This reverts commit b92befff94.
Reason: we have new default on 21.11, cf. b4f588ea3 and this patch
is now obsolete. We cannot build 6.4 docker images from this branch
anyway, because of the rename.
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I1dd0960b3bdbeecec52d548a4053a3482887df0c
explicitly set buster as source since is now oldstable
Signed-off-by: Marco Marinello <me@marcomarinello.it>
Change-Id: I7153ad1ce61bc6fcd4862209a01a4f73e68b5aa5
This will speed up docker build if only something in start-collabora-online.sh has changed.
Signed-off-by: Erik Habicht <erik.habicht@gmail.com>
Change-Id: Iaa9566f6793b47877901522f1f0e7cb2acc530b6
There is no reason why the UI mode should be set here where it over-rides the setting in loolwsd.xml.
Change-Id: I5f4ecd61dba96831dec28e7d3175718c8d63287c
Signed-off-by: litvin-Millogic <sam-linux@litvinhome.net>
Docker supports two methods of executing commands.
The existing approach was to run bash and give the
shell script to execute, which forks and execs another
shell instance to run the script. This means that the
script itself is not PID 1, rather the parent bash
instance is.
The second approach is to exec the script in the same
bash process, without a parent. This is exactly what
we want, because once our script is done, it execs
loolwsd, thereby making loolwsd PID 1.
All of this means that when the docker container is
stopped, and PID 1 is sent SIGTERM, loolwsd will
intercept it and gracefully shutdown.
Change-Id: I52ac63f7fba58d20d1c6f63c7e07dd18141c1af4
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Clobbering a copied-in config un-necessarily is impolite.
Change-Id: I9eec5711d12def987f2ae08f9e6bd77f1636780e
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
After compiling and installing poco the script is left in the wrong path, resulting core to be deployed underneath poco directory which breaks configure --with-lo-path later on.
Signed-off-by: Martin Hoffmann <mhoffmann@pro-nets.de>
Change-Id: I46c5b77e44eebead08c8a7fb857c229900a23570
In some cases we cannot do a fast bind-mount of the files we want
in our jail since we don't have cap_sys_admin for loolmount inside
eg. docker.
Thus we need to fallback to hard-linking, however various security
systems namespace parts of our tree, such that link() fails with
EXDEV even across the (apparently) same file-system.
As such we need to assemble a copy of what we want to hard-link
close to our jails. However, this needs to be owned by root / the
system to avoid having writable files shared between jails. Hence
we need cap_chown in addition to cap_fowner, to get ownership right
and then hard-link.
Change-Id: Iba0ef46ddbc1c03f3dc7177bc1ec1755624135db
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Colors in docker only add noise in the form
of the escape codes around the log entries.
Best to disable colored logging in docker.
Change-Id: I15c62910856eb37e41585be7b7bbe78ce5456283
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
loolmount now works and supports mounting and
unmounting, plus numerous improvements,
refactoring, logging, etc.. When enabled,
binding improves the jail setup time by anywhere
from 2x to orders of magnitude (in docker, f.e.).
A new config entry mount_jail_tree controls
whether mounting is used or the old method of
linking/copying of jail contents. It is set to
true by default and falls back to linking/copying.
A test mount is done when the setting is enabled,
and if mounting fails, it's disabled to avoid noise.
Temporarily disabled for unit-tests until we can
cleanup lingering mounts after Jenkins aborts our
build job. In a future patch we will have mount/jail
cleanup as part of make.
The network/system files in /etc that need frequent
refreshing are now updated in systemplate to make
their most recent version available in the jails.
These files can change during the course of loolwsd
lifetime, and are unlikely to be updated in
systemplate after installation at all. We link to
them in the systemplate/etc directory, and if that
fails, we copy them before forking each kit
instance to have the latest.
This reworks the approach used to bind-mount the
jails and the templates such that the total is
now down to only three mounts: systemplate, lo, tmp.
As now systemplate and lotemplate are shared, they
must be mounted as readonly, this means that user/
must now be moved into tmp/user/ which is writable.
The mount-points must be recursive, because we mount
lo/ within the mount-point of systemplate (which is
the root of the jail). But because we (re)bind
recursively, and because both systemplate and
lotemplate are mounted for each jails, we need to
make them unbindable, so they wouldn't multiply the
mount-points for each jails (an explosive growth!)
Contrarywise, we don't want the mount-points to
be shared, because we don't expect to add/remove
mounts after a jail is created.
The random temp directory is now created and set
correctly, plus many logging and other improvements.
Change-Id: Iae3fda5e876cf47d2cae6669a87b5b826a8748df
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92829
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
