diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml deleted file mode 100644 index 7152c11..0000000 --- a/.forgejo/workflows/build.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Build and push image - -on: - push: - branches: [master] - schedule: - - cron: '0 4 * * *' # daily, picks up LSIO base image updates - workflow_dispatch: - -jobs: - build: - runs-on: docker - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: master - fetch-depth: 0 - token: ${{ secrets.PUSH_TOKEN }} - - - name: Merge upstream - run: | - git config user.name "forgejo-runner" - git config user.email "runner@forge.jannis.wtf" - git fetch origin master - git reset --hard origin/master - git remote add upstream https://github.com/linuxserver/docker-plex - git fetch upstream - git merge upstream/master --no-edit - git push origin master - - - name: Set up Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Forgejo registry - uses: docker/login-action@v3 - with: - registry: forge.jannis.wtf - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v5 - with: - context: . - push: true - tags: | - forge.jannis.wtf/fej/plex-wireguard:latest - forge.jannis.wtf/fej/plex-wireguard:${{ github.sha }} \ No newline at end of file diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml index d07cf12..2c30784 100755 --- a/.github/workflows/call_issue_pr_tracker.yml +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -8,9 +8,6 @@ on: pull_request_review: types: [submitted,edited,dismissed] -permissions: - contents: read - jobs: manage-project: permissions: diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml index 7763722..e38dfc0 100755 --- a/.github/workflows/call_issues_cron.yml +++ b/.github/workflows/call_issues_cron.yml @@ -4,9 +4,6 @@ on: - cron: '33 12 * * *' workflow_dispatch: -permissions: - contents: read - jobs: stale: permissions: diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 5cadde5..f502b3a 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -3,9 +3,6 @@ name: External Trigger Main on: workflow_dispatch: -permissions: - contents: read - jobs: external-trigger-master: runs-on: ubuntu-latest @@ -46,8 +43,8 @@ jobs: "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} exit 1 fi - EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') - echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY + EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') + echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY image="linuxserver/plex" tag="latest" @@ -103,8 +100,8 @@ jobs: exit 1 fi echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY - if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then - echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY + if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then + echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-plex/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY @@ -119,7 +116,7 @@ jobs: "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} else printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY - echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY + echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY if [[ "${artifacts_found}" == "true" ]]; then echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY fi @@ -139,7 +136,7 @@ jobs: --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ --data-urlencode "Submit=Submit" echo "**** Notifying Discord ****" - TRIGGER_REASON="A version change was detected for plex tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}" + TRIGGER_REASON="A version change was detected for plex tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index b3649f8..d1c45f1 100644 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -5,9 +5,6 @@ on: - cron: '14 * * * *' workflow_dispatch: -permissions: - contents: read - jobs: external-trigger-scheduler: runs-on: ubuntu-latest diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index 9f32b52..7a82d14 100755 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -2,14 +2,8 @@ name: Greetings on: [pull_request_target, issues] -permissions: - contents: read - jobs: greeting: - permissions: - issues: write - pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/first-interaction@v1 diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index be3abba..abaf63d 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -5,9 +5,6 @@ on: - cron: '0 9 * * 1' workflow_dispatch: -permissions: - contents: read - jobs: package-trigger-scheduler: runs-on: ubuntu-latest diff --git a/.gitignore b/.gitignore index b733b8b..6e8ad97 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,3 @@ -# Wireguard configs, you never know -wg*.conf # Windows image file caches Thumbs.db ehthumbs.db diff --git a/Dockerfile b/Dockerfile index 9bd89c9..bf19423 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,17 +24,14 @@ ENV DEBIAN_FRONTEND="noninteractive" \ PLEX_MEDIA_SERVER_USER="abc" \ PLEX_MEDIA_SERVER_INFO_VENDOR="Docker" \ PLEX_MEDIA_SERVER_INFO_DEVICE="Docker Container (LinuxServer.io)" \ - TMPDIR=/run/plex-temp \ - ATTACHED_DEVICES_PERMS="/dev/dri /dev/dvb -type c" + TMPDIR=/run/plex-temp RUN \ - echo "**** install runtime packages & wireguard ****" && \ + echo "**** install runtime packages ****" && \ apt-get update && \ apt-get install -y \ udev \ - wget \ - iproute2 \ - wireguard-tools &&\ + wget && \ echo "**** install plex ****" && \ if [ -z ${PLEX_RELEASE+x} ]; then \ PLEX_RELEASE=$(curl -sX GET 'https://plex.tv/api/downloads/5.json' \ @@ -58,7 +55,6 @@ RUN \ # add local files COPY root/ / - # add unrar COPY --from=unrar /usr/bin/unrar-ubuntu /usr/bin/unrar diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 50d9455..b1c14c6 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -21,8 +21,7 @@ ENV DEBIAN_FRONTEND="noninteractive" \ PLEX_MEDIA_SERVER_USER="abc" \ PLEX_MEDIA_SERVER_INFO_VENDOR="Docker" \ PLEX_MEDIA_SERVER_INFO_DEVICE="Docker Container (LinuxServer.io)" \ - TMPDIR=/run/plex-temp \ - ATTACHED_DEVICES_PERMS="/dev/dri /dev/dvb -type c" + TMPDIR=/run/plex-temp RUN \ echo "**** install runtime packages ****" && \ diff --git a/Jenkinsfile b/Jenkinsfile index f0e1f0d..62105f4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -77,7 +77,6 @@ pipeline { ''' script{ env.EXIT_STATUS = '' - env.CI_TEST_ATTEMPTED = '' env.LS_RELEASE = sh( script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() @@ -97,11 +96,7 @@ pipeline { env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml' - if ( env.SYFT_IMAGE_TAG == null ) { - env.SYFT_IMAGE_TAG = 'latest' - } } - echo "Using syft image tag ${SYFT_IMAGE_TAG}" sh '''#! /bin/bash echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' script{ @@ -211,7 +206,6 @@ pipeline { env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' - env.CITEST_IMAGETAG = 'latest' } } } @@ -237,7 +231,6 @@ pipeline { env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/' env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' - env.CITEST_IMAGETAG = 'develop' } } } @@ -263,7 +256,6 @@ pipeline { env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/' env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' - env.CITEST_IMAGETAG = 'develop' } } } @@ -286,7 +278,7 @@ pipeline { -v ${WORKSPACE}:/mnt \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ - ghcr.io/linuxserver/baseimage-alpine:3.23 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ + ghcr.io/linuxserver/baseimage-alpine:3.20 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ apk add --no-cache python3 && \ python3 -m venv /lsiopy && \ pip install --no-cache-dir -U pip && \ @@ -621,16 +613,13 @@ pipeline { echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - if [[ "${PACKAGE_CHECK}" != "true" ]]; then - declare -A pids IFS=',' read -ra CACHE <<< "$BUILDCACHE" for i in "${CACHE[@]}"; do docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} & - pids[$!]="$i" done - for p in "${!pids[@]}"; do - wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + for p in $(jobs -p); do + wait "$p" || { echo "job $p failed" >&2; exit 1; } done fi ''' @@ -690,16 +679,13 @@ pipeline { echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - if [[ "${PACKAGE_CHECK}" != "true" ]]; then - declare -A pids IFS=',' read -ra CACHE <<< "$BUILDCACHE" for i in "${CACHE[@]}"; do docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} & - pids[$!]="$i" done - for p in "${!pids[@]}"; do - wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + for p in $(jobs -p); do + wait "$p" || { echo "job $p failed" >&2; exit 1; } done fi ''' @@ -753,14 +739,12 @@ pipeline { echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin if [[ "${PACKAGE_CHECK}" != "true" ]]; then - declare -A pids IFS=',' read -ra CACHE <<< "$BUILDCACHE" for i in "${CACHE[@]}"; do docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} & - pids[$!]="$i" done - for p in "${!pids[@]}"; do - wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; } + for p in $(jobs -p); do + wait "$p" || { echo "job $p failed" >&2; exit 1; } done fi ''' @@ -798,7 +782,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \ + ghcr.io/anchore/syft:latest \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" @@ -874,7 +858,6 @@ pipeline { script{ env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' - env.CI_TEST_ATTEMPTED = 'true' } sh '''#! /bin/bash set -e @@ -886,7 +869,7 @@ pipeline { CI_DOCKERENV="LSIO_FIRST_PARTY=true" fi fi - docker pull ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} + docker pull ghcr.io/linuxserver/ci:latest if [ "${MULTIARCH}" == "true" ]; then docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} @@ -909,10 +892,7 @@ pipeline { -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ -e NODE_NAME=\"${NODE_NAME}\" \ - -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \ - -e COMMIT_SHA=\"${COMMIT_SHA}\" \ - -e BUILD_NUMBER=\"${BUILD_NUMBER}\" \ - -t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \ + -t ghcr.io/linuxserver/ci:latest \ python3 test_build.py''' } } @@ -938,11 +918,9 @@ pipeline { CACHEIMAGE=${i} fi done - docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:latest -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ - { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:latest -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} if [ -n "${SEMVER}" ]; then - docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ - { if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} fi done ''' @@ -967,27 +945,20 @@ pipeline { CACHEIMAGE=${i} fi done - docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-latest -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ - { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } - docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-latest -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \ - { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-latest -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-latest -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} if [ -n "${SEMVER}" ]; then - docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \ - { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } - docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \ - { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} + docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} fi done for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do - docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest || \ - { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } - docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} || \ - { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } - docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} || \ - { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest + docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} + + docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then - docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} || \ - { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; } + docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} fi done ''' @@ -1005,41 +976,23 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { + echo "Pushing New tag for current commit ${META_TAG}" + sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \ + -d '{"tag":"'${META_TAG}'",\ + "object": "'${COMMIT_SHA}'",\ + "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ + "type": "commit",\ + "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' + echo "Pushing New release for Tag" sh '''#! /bin/bash - echo "Auto-generating release notes" - if [ "$(git tag --points-at HEAD)" != "" ]; then - echo "Existing tag points to current commit, suggesting no new LS changes" - AUTO_RELEASE_NOTES="No changes" - else - AUTO_RELEASE_NOTES=$(curl -fsL -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/vnd.github+json" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases/generate-notes \ - -d '{"tag_name":"'${META_TAG}'",\ - "target_commitish": "master"}' \ - | jq -r '.body' | sed 's|## What.s Changed||') - fi - echo "Pushing New tag for current commit ${META_TAG}" - curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \ - -d '{"tag":"'${META_TAG}'",\ - "object": "'${COMMIT_SHA}'",\ - "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ - "type": "commit",\ - "tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' - echo "Pushing New release for Tag" echo "Data change at JSON endpoint ${JSON_URL}" > releasebody.json - jq -n \ - --arg tag_name "$META_TAG" \ - --arg target_commitish "master" \ - --arg ci_url "${CI_URL:-N/A}" \ - --arg ls_notes "$AUTO_RELEASE_NOTES" \ - --arg remote_notes "$(cat releasebody.json)" \ - '{ - "tag_name": $tag_name, - "target_commitish": $target_commitish, - "name": $tag_name, - "body": ("**CI Report:**\\n\\n" + $ci_url + "\\n\\n**LinuxServer Changes:**\\n\\n" + $ls_notes + "\\n\\n**Remote Changes:**\\n\\n" + $remote_notes), - "draft": false, - "prerelease": false }' > releasebody.json.done - curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done - ''' + echo '{"tag_name":"'${META_TAG}'",\ + "target_commitish": "master",\ + "name": "'${META_TAG}'",\ + "body": "**CI Report:**\\n\\n'${CI_URL:-N/A}'\\n\\n**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start + printf '","draft": false,"prerelease": false}' >> releasebody.json + paste -d'\\0' start releasebody.json > releasebody.json.done + curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done''' } } // Add protection to the release branch @@ -1077,13 +1030,98 @@ EOF ) ''' } } + // If this is a Pull request send the CI link as a comment on it + stage('Pull Request Comment') { + when { + not {environment name: 'CHANGE_ID', value: ''} + environment name: 'EXIT_STATUS', value: '' + } + steps { + sh '''#! /bin/bash + # Function to retrieve JSON data from URL + get_json() { + local url="$1" + local response=$(curl -s "$url") + if [ $? -ne 0 ]; then + echo "Failed to retrieve JSON data from $url" + return 1 + fi + local json=$(echo "$response" | jq .) + if [ $? -ne 0 ]; then + echo "Failed to parse JSON data from $url" + return 1 + fi + echo "$json" + } + + build_table() { + local data="$1" + + # Get the keys in the JSON data + local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') + + # Check if keys are empty + if [ -z "$keys" ]; then + echo "JSON report data does not contain any keys or the report does not exist." + return 1 + fi + + # Build table header + local header="| Tag | Passed |\\n| --- | --- |\\n" + + # Loop through the JSON data to build the table rows + local rows="" + for build in $keys; do + local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") + if [ "$status" = "true" ]; then + status="✅" + else + status="❌" + fi + local row="| "$build" | "$status" |\\n" + rows="${rows}${row}" + done + + local table="${header}${rows}" + local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') + echo "$escaped_table" + } + + if [[ "${CI}" = "true" ]]; then + # Retrieve JSON data from URL + data=$(get_json "$CI_JSON_URL") + # Create table from JSON data + table=$(build_table "$data") + echo -e "$table" + + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" + else + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" + fi + ''' + + } + } } /* ###################### - Comment on PR and Send status to Discord + Send status to Discord ###################### */ post { always { - script { + sh '''#!/bin/bash + rm -rf /config/.ssh/id_sign + rm -rf /config/.ssh/id_sign.pub + git config --global --unset gpg.format + git config --global --unset user.signingkey + git config --global --unset commit.gpgsign + ''' + script{ env.JOB_DATE = sh( script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', returnStdout: true).trim() @@ -1126,87 +1164,6 @@ EOF "username": "Jenkins"}' ${BUILDS_DISCORD} ''' } } - script { - if (env.GITHUBIMAGE =~ /lspipepr/){ - if (env.CI_TEST_ATTEMPTED == "true"){ - sh '''#! /bin/bash - # Function to retrieve JSON data from URL - get_json() { - local url="$1" - local response=$(curl -s "$url") - if [ $? -ne 0 ]; then - echo "Failed to retrieve JSON data from $url" - return 1 - fi - local json=$(echo "$response" | jq .) - if [ $? -ne 0 ]; then - echo "Failed to parse JSON data from $url" - return 1 - fi - echo "$json" - } - - build_table() { - local data="$1" - - # Get the keys in the JSON data - local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') - - # Check if keys are empty - if [ -z "$keys" ]; then - echo "JSON report data does not contain any keys or the report does not exist." - return 1 - fi - - # Build table header - local header="| Tag | Passed |\\n| --- | --- |\\n" - - # Loop through the JSON data to build the table rows - local rows="" - for build in $keys; do - local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") - if [ "$status" = "true" ]; then - status="✅" - else - status="❌" - fi - local row="| "$build" | "$status" |\\n" - rows="${rows}${row}" - done - - local table="${header}${rows}" - local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') - echo "$escaped_table" - } - - if [[ "${CI}" = "true" ]]; then - # Retrieve JSON data from URL - data=$(get_json "$CI_JSON_URL") - # Create table from JSON data - table=$(build_table "$data") - echo -e "$table" - - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" - else - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" - fi - ''' - } - } - } - sh '''#!/bin/bash - rm -rf /config/.ssh/id_sign - rm -rf /config/.ssh/id_sign.pub - git config --global --unset gpg.format - git config --global --unset user.signingkey - git config --global --unset commit.gpgsign - ''' } cleanup { sh '''#! /bin/bash diff --git a/README.md b/README.md index e30016f..6d8a0e9 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,11 @@ -<<<<<<< HEAD -======= -due to the recent purge of Hosters by plex, this fork adds wireguard functionallity to the plex container as a quick workaround. all traffic gets tunneled. - -wireguard onfig file has to be mounted in /etc/wireguard/wg0.conf. e.g.: -``` - volumes: - - ./wg0.conf:/etc/wireguard/wg0.conf -``` - - - - ->>>>>>> 72bdfaa (Update README.md) [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") [![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.") [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.") +[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.") [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.") [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget") @@ -35,6 +22,7 @@ Find us at: * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! * [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team. * [Discourse](https://discourse.linuxserver.io) - post on our community forum. +* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images. * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories. * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget @@ -67,6 +55,7 @@ The architectures supported by this image are: | :----: | :----: | ---- | | x86-64 | ✅ | amd64-\ | | arm64 | ✅ | arm64v8-\ | +| armhf | ❌ | | ## Application Setup @@ -88,6 +77,24 @@ Valid settings for VERSION are:- + **`public`**: will update plexpass users to the latest public version, useful for plexpass users that don't want to be on the bleeding edge but still want the latest public updates. + **``**: will select a specific version (eg 0.9.12.4.1192-9a47d21) of plex to install, note you cannot use this to access plexpass versions if you do not have plexpass. +## Read-Only Operation + +This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). + +### Caveats + +* Runtime update of Plex (and thus Plexpass builds) is not supported. +* Transcode directory must be mounted to a host path or tmpfs. + +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + +### Caveats + +* Runtime update of Plex (and thus Plexpass builds) is not supported. +* Transcode directory must be mounted to a host path or tmpfs. + ### Hardware Acceleration Many desktop applications need access to a GPU to function properly and even some Desktop Environments have compositor effects that will not function without a GPU. However this is not a hard requirement and all base images will function without a video device mounted into the container. @@ -113,30 +120,12 @@ We automatically add the necessary environment variable that will utilise all th Best effort is made to install tools to allow mounting in /dev/dri on Arm devices. In most cases if /dev/dri exists on the host it should just work. If running a Raspberry Pi 4 be sure to enable `dtoverlay=vc4-fkms-v3d` in your usercfg.txt. -## Read-Only Operation - -This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). - -### Caveats - -* Runtime update of Plex (and thus Plexpass builds) is not supported. -* Transcode directory must be mounted to a host path or tmpfs. - -## Non-Root Operation - -This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). - -### Caveats - -* Runtime update of Plex (and thus Plexpass builds) is not supported. -* Transcode directory must be mounted to a host path or tmpfs. - ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. >[!NOTE] ->Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided. +>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided. ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose)) @@ -385,8 +374,6 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **15.03.26:** - Allow TMPDIR to be changed to better support read-only containers -* **15.03.26:** - Fix initial claim setup on non-root containers * **04.11.24:** - Add Nvidia capability needed for h265 * **18.07.24:** - Rebase to Ubuntu Noble. * **12.02.24:** - Use universal hardware acceleration blurb diff --git a/package_versions.txt b/package_versions.txt index d36b5b4..fe9d4ca 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,94 +1,94 @@ NAME VERSION TYPE adduser 3.137ubuntu1 deb -apt 2.8.3 deb -apt-utils 2.8.3 deb -base-files 13ubuntu10.4 deb +apt 2.7.14build2 deb +apt-utils 2.7.14build2 deb +base-files 13ubuntu10.2 deb base-passwd 3.6.3build1 deb bash 5.2.21-2ubuntu4 deb -bsdutils 1:2.39.3-9ubuntu6.5 deb +bsdutils 1:2.39.3-9ubuntu6.2 deb ca-certificates 20240203 deb catatonit 0.1.7-1 deb -coreutils 9.4-3ubuntu6.2 deb +coreutils 9.4-3ubuntu6 deb cron 3.0pl1-184ubuntu2 deb cron-daemon-common 3.0pl1-184ubuntu2 deb -curl 8.5.0-2ubuntu10.8 deb +curl 8.5.0-2ubuntu10.6 deb dash 0.5.12-6ubuntu5 deb debconf 1.5.86ubuntu1 deb debianutils 5.17build1 deb diffutils 1:3.10-1build1 deb -dirmngr 2.4.4-2ubuntu17.4 deb -dpkg 1.22.6ubuntu6.5 deb +dirmngr 2.4.4-2ubuntu17 deb +dpkg 1.22.6ubuntu6.1 deb e2fsprogs 1.47.0-2.4~exp1ubuntu4.1 deb findutils 4.9.0-5build1 deb -gcc-14-base 14.2.0-4ubuntu2~24.04.1 deb -gnupg 2.4.4-2ubuntu17.4 deb -gnupg-l10n 2.4.4-2ubuntu17.4 deb -gnupg-utils 2.4.4-2ubuntu17.4 deb -gpg 2.4.4-2ubuntu17.4 deb -gpg-agent 2.4.4-2ubuntu17.4 deb -gpg-wks-client 2.4.4-2ubuntu17.4 deb -gpgconf 2.4.4-2ubuntu17.4 deb -gpgsm 2.4.4-2ubuntu17.4 deb -gpgv 2.4.4-2ubuntu17.4 deb +gcc-14-base 14.2.0-4ubuntu2~24.04 deb +gnupg 2.4.4-2ubuntu17 deb +gnupg-l10n 2.4.4-2ubuntu17 deb +gnupg-utils 2.4.4-2ubuntu17 deb +gpg 2.4.4-2ubuntu17 deb +gpg-agent 2.4.4-2ubuntu17 deb +gpg-wks-client 2.4.4-2ubuntu17 deb +gpgconf 2.4.4-2ubuntu17 deb +gpgsm 2.4.4-2ubuntu17 deb +gpgv 2.4.4-2ubuntu17 deb grep 3.11-4build1 deb -gzip 1.12-1ubuntu3.1 deb +gzip 1.12-1ubuntu3 deb hostname 3.23+nmu2ubuntu2 deb init-system-helpers 1.66ubuntu1 deb -jq 1.7.1-3ubuntu0.24.04.2 deb -keyboxd 2.4.4-2ubuntu17.4 deb -krb5-locales 1.20.1-6ubuntu2.6 deb +jq 1.7.1-3build1 deb +keyboxd 2.4.4-2ubuntu17 deb +krb5-locales 1.20.1-6ubuntu2.4 deb libacl1 2.3.2-1build1.1 deb -libapt-pkg6.0t64 2.8.3 deb +libapt-pkg6.0t64 2.7.14build2 deb libassuan0 2.5.6-1build1 deb libattr1 1:2.5.2-1build1.1 deb libaudit-common 1:3.1.2-2.1build1.1 deb libaudit1 1:3.1.2-2.1build1.1 deb -libblkid1 2.39.3-9ubuntu6.5 deb +libblkid1 2.39.3-9ubuntu6.2 deb libbrotli1 1.1.0-2build2 deb libbsd0 0.12.1-1build1.1 deb libbz2-1.0 1.0.8-5.1build0.1 deb -libc-bin 2.39-0ubuntu8.7 deb -libc6 2.39-0ubuntu8.7 deb +libc-bin 2.39-0ubuntu8.4 deb +libc6 2.39-0ubuntu8.4 deb libcap-ng0 0.8.4-2build2 deb -libcap2 1:2.66-5ubuntu2.4 deb +libcap2 1:2.66-5ubuntu2.1 deb libcom-err2 1.47.0-2.4~exp1ubuntu4.1 deb libcrypt1 1:4.4.36-4build1 deb -libcurl4t64 8.5.0-2ubuntu10.8 deb +libcurl4t64 8.5.0-2ubuntu10.6 deb libdb5.3t64 5.3.28+dfsg2-7 deb libdebconfclient0 0.271ubuntu3 deb libext2fs2t64 1.47.0-2.4~exp1ubuntu4.1 deb libffi8 3.4.6-1build1 deb -libgcc-s1 14.2.0-4ubuntu2~24.04.1 deb +libgcc-s1 14.2.0-4ubuntu2~24.04 deb libgcrypt20 1.10.3-2build1 deb libgmp10 2:6.3.0+dfsg-2ubuntu6.1 deb -libgnutls30t64 3.8.3-1.1ubuntu3.5 deb +libgnutls30t64 3.8.3-1.1ubuntu3.2 deb libgpg-error0 1.47-3build2.1 deb -libgssapi-krb5-2 1.20.1-6ubuntu2.6 deb +libgssapi-krb5-2 1.20.1-6ubuntu2.4 deb libhogweed6t64 3.9.1-2.2build1.1 deb libidn2-0 2.3.7-2build1.1 deb -libjq1 1.7.1-3ubuntu0.24.04.2 deb -libk5crypto3 1.20.1-6ubuntu2.6 deb +libjq1 1.7.1-3build1 deb +libk5crypto3 1.20.1-6ubuntu2.4 deb libkeyutils1 1.6.3-3build1 deb -libkmod2 31+20240202-2ubuntu7.2 deb -libkrb5-3 1.20.1-6ubuntu2.6 deb -libkrb5support0 1.20.1-6ubuntu2.6 deb +libkmod2 31+20240202-2ubuntu7.1 deb +libkrb5-3 1.20.1-6ubuntu2.4 deb +libkrb5support0 1.20.1-6ubuntu2.4 deb libksba8 1.6.6-1build1 deb -libldap-common 2.6.10+dfsg-0ubuntu0.24.04.1 deb -libldap2 2.6.10+dfsg-0ubuntu0.24.04.1 deb +libldap-common 2.6.7+dfsg-1~exp1ubuntu8.1 deb +libldap2 2.6.7+dfsg-1~exp1ubuntu8.1 deb liblz4-1 1.9.4-1build1.1 deb -liblzma5 5.6.1+really5.4.5-1ubuntu0.2 deb +liblzma5 5.6.1+really5.4.5-1build0.1 deb libmd0 1.1.0-2build1.1 deb -libmount1 2.39.3-9ubuntu6.5 deb +libmount1 2.39.3-9ubuntu6.2 deb libncursesw6 6.4+20240113-1ubuntu2 deb libnettle8t64 3.9.1-2.2build1.1 deb libnghttp2-14 1.59.0-1ubuntu0.2 deb libnpth0t64 1.6-3.1build1 deb libonig5 6.9.9-1build1 deb libp11-kit0 0.25.3-4ubuntu2.1 deb -libpam-modules 1.5.3-5ubuntu5.5 deb -libpam-modules-bin 1.5.3-5ubuntu5.5 deb -libpam-runtime 1.5.3-5ubuntu5.5 deb -libpam0g 1.5.3-5ubuntu5.5 deb +libpam-modules 1.5.3-5ubuntu5.1 deb +libpam-modules-bin 1.5.3-5ubuntu5.1 deb +libpam-runtime 1.5.3-5ubuntu5.1 deb +libpam0g 1.5.3-5ubuntu5.1 deb libpcre2-8-0 10.42-4ubuntu2.1 deb libproc2-0 2:4.0.4-4ubuntu3.2 deb libpsl5t64 0.21.2-1.1build1 deb @@ -102,47 +102,47 @@ libselinux1 3.5-2ubuntu2.1 deb libsemanage-common 3.5-1build5 deb libsemanage2 3.5-1build5 deb libsepol2 3.5-2build1 deb -libsmartcols1 2.39.3-9ubuntu6.5 deb -libsqlite3-0 3.45.1-1ubuntu2.5 deb +libsmartcols1 2.39.3-9ubuntu6.2 deb +libsqlite3-0 3.45.1-1ubuntu2.1 deb libss2 1.47.0-2.4~exp1ubuntu4.1 deb -libssh-4 0.10.6-2ubuntu0.4 deb -libssl3t64 3.0.13-0ubuntu3.9 deb -libstdc++6 14.2.0-4ubuntu2~24.04.1 deb -libsystemd0 255.4-1ubuntu8.15 deb -libtasn1-6 4.19.0-3ubuntu0.24.04.2 deb +libssh-4 0.10.6-2build2 deb +libssl3t64 3.0.13-0ubuntu3.4 deb +libstdc++6 14.2.0-4ubuntu2~24.04 deb +libsystemd0 255.4-1ubuntu8.5 deb +libtasn1-6 4.19.0-3build1 deb libtinfo6 6.4+20240113-1ubuntu2 deb -libudev1 255.4-1ubuntu8.15 deb +libudev1 255.4-1ubuntu8.5 deb libunistring5 1.1-2build1.1 deb -libuuid1 2.39.3-9ubuntu6.5 deb +libuuid1 2.39.3-9ubuntu6.2 deb libxxhash0 0.8.2-2build1 deb libzstd1 1.5.5+dfsg2-2build1.1 deb -locales 2.39-0ubuntu8.7 deb +locales 2.39-0ubuntu8.4 deb login 1:4.13+dfsg1-4ubuntu3.2 deb logsave 1.47.0-2.4~exp1ubuntu4.1 deb mawk 1.3.4.20240123-1build1 deb -mount 2.39.3-9ubuntu6.5 deb +mount 2.39.3-9ubuntu6.2 deb ncurses-base 6.4+20240113-1ubuntu2 deb ncurses-bin 6.4+20240113-1ubuntu2 deb netcat-openbsd 1.226-1ubuntu2 deb -openssl 3.0.13-0ubuntu3.9 deb +openssl 3.0.13-0ubuntu3.4 deb passwd 1:4.13+dfsg1-4ubuntu3.2 deb -perl-base 5.38.2-3.2ubuntu0.2 deb +perl-base 5.38.2-3.2build2.1 deb pinentry-curses 1.2.1-3ubuntu5 deb -plexmediaserver 1.43.1.10611-1e34174b1 deb +plexmediaserver 1.41.4.9463-630c9f557 deb procps 2:4.0.4-4ubuntu3.2 deb publicsuffix 20231001.0357-0.1 deb readline-common 8.2-4build1 deb sed 4.9-2build1 deb sensible-utils 0.0.22 deb -systemd-dev 255.4-1ubuntu8.15 deb -systemd-hwe-hwdb 255.1.7 deb -systemd-standalone-sysusers 255.4-1ubuntu8.15 deb +systemd-dev 255.4-1ubuntu8.5 deb +systemd-hwe-hwdb 255.1.4 deb +systemd-standalone-sysusers 255.4-1ubuntu8.5 deb sysvinit-utils 3.08-6ubuntu3 deb tar 1.35+dfsg-3build1 deb -tzdata 2026a-0ubuntu0.24.04.1 deb +tzdata 2024b-0ubuntu0.24.04.1 deb ubuntu-keyring 2023.11.28.1 deb -udev 255.4-1ubuntu8.15 deb +udev 255.4-1ubuntu8.5 deb unminimize 0.2.1 deb -util-linux 2.39.3-9ubuntu6.5 deb +util-linux 2.39.3-9ubuntu6.2 deb wget 1.21.4-1ubuntu4.1 deb zlib1g 1:1.3.dfsg-3.1ubuntu2.1 deb diff --git a/readme-vars.yml b/readme-vars.yml index 9f7a516..fb96495 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -101,18 +101,17 @@ init_diagram: | init-plex-update -> init-config-end init-config -> init-crontab-config init-mods-end -> init-custom-files - init-adduser -> init-device-perms base -> init-envfile base -> init-migrations init-config-end -> init-mods init-mods-package-install -> init-mods-end init-mods -> init-mods-package-install init-adduser -> init-os-end - init-device-perms -> init-os-end init-envfile -> init-os-end init-config -> init-plex-chown init-plex-chown -> init-plex-claim - init-plex-claim -> init-plex-update + init-plex-claim -> init-plex-gid-video + init-plex-gid-video -> init-plex-update init-custom-files -> init-services init-services -> svc-cron svc-cron -> legacy-services @@ -125,8 +124,6 @@ init_diagram: | "plex:latest" <- Base Images # changelog changelogs: - - {date: "15.03.26:", desc: "Allow TMPDIR to be changed to better support read-only containers"} - - {date: "15.03.26:", desc: "Fix initial claim setup on non-root containers"} - {date: "04.11.24:", desc: "Add Nvidia capability needed for h265"} - {date: "18.07.24:", desc: "Rebase to Ubuntu Noble."} - {date: "12.02.24:", desc: "Use universal hardware acceleration blurb"} diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-chown/run b/root/etc/s6-overlay/s6-rc.d/init-plex-chown/run index 47b1c1e..f98e669 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-plex-chown/run +++ b/root/etc/s6-overlay/s6-rc.d/init-plex-chown/run @@ -1,11 +1,7 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -# remove plex temporary directory after unclean stop -if [[ -d "${TMPDIR}" ]]; then - rm -rf "${TMPDIR}" -fi -mkdir -p ${TMPDIR} +mkdir -p /run/plex-temp # create folders if [[ ! -d "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}" ]]; then @@ -44,7 +40,7 @@ if [[ -z ${LSIO_NON_ROOT_USER} ]]; then # permissions (non-recursive) on config root and folders lsiown abc:abc \ - "${TMPDIR}" \ + /run/plex-temp \ /config \ /config/* fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-claim/run b/root/etc/s6-overlay/s6-rc.d/init-plex-claim/run index 700b1c0..a94451e 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-plex-claim/run +++ b/root/etc/s6-overlay/s6-rc.d/init-plex-claim/run @@ -19,15 +19,8 @@ if [[ ! -f "${PLEX_MEDIA_SERVER_PREFERENCES}" ]]; then export PLEX_MEDIA_SERVER_INFO_MODEL PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION=$(uname -r) export PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION - - if [[ -z ${LSIO_NON_ROOT_USER} ]]; then - s6-setuidgid abc /bin/bash -c \ - 'LD_LIBRARY_PATH=/usr/lib/plexmediaserver:/usr/lib/plexmediaserver/lib /usr/lib/plexmediaserver/Plex\ Media\ Server' & - else - /bin/bash -c \ - 'LD_LIBRARY_PATH=/usr/lib/plexmediaserver:/usr/lib/plexmediaserver/lib /usr/lib/plexmediaserver/Plex\ Media\ Server' & - fi - + s6-setuidgid abc /bin/bash -c \ + 'LD_LIBRARY_PATH=/usr/lib/plexmediaserver:/usr/lib/plexmediaserver/lib /usr/lib/plexmediaserver/Plex\ Media\ Server' & PID=$! echo "Waiting for Plex to generate its config" DBNAME="/config/Library/Application Support/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.db-wal" diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-update/dependencies.d/init-plex-claim b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/dependencies.d/init-plex-claim similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-plex-update/dependencies.d/init-plex-claim rename to root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/dependencies.d/init-plex-claim diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run new file mode 100755 index 0000000..083570f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run @@ -0,0 +1,37 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + FILES=$(find /dev/dri /dev/dvb -type c -print 2>/dev/null) + + for i in ${FILES}; do + VIDEO_GID=$(stat -c '%g' "${i}") + VIDEO_UID=$(stat -c '%u' "${i}") + # check if user matches device + if id -u abc | grep -qw "${VIDEO_UID}"; then + echo "**** permissions for ${i} are good ****" + else + # check if group matches and that device has group rw + if id -G abc | grep -qw "${VIDEO_GID}" && [[ $(stat -c '%A' "${i}" | cut -b 5,6) == "rw" ]]; then + echo "**** permissions for ${i} are good ****" + # check if device needs to be added to video group + elif ! id -G abc | grep -qw "${VIDEO_GID}"; then + # check if video group needs to be created + VIDEO_NAME=$(getent group "${VIDEO_GID}" | awk -F: '{print $1}') + if [[ -z "${VIDEO_NAME}" ]]; then + VIDEO_NAME="video$(head /dev/urandom | tr -dc 'a-z0-9' | head -c4)" + groupadd "${VIDEO_NAME}" + groupmod -g "${VIDEO_GID}" "${VIDEO_NAME}" + echo "**** creating video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" + fi + echo "**** adding ${i} to video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" + usermod -a -G "${VIDEO_NAME}" abc + fi + # check if device has group rw + if [[ $(stat -c '%A' "${i}" | cut -b 5,6) != "rw" ]]; then + echo -e "**** The device ${i} does not have group read/write permissions, attempting to fix inside the container. ****" + chmod g+rw "${i}" + fi + fi + done +fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/type b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/type new file mode 100644 index 0000000..3d92b15 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/up b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/up new file mode 100644 index 0000000..05f6fde --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard/dependencies.d/init-services b/root/etc/s6-overlay/s6-rc.d/init-plex-update/dependencies.d/init-plex-gid-video similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-wireguard/dependencies.d/init-services rename to root/etc/s6-overlay/s6-rc.d/init-plex-update/dependencies.d/init-plex-gid-video diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard/run deleted file mode 100755 index 85ad6c3..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard/run +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Bring up WireGuard if not already up -if ! ip link show dev wg0 > /dev/null 2>&1; then - wg-quick up wg0 -fi - -# Monitor wireguard status -while true; do - if ! ip link show dev wg0 | grep -q "UP"; then - wg-quick up wg0 - fi - sleep 60 -done diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard/type b/root/etc/s6-overlay/s6-rc.d/init-wireguard/type deleted file mode 100644 index 5883cff..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard/type +++ /dev/null @@ -1 +0,0 @@ -longrun diff --git a/root/etc/s6-overlay/s6-rc.d/svc-plex/dependencies.d/init-wireguard b/root/etc/s6-overlay/s6-rc.d/svc-plex/dependencies.d/init-wireguard deleted file mode 100644 index e69de29..0000000 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-plex/run b/root/etc/s6-overlay/s6-rc.d/svc-plex/run index c029d4d..bb60746 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-plex/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-plex/run @@ -1,8 +1,6 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -# Wait for WireGuard to be up - echo "Starting Plex Media Server. . . (you can ignore the libusb_init error)" PLEX_MEDIA_SERVER_INFO_MODEL=$(uname -m) export PLEX_MEDIA_SERVER_INFO_MODEL diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard/up b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-plex-gid-video similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-wireguard/up rename to root/etc/s6-overlay/s6-rc.d/user/contents.d/init-plex-gid-video diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-wireguard b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-wireguard deleted file mode 100644 index e69de29..0000000