Merge pull request #84 from linuxserver/master-rebase-plus-encryption

Author: thespad

Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-ubuntu:jammy
+FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
 
 # set version label
 ARG BUILD_DATE
@@ -10,31 +10,33 @@ LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DA
 LABEL maintainer="aptalca"
 
 # environment settings
-ENV HOME="/config"
-ENV DEBIAN_FRONTEND="noninteractive"
+ARG DEBIAN_FRONTEND="noninteractive"
+ENV HOME="/config" \
+  TMPDIR=/run/duplicati-temp \
+  DUPLICATI__REQUIRE_DB_ENCRYPTION_KEY=true \
+  DUPLICATI__SERVER_DATAFOLDER=/config \
+  DUPLICATI__WEBSERVICE_PORT=8200 \
+  DUPLICATI__WEBSERVICE_INTERFACE=any \
+  DUPLICATI__WEBSERVICE_ALLOWED_HOSTNAMES=*
 
 RUN \
-  echo "**** add mono repository ****" && \
-  apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
-  echo "deb http://download.mono-project.com/repo/ubuntu stable-focal main" | tee /etc/apt/sources.list.d/mono-official.list && \
   echo "**** install packages ****" && \
   apt-get update && \
   apt-get install -y \
-    mono-devel \
-    mono-vbnc \
+    libicu74 \
     unzip && \
   echo "**** install duplicati ****" && \
   if [ -z ${DUPLICATI_RELEASE+x} ]; then \
     DUPLICATI_RELEASE=$(curl -sX GET "https://api.github.com/repos/duplicati/duplicati/releases" \
     | jq -r 'first(.[] | select(.tag_name | contains("beta"))) | .tag_name'); \
   fi && \
-  mkdir -p \
-    /app/duplicati && \
-  duplicati_url=$(curl -s https://api.github.com/repos/duplicati/duplicati/releases/tags/"${DUPLICATI_RELEASE}" |jq -r '.assets[].browser_download_url' |grep '.zip$' |grep -v signatures) && \
+  duplicati_url=$(curl -s "https://api.github.com/repos/duplicati/duplicati/releases/tags/${DUPLICATI_RELEASE}" | jq -r '.assets[].browser_download_url' |grep 'linux-x64-gui.zip$') && \
   curl -o \
     /tmp/duplicati.zip -L \
     "${duplicati_url}" && \
-  unzip -q /tmp/duplicati.zip -d /app/duplicati && \
+  unzip -q /tmp/duplicati.zip -d /app && \
+  mv /app/duplicati* /app/duplicati && \
+  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \
   apt-get clean && \
   rm -rf \

Dockerfile.aarch64

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-jammy
+FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-noble
 
 # set version label
 ARG BUILD_DATE
@@ -10,31 +10,33 @@ LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DA
 LABEL maintainer="aptalca"
 
 # environment settings
-ENV HOME="/config"
-ENV DEBIAN_FRONTEND="noninteractive"
+ARG DEBIAN_FRONTEND="noninteractive"
+ENV HOME="/config" \
+  TMPDIR=/run/duplicati-temp \
+  DUPLICATI__REQUIRE_DB_ENCRYPTION_KEY=true \
+  DUPLICATI__SERVER_DATAFOLDER=/config \
+  DUPLICATI__WEBSERVICE_PORT=8200 \
+  DUPLICATI__WEBSERVICE_INTERFACE=any \
+  DUPLICATI__WEBSERVICE_ALLOWED_HOSTNAMES=*
 
 RUN \
-  echo "**** add mono repository ****" && \
-  apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
-  echo "deb http://download.mono-project.com/repo/ubuntu stable-focal main" | tee /etc/apt/sources.list.d/mono-official.list && \
   echo "**** install pockages ****" && \
   apt-get update && \
   apt-get install -y \
-    mono-devel \
-    mono-vbnc \
+    libicu74 \
     unzip && \
   echo "**** install duplicati ****" && \
   if [ -z ${DUPLICATI_RELEASE+x} ]; then \
     DUPLICATI_RELEASE=$(curl -sX GET "https://api.github.com/repos/duplicati/duplicati/releases" \
     | jq -r 'first(.[] | select(.tag_name | contains("beta"))) | .tag_name'); \
   fi && \
-  mkdir -p \
-    /app/duplicati && \
-  duplicati_url=$(curl -s https://api.github.com/repos/duplicati/duplicati/releases/tags/"${DUPLICATI_RELEASE}" |jq -r '.assets[].browser_download_url' |grep '.zip$' |grep -v signatures) && \
+  duplicati_url=$(curl -s "https://api.github.com/repos/duplicati/duplicati/releases/tags/${DUPLICATI_RELEASE}" | jq -r '.assets[].browser_download_url' |grep 'linux-arm64-gui.zip$') && \
   curl -o \
     /tmp/duplicati.zip -L \
     "${duplicati_url}" && \
-  unzip -q /tmp/duplicati.zip -d /app/duplicati && \
+  unzip -q /tmp/duplicati.zip -d /app && \
+  mv /app/duplicati* /app/duplicati && \
+  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \
   apt-get clean && \
   rm -rf \

Jenkinsfile

@@ -35,9 +35,9 @@ pipeline {
     CI_PORT='8200'
     CI_SSL='false'
     CI_DELAY='120'
-    CI_DOCKERENV='TZ=US/Pacific|ISCI=true'
-    CI_AUTH='user:password'
-    CI_WEBPATH=''
+    CI_DOCKERENV='SETTINGS_ENCRYPTION_KEY=abcde12345'
+    CI_AUTH=''
+    CI_WEBPATH='/login.html'
   }
   stages {
     stage("Set git config"){
@@ -543,7 +543,7 @@ pipeline {
           --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
           --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
           --label \"org.opencontainers.image.title=Duplicati\" \
-          --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others.\" \
+          --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others.\" \
           --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
           --provenance=false --sbom=false \
           --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
@@ -575,7 +575,7 @@ pipeline {
               --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
               --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
               --label \"org.opencontainers.image.title=Duplicati\" \
-              --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others.\" \
+              --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others.\" \
               --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
               --provenance=false --sbom=false \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
@@ -604,7 +604,7 @@ pipeline {
               --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
               --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
               --label \"org.opencontainers.image.title=Duplicati\" \
-              --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others.\" \
+              --label \"org.opencontainers.image.description=[Duplicati](https://www.duplicati.com/) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others.\" \
               --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
               --provenance=false --sbom=false \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."

README.md

@@ -39,7 +39,7 @@ Find us at:
 [![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-duplicati%2Fjob%2Fmaster%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-duplicati/job/master/)
 [![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fci-tests.linuxserver.io%2Flinuxserver%2Fduplicati%2Flatest%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/duplicati/latest/index.html)
 
-[Duplicati](https://www.duplicati.com/) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others.
+[Duplicati](https://www.duplicati.com/) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others.
 
 [![duplicati](https://github.com/linuxserver/docker-templates/raw/master/linuxserver.io/img/duplicati-icon.png)](https://www.duplicati.com/)
 
@@ -68,7 +68,9 @@ This image provides various versions that are available via tags. Please read th
 
 ## Application Setup
 
-The webui is at `<your ip>:8200` , create backup jobs etc via the webui, for local backups select `/backups` as the destination. For more information see [Duplicati](https://www.duplicati.com/).
+The webui is at `<your ip>:8200`.
+
+For local backups select `/backups` as the destination. For more information see [Duplicati](https://www.duplicati.com/).
 
 
 ## Usage
@@ -87,9 +89,11 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=Etc/UTC
+      - SETTINGS_ENCRYPTION_KEY=
       - CLI_ARGS= #optional
+      - DUPLICATI__WEBSERVICE_PASSWORD= #optional
     volumes:
-      - /path/to/appdata/config:/config
+      - /path/to/duplicati/config:/config
       - /path/to/backups:/backups
       - /path/to/source:/source
     ports:
@@ -105,9 +109,11 @@ docker run -d \
   -e PUID=1000 \
   -e PGID=1000 \
   -e TZ=Etc/UTC \
+  -e SETTINGS_ENCRYPTION_KEY= \
   -e CLI_ARGS= `#optional` \
+  -e DUPLICATI__WEBSERVICE_PASSWORD= `#optional` \
   -p 8200:8200 \
-  -v /path/to/appdata/config:/config \
+  -v /path/to/duplicati/config:/config \
   -v /path/to/backups:/backups \
   -v /path/to/source:/source \
   --restart unless-stopped \
@@ -124,7 +130,9 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
 | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
+| `-e SETTINGS_ENCRYPTION_KEY=` | Encryption key for settings database. Minimum 8 characters, alphanumeric. |
 | `-e CLI_ARGS=` | Optionally specify any [CLI variables](https://duplicati.readthedocs.io/en/latest/07-other-command-line-utilities/) you want to launch the app with |
+| `-e DUPLICATI__WEBSERVICE_PASSWORD=` | Password for the webui. If left unset will default to `changeme` and can be changed from the webui settings. |
 | `-v /config` | Contains all relevant configuration files. |
 | `-v /backups` | Path to store local backups. |
 | `-v /source` | Path to source for files to backup. |
@@ -291,7 +299,8 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
-* **15.02.23:** - Deprecate armhf.
+* **29.11.24:** - Rebase to Noble, add support for settings DB encryption.
+* **15.02.23:** - Rebase to Jammy.
 * **03.08.22:** - Deprecate armhf.
 * **25.04.22:** - Rebase to mono:focal.
 * **01.08.19:** - Rebase to Linuxserver LTS mono version.

jenkins-vars.yml

@@ -6,7 +6,6 @@ external_type: custom_json
 release_type: stable
 release_tag: latest
 ls_branch: master
-build_armhf: false
 repo_vars:
   - JSON_URL = 'https://api.github.com/repos/duplicati/duplicati/releases'
   - JSON_PATH = 'first(.[] | select(.tag_name | contains("beta"))) | .tag_name'
@@ -24,6 +23,6 @@ repo_vars:
   - CI_PORT='8200'
   - CI_SSL='false'
   - CI_DELAY='120'
-  - CI_DOCKERENV='TZ=US/Pacific|ISCI=true'
-  - CI_AUTH='user:password'
-  - CI_WEBPATH=''
+  - CI_DOCKERENV='SETTINGS_ENCRYPTION_KEY=abcde12345'
+  - CI_AUTH=''
+  - CI_WEBPATH='/login.html'

readme-vars.yml

@@ -4,7 +4,7 @@
 project_name: duplicati
 project_url: "https://www.duplicati.com/"
 project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxserver.io/img/duplicati-icon.png"
-project_blurb: "[{{ project_name|capitalize }}]({{ project_url }}) works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive & S3, Google Drive, box.com, Mega, hubiC and many others."
+project_blurb: "[{{ project_name|capitalize }}]({{ project_url }}) is a backup client that securely stores encrypted, incremental, compressed backups on local storage, cloud storage services and remote file servers. It works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon S3, Google Drive, box.com, Mega, B2, and many others."
 project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
 
 # supported architectures
@@ -23,33 +23,34 @@ common_param_env_vars_enabled: true
 param_container_name: "{{ project_name }}"
 param_usage_include_vols: true
 param_volumes:
-  - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." }
+  - { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Contains all relevant configuration files." }
   - { vol_path: "/backups", vol_host_path: "/path/to/backups", desc: "Path to store local backups." }
   - { vol_path: "/source", vol_host_path: "/path/to/source", desc: "Path to source for files to backup." }
 param_usage_include_ports: true
 param_ports:
   - { external_port: "8200", internal_port: "8200", port_desc: "http gui" }
+
 param_usage_include_env: true
 param_env_vars:
-  - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"}
+  - { env_var: "SETTINGS_ENCRYPTION_KEY", env_value: "", desc: "Encryption key for settings database. Minimum 8 characters, alphanumeric."}
 
 # optional container parameters
 opt_param_usage_include_env: true
 opt_param_env_vars:
   - { env_var: "CLI_ARGS", env_value: "", desc: "Optionally specify any [CLI variables](https://duplicati.readthedocs.io/en/latest/07-other-command-line-utilities/) you want to launch the app with" }
-
-# optional parameters
-optional_block_1: false
-optional_block_1_items: ""
+  - { env_var: "DUPLICATI__WEBSERVICE_PASSWORD", env_value: "", desc: "Password for the webui. If left unset will default to `changeme` and can be changed from the webui settings."}
 
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
-  The webui is at `<your ip>:8200` , create backup jobs etc via the webui, for local backups select `/backups` as the destination. For more information see [Duplicati]({{project_url}}).
+  The webui is at `<your ip>:8200`.
+
+  For local backups select `/backups` as the destination. For more information see [Duplicati]({{project_url}}).
 
 # changelog
 changelogs:
-  - { date: "15.02.23:", desc: "Deprecate armhf." }
+  - { date: "29.11.24:", desc: "Rebase to Noble, add support for settings DB encryption." }
+  - { date: "15.02.23:", desc: "Rebase to Jammy." }
   - { date: "03.08.22:", desc: "Deprecate armhf." }
   - { date: "25.04.22:", desc: "Rebase to mono:focal." }
   - { date: "01.08.19:", desc: "Rebase to Linuxserver LTS mono version." }

root/etc/s6-overlay/s6-rc.d/init-duplicati-config/run

@@ -1,6 +1,36 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
+mkdir -p /run/duplicati-temp
+
+if [[ -f "/config/Duplicati-server.sqlite" ]]; then
+    # Existing install
+    if [[ -n ${SETTINGS_ENCRYPTION_KEY} ]]; then
+        # Enable settings encryption
+        true
+    else
+        # Disable settings encryption
+        printf "true" > /run/s6/container_environment/DUPLICATI__DISABLE_DB_ENCRYPTION
+        echo "***      Missing encryption key, unable to encrypt your settings database     ***"
+        echo "*** Please set a value for SETTINGS_ENCRYPTION_KEY and recreate the container ***"
+    fi
+else
+    # New install
+    if [[ -z ${DUPLICATI__WEBSERVICE_PASSWORD} ]]; then
+        printf "changeme" > /run/s6/container_environment/DUPLICATI__WEBSERVICE_PASSWORD
+    fi
+    if [[ -n ${SETTINGS_ENCRYPTION_KEY} ]]; then
+        # Enable settings encryption
+        true
+    else
+        # Halt init
+        echo "***      Missing encryption key, unable to encrypt your settings database     ***"
+        echo "*** Please set a value for SETTINGS_ENCRYPTION_KEY and recreate the container ***"
+        sleep infinity
+    fi
+fi
+
 # permissions
 lsiown -R abc:abc \
-    /config
+    /config \
+    /run/duplicati-temp

root/etc/s6-overlay/s6-rc.d/svc-duplicati/run

@@ -3,5 +3,4 @@
 
 exec \
     s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 8200" \
-        cd /app/duplicati s6-setuidgid abc mono Duplicati.Server.exe \
-        --webservice-interface=any --server-datafolder=/config --webservice-allowed-hostnames=* $CLI_ARGS
+        cd /app/duplicati s6-setuidgid abc ./duplicati-server $CLI_ARGS