Bump misp, disable redis persistence, and add control variable to disable ca refresh (#220)

ostefano · web-flow · commit 2fc624bf4781 · 2025-02-20T16:48:06.000Z
diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh
@@ -423,9 +423,13 @@ update_components() {
 update_ca_certificates() {
     # Upgrade host os certificates
     update-ca-certificates
-    # Upgrade cake cacert.pem file from Mozilla project
-    echo "Updating /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem..."
-    sudo -E -u www-data curl -s --etag-compare /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/etag.txt --etag-save /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/etag.txt https://curl.se/ca/cacert.pem -o /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem
+    if [[ "$DISABLE_CA_REFRESH" = "true" ]]; then
+        echo "Updating /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem using local data..."
+        sudo cp /etc/ssl/certs/ca-certificates.crt /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem
+    else
+        echo "Updating /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem using curl data..."
+        sudo -E -u www-data curl -s --etag-compare /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/etag.txt --etag-save /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/etag.txt https://curl.se/ca/cacert.pem -o /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem
+    fi
 }
 
 create_sync_servers() {
diff --git a/core/files/entrypoint.sh b/core/files/entrypoint.sh
@@ -20,6 +20,7 @@ export CRON_USER_ID=${CRON_USER_ID:-1}
 export BASE_URL=${BASE_URL:-https://localhost}
 export DISABLE_IPV6=${DISABLE_IPV6:-false}
 export DISABLE_SSL_REDIRECT=${DISABLE_SSL_REDIRECT:-false}
+export DISABLE_CA_REFRESH=${DISABLE_CA_REFRESH:-false}
 export SMTP_FQDN=${SMTP_FQDN:-mail}
 
 export ADMIN_EMAIL=${ADMIN_EMAIL:-admin@admin.test}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -13,7 +13,7 @@ services:
 
   redis:
     image: valkey/valkey:7.2
-    command: "--requirepass '${REDIS_PASSWORD:-redispassword}'"
+    command: "--save '' --requirepass '${REDIS_PASSWORD:-redispassword}'"
     healthcheck:
       test: "valkey-cli -a '${REDIS_PASSWORD:-redispassword}' -p ${REDIS_PORT:-6379} ping | grep -q PONG || exit 1"
       interval: 2s
@@ -107,6 +107,7 @@ services:
       - "ENABLE_DB_SETTINGS=${ENABLE_DB_SETTINGS}"
       - "ENABLE_BACKGROUND_UPDATES=${ENABLE_BACKGROUND_UPDATES}"
       - "ENCRYPTION_KEY=${ENCRYPTION_KEY}"
+      - "DISABLE_CA_REFRESH=${DISABLE_CA_REFRESH}"
       # standard settings
       - "ADMIN_EMAIL=${ADMIN_EMAIL}"
       - "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
diff --git a/template.env b/template.env
@@ -2,7 +2,7 @@
 # Build-time variables
 ##
 
-CORE_TAG=v2.5.6
+CORE_TAG=v2.5.7
 MODULES_TAG=v2.4.199
 PHP_VER=20220829
 LIBFAUP_COMMIT=3a26d0a
@@ -118,6 +118,9 @@ SYNCSERVERS_1_PULL_RULES=
 # Disable SSL redirect
 # DISABLE_SSL_REDIRECT=true
 
+# Disable CA refresh
+# DISABLE_CA_REFRESH=true
+
 # Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md
 # OIDC_ENABLE=true
 # OIDC_PROVIDER_URL=
