Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 5da83461a9 |
@@ -26,7 +26,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
|
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
|
||||||
- uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4
|
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
@@ -35,7 +35,7 @@ jobs:
|
|||||||
TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
|
TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
|
||||||
echo "tag=$TAG" >> $GITHUB_OUTPUT
|
echo "tag=$TAG" >> $GITHUB_OUTPUT
|
||||||
- id: meta
|
- id: meta
|
||||||
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
|
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
|
||||||
with:
|
with:
|
||||||
images: jcabillot/offlineimap
|
images: jcabillot/offlineimap
|
||||||
tags: |
|
tags: |
|
||||||
|
|||||||
@@ -24,12 +24,12 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||||
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
|
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
|
||||||
- uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4
|
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
- id: meta
|
- id: meta
|
||||||
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
|
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
|
||||||
with:
|
with:
|
||||||
images: jcabillot/offlineimap
|
images: jcabillot/offlineimap
|
||||||
tags: |
|
tags: |
|
||||||
|
|||||||
+12
-6
@@ -5,17 +5,23 @@ COPY entrypoint.sh /entrypoint.sh
|
|||||||
COPY patch.py /tmp/patch.py
|
COPY patch.py /tmp/patch.py
|
||||||
|
|
||||||
# hadolint ignore=DL3018
|
# hadolint ignore=DL3018
|
||||||
RUN apk add --no-cache offlineimap openssl tini && \
|
RUN apk add --no-cache offlineimap openssl && \
|
||||||
adduser -D offlineimap && \
|
adduser -D offlineimap && \
|
||||||
# Apply post-install patches:
|
# Force SECLEVEL=1 in imaplib2 to allow connecting to servers with weak DH keys (DH_KEY_TOO_SMALL)
|
||||||
# - UnicodeEncodeError fallback for defective messages (Maildir + IMAP)
|
# This is required because OpenSSL 3.x in Alpine 3.23 defaults to SECLEVEL=2
|
||||||
# - SSL SECLEVEL=1 in imaplib2 to allow connecting to servers with weak DH keys
|
sed -i 's/ctx = ssl.SSLContext(ssl_version)/ctx = ssl.SSLContext(ssl_version)\n ctx.set_ciphers("DEFAULT:@SECLEVEL=1")/' /usr/lib/python3.*/site-packages/imaplib2/imaplib2.py && \
|
||||||
# (OpenSSL 3.x defaults to SECLEVEL=2)
|
# Patch offlineimap email generator bug for defective messages
|
||||||
python3 /tmp/patch.py && rm /tmp/patch.py
|
python3 /tmp/patch.py && rm /tmp/patch.py
|
||||||
|
|
||||||
COPY --chown=offlineimap offlineimaprc.*.tmpl /home/offlineimap/
|
COPY --chown=offlineimap offlineimaprc.*.tmpl /home/offlineimap/
|
||||||
|
|
||||||
|
# Add Tini
|
||||||
|
ENV "TINI_VERSION" "v0.16.1"
|
||||||
|
#ADD "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" "/tini"
|
||||||
|
#RUN chmod +x "/tini"
|
||||||
|
#ENTRYPOINT ["/tini", "--"]
|
||||||
|
|
||||||
USER "offlineimap"
|
USER "offlineimap"
|
||||||
|
|
||||||
ENTRYPOINT ["/sbin/tini", "--"]
|
#ENTRYPOINT [ "/entrypoint.sh" ]
|
||||||
CMD [ "/entrypoint.sh" ]
|
CMD [ "/entrypoint.sh" ]
|
||||||
@@ -1,52 +1,16 @@
|
|||||||
#!/usr/bin/env python3
|
import sys, os
|
||||||
"""Post-install patches for offlineimap on Alpine.
|
|
||||||
|
|
||||||
Run as root in the Docker build (RUN python3 /tmp/patch.py).
|
|
||||||
Fixes two upstream issues that persist in offlineimap 8.0.0:
|
|
||||||
|
|
||||||
1. UnicodeEncodeError when writing messages with non-ASCII bytes
|
|
||||||
(Maildir.save thread + IMAP header generation).
|
|
||||||
2. SSL SECLEVEL=2 in OpenSSL 3.x prevents connecting to servers with
|
|
||||||
weak DH keys (DH_KEY_TOO_SMALL). Force SECLEVEL=1 in imaplib2.
|
|
||||||
|
|
||||||
Paths are resolved dynamically so the patch survives Python version
|
|
||||||
bumps across Alpine releases (was hardcoded to python3.12).
|
|
||||||
"""
|
|
||||||
|
|
||||||
import glob
|
|
||||||
import sys
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------
|
|
||||||
# 1. Maildir.py — wrap fd.write(msg.as_bytes(...)) in a try/except
|
|
||||||
# that falls back to UTF-8 encoded as_string on UnicodeEncodeError
|
|
||||||
# ---------------------------------------------------------------
|
|
||||||
|
|
||||||
maildir_path = glob.glob(
|
|
||||||
"/usr/lib/python%d.%d/site-packages/offlineimap/folder/Maildir.py"
|
|
||||||
% (sys.version_info.major, sys.version_info.minor)
|
|
||||||
)[0]
|
|
||||||
|
|
||||||
|
maildir_path = "/usr/lib/python3.12/site-packages/offlineimap/folder/Maildir.py"
|
||||||
with open(maildir_path, "r") as f:
|
with open(maildir_path, "r") as f:
|
||||||
maildir = f.read()
|
maildir = f.read()
|
||||||
|
|
||||||
maildir = maildir.replace(
|
maildir = maildir.replace(
|
||||||
"fd.write(msg.as_bytes(policy=output_policy))",
|
"fd.write(msg.as_bytes(policy=output_policy))",
|
||||||
"try:\n fd.write(msg.as_bytes(policy=output_policy))\n except UnicodeEncodeError:\n fd.write(msg.as_string(policy=output_policy).encode('utf-8'))",
|
"try:\n fd.write(msg.as_bytes(policy=output_policy))\n except UnicodeEncodeError:\n fd.write(msg.as_string(policy=output_policy).encode('utf-8'))"
|
||||||
)
|
)
|
||||||
|
|
||||||
with open(maildir_path, "w") as f:
|
with open(maildir_path, "w") as f:
|
||||||
f.write(maildir)
|
f.write(maildir)
|
||||||
|
|
||||||
# ---------------------------------------------------------------
|
imap_path = "/usr/lib/python3.12/site-packages/offlineimap/folder/IMAP.py"
|
||||||
# 2. IMAP.py — add a helper and replace msg.as_bytes(policy=...) calls
|
|
||||||
# with the helper that falls back on UnicodeEncodeError
|
|
||||||
# ---------------------------------------------------------------
|
|
||||||
|
|
||||||
imap_path = glob.glob(
|
|
||||||
"/usr/lib/python%d.%d/site-packages/offlineimap/folder/IMAP.py"
|
|
||||||
% (sys.version_info.major, sys.version_info.minor)
|
|
||||||
)[0]
|
|
||||||
|
|
||||||
with open(imap_path, "r") as f:
|
with open(imap_path, "r") as f:
|
||||||
imap_py = f.read()
|
imap_py = f.read()
|
||||||
|
|
||||||
@@ -57,40 +21,6 @@ def get_msg_bytes(msg, policy):
|
|||||||
except UnicodeEncodeError:
|
except UnicodeEncodeError:
|
||||||
return msg.as_string(policy=policy).encode('utf-8')
|
return msg.as_string(policy=policy).encode('utf-8')
|
||||||
"""
|
"""
|
||||||
imap_py = imap_patch + imap_py.replace(
|
imap_py = imap_patch + imap_py.replace("msg.as_bytes(policy=output_policy)", "get_msg_bytes(msg, output_policy)")
|
||||||
"msg.as_bytes(policy=output_policy)", "get_msg_bytes(msg, output_policy)"
|
|
||||||
)
|
|
||||||
|
|
||||||
with open(imap_path, "w") as f:
|
with open(imap_path, "w") as f:
|
||||||
f.write(imap_py)
|
f.write(imap_py)
|
||||||
|
|
||||||
# ---------------------------------------------------------------
|
|
||||||
# 3. imaplib2.py — force SECLEVEL=1 to allow weak DH keys
|
|
||||||
# (moved here from a sed one-liner in the Dockerfile)
|
|
||||||
# ---------------------------------------------------------------
|
|
||||||
|
|
||||||
imaplib2_paths = glob.glob(
|
|
||||||
"/usr/lib/python%d.%d/site-packages/imaplib2/imaplib2.py"
|
|
||||||
% (sys.version_info.major, sys.version_info.minor)
|
|
||||||
)
|
|
||||||
|
|
||||||
if imaplib2_paths:
|
|
||||||
imaplib2_path = imaplib2_paths[0]
|
|
||||||
with open(imaplib2_path, "r") as f:
|
|
||||||
imaplib2_py = f.read()
|
|
||||||
|
|
||||||
old = "ctx = ssl.SSLContext(ssl_version)"
|
|
||||||
new = (
|
|
||||||
'ctx = ssl.SSLContext(ssl_version)\n'
|
|
||||||
' ctx.set_ciphers("DEFAULT:@SECLEVEL=1")'
|
|
||||||
)
|
|
||||||
|
|
||||||
if old in imaplib2_py:
|
|
||||||
imaplib2_py = imaplib2_py.replace(old, new)
|
|
||||||
with open(imaplib2_path, "w") as f:
|
|
||||||
f.write(imaplib2_py)
|
|
||||||
print("Patched imaplib2 SECLEVEL=1")
|
|
||||||
else:
|
|
||||||
print("imaplib2 already patched or pattern not found — skipping")
|
|
||||||
else:
|
|
||||||
print("imaplib2 not found — skipping SECLEVEL patch")
|
|
||||||
Reference in New Issue
Block a user