1 Commits

Author SHA1 Message Date
renovate a0b163176e chore(deps): update alpine docker tag to v3.24
renovate/stability-days Updates have met minimum release age requirement
PR Checks / hadolint (pull_request) Successful in 12s
PR Checks / build-test (pull_request) Failing after 18s
2026-07-03 20:27:00 +00:00
2 changed files with 18 additions and 82 deletions
+12 -6
View File
@@ -5,17 +5,23 @@ COPY entrypoint.sh /entrypoint.sh
COPY patch.py /tmp/patch.py COPY patch.py /tmp/patch.py
# hadolint ignore=DL3018 # hadolint ignore=DL3018
RUN apk add --no-cache offlineimap openssl tini && \ RUN apk add --no-cache offlineimap openssl && \
adduser -D offlineimap && \ adduser -D offlineimap && \
# Apply post-install patches: # Force SECLEVEL=1 in imaplib2 to allow connecting to servers with weak DH keys (DH_KEY_TOO_SMALL)
# - UnicodeEncodeError fallback for defective messages (Maildir + IMAP) # This is required because OpenSSL 3.x in Alpine 3.23 defaults to SECLEVEL=2
# - SSL SECLEVEL=1 in imaplib2 to allow connecting to servers with weak DH keys sed -i 's/ctx = ssl.SSLContext(ssl_version)/ctx = ssl.SSLContext(ssl_version)\n ctx.set_ciphers("DEFAULT:@SECLEVEL=1")/' /usr/lib/python3.*/site-packages/imaplib2/imaplib2.py && \
# (OpenSSL 3.x defaults to SECLEVEL=2) # Patch offlineimap email generator bug for defective messages
python3 /tmp/patch.py && rm /tmp/patch.py python3 /tmp/patch.py && rm /tmp/patch.py
COPY --chown=offlineimap offlineimaprc.*.tmpl /home/offlineimap/ COPY --chown=offlineimap offlineimaprc.*.tmpl /home/offlineimap/
# Add Tini
ENV "TINI_VERSION" "v0.16.1"
#ADD "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" "/tini"
#RUN chmod +x "/tini"
#ENTRYPOINT ["/tini", "--"]
USER "offlineimap" USER "offlineimap"
ENTRYPOINT ["/sbin/tini", "--"] #ENTRYPOINT [ "/entrypoint.sh" ]
CMD [ "/entrypoint.sh" ] CMD [ "/entrypoint.sh" ]
+5 -75
View File
@@ -1,52 +1,16 @@
#!/usr/bin/env python3 import sys, os
"""Post-install patches for offlineimap on Alpine.
Run as root in the Docker build (RUN python3 /tmp/patch.py).
Fixes two upstream issues that persist in offlineimap 8.0.0:
1. UnicodeEncodeError when writing messages with non-ASCII bytes
(Maildir.save thread + IMAP header generation).
2. SSL SECLEVEL=2 in OpenSSL 3.x prevents connecting to servers with
weak DH keys (DH_KEY_TOO_SMALL). Force SECLEVEL=1 in imaplib2.
Paths are resolved dynamically so the patch survives Python version
bumps across Alpine releases (was hardcoded to python3.12).
"""
import glob
import sys
# ---------------------------------------------------------------
# 1. Maildir.py — wrap fd.write(msg.as_bytes(...)) in a try/except
# that falls back to UTF-8 encoded as_string on UnicodeEncodeError
# ---------------------------------------------------------------
maildir_path = glob.glob(
"/usr/lib/python%d.%d/site-packages/offlineimap/folder/Maildir.py"
% (sys.version_info.major, sys.version_info.minor)
)[0]
maildir_path = "/usr/lib/python3.12/site-packages/offlineimap/folder/Maildir.py"
with open(maildir_path, "r") as f: with open(maildir_path, "r") as f:
maildir = f.read() maildir = f.read()
maildir = maildir.replace( maildir = maildir.replace(
"fd.write(msg.as_bytes(policy=output_policy))", "fd.write(msg.as_bytes(policy=output_policy))",
"try:\n fd.write(msg.as_bytes(policy=output_policy))\n except UnicodeEncodeError:\n fd.write(msg.as_string(policy=output_policy).encode('utf-8'))", "try:\n fd.write(msg.as_bytes(policy=output_policy))\n except UnicodeEncodeError:\n fd.write(msg.as_string(policy=output_policy).encode('utf-8'))"
) )
with open(maildir_path, "w") as f: with open(maildir_path, "w") as f:
f.write(maildir) f.write(maildir)
# --------------------------------------------------------------- imap_path = "/usr/lib/python3.12/site-packages/offlineimap/folder/IMAP.py"
# 2. IMAP.py — add a helper and replace msg.as_bytes(policy=...) calls
# with the helper that falls back on UnicodeEncodeError
# ---------------------------------------------------------------
imap_path = glob.glob(
"/usr/lib/python%d.%d/site-packages/offlineimap/folder/IMAP.py"
% (sys.version_info.major, sys.version_info.minor)
)[0]
with open(imap_path, "r") as f: with open(imap_path, "r") as f:
imap_py = f.read() imap_py = f.read()
@@ -57,40 +21,6 @@ def get_msg_bytes(msg, policy):
except UnicodeEncodeError: except UnicodeEncodeError:
return msg.as_string(policy=policy).encode('utf-8') return msg.as_string(policy=policy).encode('utf-8')
""" """
imap_py = imap_patch + imap_py.replace( imap_py = imap_patch + imap_py.replace("msg.as_bytes(policy=output_policy)", "get_msg_bytes(msg, output_policy)")
"msg.as_bytes(policy=output_policy)", "get_msg_bytes(msg, output_policy)"
)
with open(imap_path, "w") as f: with open(imap_path, "w") as f:
f.write(imap_py) f.write(imap_py)
# ---------------------------------------------------------------
# 3. imaplib2.py — force SECLEVEL=1 to allow weak DH keys
# (moved here from a sed one-liner in the Dockerfile)
# ---------------------------------------------------------------
imaplib2_paths = glob.glob(
"/usr/lib/python%d.%d/site-packages/imaplib2/imaplib2.py"
% (sys.version_info.major, sys.version_info.minor)
)
if imaplib2_paths:
imaplib2_path = imaplib2_paths[0]
with open(imaplib2_path, "r") as f:
imaplib2_py = f.read()
old = "ctx = ssl.SSLContext(ssl_version)"
new = (
'ctx = ssl.SSLContext(ssl_version)\n'
' ctx.set_ciphers("DEFAULT:@SECLEVEL=1")'
)
if old in imaplib2_py:
imaplib2_py = imaplib2_py.replace(old, new)
with open(imaplib2_path, "w") as f:
f.write(imaplib2_py)
print("Patched imaplib2 SECLEVEL=1")
else:
print("imaplib2 already patched or pattern not found — skipping")
else:
print("imaplib2 not found — skipping SECLEVEL patch")