/" -path "**/extensions/*.jar" -exec realpath "{}" ";" | sort -u) \
+        | sed 's/^/Unmapped extension: /'
+
+) | sed 's/^/ERROR: /' | (! grep .) >&2 || exit 1
+