Merge pull request #22 from linuxserver/py3

thelamer · web-flow · commit a3a6976929b1 · 2020-02-22T11:27:56.000-08:00
Switch to Python 3
diff --git a/Dockerfile b/Dockerfile
@@ -13,19 +13,18 @@ RUN \
 	build-base \
 	libffi-dev \
 	openldap-dev \
-	python2-dev && \
+	python3-dev && \
  echo "**** install runtime packages ****" && \
  apk add --no-cache \
 	libffi \
 	libldap \
-	py2-pip \
-	python2 && \
+	python3 && \
  if [ -z ${LDAP_VERSION+x} ]; then \
   LDAP_INSTALL="python-ldap"; \
  else \
   LDAP_INSTALL="python-ldap==${LDAP_VERSION}"; \
  fi && \
- pip install -U --no-cache-dir \
+ pip3 install -U --no-cache-dir \
         pip && \
  pip install -U \
         cryptography \
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
@@ -13,19 +13,18 @@ RUN \
 	build-base \
 	libffi-dev \
 	openldap-dev \
-	python2-dev && \
+	python3-dev && \
  echo "**** install runtime packages ****" && \
  apk add --no-cache \
 	libffi \
 	libldap \
-	py2-pip \
-	python2 && \
+	python3 && \
  if [ -z ${LDAP_VERSION+x} ]; then \
   LDAP_INSTALL="python-ldap"; \
  else \
   LDAP_INSTALL="python-ldap==${LDAP_VERSION}"; \
  fi && \
- pip install -U --no-cache-dir \
+ pip3 install -U --no-cache-dir \
         pip && \
  pip install -U \
         cryptography \
diff --git a/Dockerfile.armhf b/Dockerfile.armhf
@@ -13,19 +13,18 @@ RUN \
 	build-base \
 	libffi-dev \
 	openldap-dev \
-	python2-dev && \
+	python3-dev && \
  echo "**** install runtime packages ****" && \
  apk add --no-cache \
 	libffi \
 	libldap \
-	py2-pip \
-	python2 && \
+	python3 && \
  if [ -z ${LDAP_VERSION+x} ]; then \
   LDAP_INSTALL="python-ldap"; \
  else \
   LDAP_INSTALL="python-ldap==${LDAP_VERSION}"; \
  fi && \
- pip install -U --no-cache-dir \
+ pip3 install -U --no-cache-dir \
         pip && \
  pip install -U \
         cryptography \
diff --git a/README.md b/README.md
@@ -186,6 +186,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **20.02.20:** - Switch to python3.
 * **19.12.19:** - Rebasing to alpine 3.11.
 * **01.07.19:** - Fall back to base64 encoding when basic http auth is used.
 * **28.06.19:** - Rebasing to alpine 3.10.
diff --git a/readme-vars.yml b/readme-vars.yml
@@ -34,6 +34,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "20.02.20:", desc: "Switch to python3." }
   - { date: "19.12.19:", desc: "Rebasing to alpine 3.11." }
   - { date: "01.07.19:", desc: "Fall back to base64 encoding when basic http auth is used." }
   - { date: "28.06.19:", desc: "Rebasing to alpine 3.10." }
diff --git a/root/app/fernet-key.py b/root/app/fernet-key.py
@@ -1,8 +1,7 @@
 #!/bin/sh
-''''which python2 >/dev/null && exec python2 "$0" "$@" # '''
 ''''which python  >/dev/null && exec python  "$0" "$@" # '''
 
 from cryptography.fernet import Fernet
 
 key = Fernet.generate_key()
-print key
+print(key)
diff --git a/root/app/ldap-backend-app.py b/root/app/ldap-backend-app.py
@@ -1,5 +1,4 @@
 #!/bin/sh
-''''which python2 >/dev/null && exec python2 "$0" "$@" # '''
 ''''which python  >/dev/null && exec python  "$0" "$@" # '''
 
 # Copyright (C) 2014-2015 Nginx, Inc.
@@ -10,29 +9,46 @@
 # 1) accepts GET  requests on /login and responds with a login form
 # 2) accepts POST requests on /login, sets a cookie, and responds with redirect
 
-import sys, os, signal, base64, Cookie, cgi, urlparse
-from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
+import sys, os, signal, base64, cgi
+if sys.version_info.major == 2:
+    from urlparse import urlparse
+    from Cookie import BaseCookie
+    from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
+elif sys.version_info.major == 3:
+    from urllib.parse import urlparse
+    from http.cookies import BaseCookie
+    from http.server import HTTPServer, BaseHTTPRequestHandler
+
 from cryptography.fernet import Fernet
 
 Listen = ('0.0.0.0', 9000)
 
 import threading
-from SocketServer import ThreadingMixIn
+if sys.version_info.major == 2:
+    from SocketServer import ThreadingMixIn
+elif sys.version_info.major == 3:
+    from socketserver import ThreadingMixIn
+
+
+def ensure_bytes(data):
+    return data if sys.version_info.major == 2 else data.encode("utf-8")
+
+
 class AuthHTTPServer(ThreadingMixIn, HTTPServer):
     pass
 
 class AppHandler(BaseHTTPRequestHandler):
 
     def do_GET(self):
 
-        url = urlparse.urlparse(self.path)
+        url = urlparse(self.path)
 
         if url.path.startswith("/login"):
             return self.auth_form()
 
         self.send_response(200)
         self.end_headers()
-        self.wfile.write('Hello, world! Requested URL: ' + self.path + '\n')
+        self.wfile.write(ensure_bytes('Hello, world! Requested URL: ' + self.path + '\n'))
 
 
     # send login form html
@@ -92,7 +108,7 @@ def auth_form(self, target = None):
 
         self.send_response(200)
         self.end_headers()
-        self.wfile.write(html.replace('TARGET', target))
+        self.wfile.write(ensure_bytes(html.replace('TARGET', target)))
 
 
     # processes posted form and sets the cookie with login/password
@@ -118,8 +134,9 @@ def do_POST(self):
 
             self.send_response(302)
 
-            cipher_suite = Fernet('REPLACEWITHFERNETKEY')
-            enc = cipher_suite.encrypt(user + ':' + passwd)
+            cipher_suite = Fernet(REPLACEWITHFERNETKEY)
+            enc = cipher_suite.encrypt(ensure_bytes(user + ':' + passwd))
+            enc = enc.decode()
             self.send_header('Set-Cookie', 'nginxauth=' + enc + '; httponly')
 
             self.send_header('Location', target)
diff --git a/root/app/nginx-ldap-auth-daemon.py b/root/app/nginx-ldap-auth-daemon.py
@@ -1,13 +1,20 @@
 #!/bin/sh
 ''''[ -z $LOG ] && export LOG=/dev/stdout # '''
-''''which python2 >/dev/null && exec python2 -u "$0" "$@" >> $LOG 2>&1 # '''
 ''''which python  >/dev/null && exec python  -u "$0" "$@" >> $LOG 2>&1 # '''
 
 # Copyright (C) 2014-2015 Nginx, Inc.
 # Copyright (C) 2018 LinuxServer.io
 
-import sys, os, signal, base64, ldap, Cookie, argparse
-from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
+import sys, os, signal, base64, ldap, argparse
+if sys.version_info.major == 2:
+    from Cookie import BaseCookie
+    from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
+elif sys.version_info.major == 3:
+    from http.cookies import BaseCookie
+    from http.server import HTTPServer, BaseHTTPRequestHandler
+
+if not hasattr(__builtins__, "basestring"): basestring = (str, bytes)
+
 from cryptography.fernet import Fernet
 from cryptography.fernet import InvalidToken
 
@@ -20,7 +27,11 @@
 # -----------------------------------------------------------------------------
 # Requests are processed in separate thread
 import threading
-from SocketServer import ThreadingMixIn
+if sys.version_info.major == 2:
+    from SocketServer import ThreadingMixIn
+elif sys.version_info.major == 3:
+    from socketserver import ThreadingMixIn
+
 class AuthHTTPServer(ThreadingMixIn, HTTPServer):
     pass
 # -----------------------------------------------------------------------------
@@ -74,13 +85,16 @@ def do_GET(self):
         ctx['action'] = 'decoding credentials'
 
         try:
-            cipher_suite = Fernet('REPLACEWITHFERNETKEY')
+            cipher_suite = Fernet(REPLACEWITHFERNETKEY)
             self.log_message('Trying to dechipher credentials...')
-            auth_decoded = cipher_suite.decrypt(auth_header[6:])
+            auth_decoded = auth_header[6:].encode()
+            auth_decoded = cipher_suite.decrypt(auth_decoded)
+            auth_decoded = auth_decoded.decode("utf-8")
             user, passwd = auth_decoded.split(':', 1)
         except InvalidToken:
             self.log_message('Incorrect token. Trying to decode credentials from BASE64...')
             auth_decoded = base64.b64decode(auth_header[6:])
+            auth_decoded = auth_decoded.decode("utf-8")
             user, passwd = auth_decoded.split(':', 1)
         except Exception as e:
             self.auth_failed(ctx)
@@ -96,7 +110,7 @@ def do_GET(self):
     def get_cookie(self, name):
         cookies = self.headers.get('Cookie')
         if cookies:
-            authcookie = Cookie.BaseCookie(cookies).get(name)
+            authcookie = BaseCookie(cookies).get(name)
             if authcookie:
                 return authcookie.value
             else:
diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config
@@ -1,7 +1,9 @@
 #!/usr/bin/with-contenv bash
 
 # generate fernet key for ldap if it doesn't exist
-[[ $(cat /app/ldap-backend-app.py | grep 'REPLACEWITHFERNETKEY') ]] && \
-	FERNETKEY=$(python /app/fernet-key.py) && \
-	sed -i "s/REPLACEWITHFERNETKEY/${FERNETKEY}/" /app/ldap-backend-app.py && \
-	sed -i "s/REPLACEWITHFERNETKEY/${FERNETKEY}/" /app/nginx-ldap-auth-daemon.py
+if grep -q 'REPLACEWITHFERNETKEY' /app/ldap-backend-app.py; then
+    FERNETKEY=$(python3 /app/fernet-key.py)
+    sed -i "s/REPLACEWITHFERNETKEY/${FERNETKEY}/" /app/ldap-backend-app.py
+    sed -i "s/REPLACEWITHFERNETKEY/${FERNETKEY}/" /app/nginx-ldap-auth-daemon.py
+    echo "generated fernet key"
+fi
diff --git a/root/etc/services.d/ldap-app/run b/root/etc/services.d/ldap-app/run
@@ -1,3 +1,3 @@
 #!/usr/bin/with-contenv bash
 exec \
-	s6-setuidgid abc python /app/ldap-backend-app.py --host 0.0.0.0 --port 9000
+	s6-setuidgid abc python3 /app/ldap-backend-app.py --host 0.0.0.0 --port 9000
diff --git a/root/etc/services.d/ldap-daemon/run b/root/etc/services.d/ldap-daemon/run
@@ -1,3 +1,3 @@
 #!/usr/bin/with-contenv bash
 
-exec s6-setuidgid abc python /app/nginx-ldap-auth-daemon.py --host 0.0.0.0 --port 8888
+exec s6-setuidgid abc python3 /app/nginx-ldap-auth-daemon.py --host 0.0.0.0 --port 8888
