Use ACLs in Dockerfiles and other misc. fixes

.devcontainer/Dockerfile

@@ -10,23 +10,20 @@ FROM ubuntu:focal
 RUN apt-get update && apt-get install -y software-properties-common && \
     add-apt-repository ppa:ondrej/php && apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        acl \
         apache2 \
         curl \
         git \
-        gpg \
-        htop \
         libharfbuzz0b \
         libpango-1.0-0 \
         libpangoft2-1.0-0 \
         mysql-client \
-        p7zip \
+        pandoc \
         python3-pip \
-        ripgrep \
-        shellcheck \
         software-properties-common \
         sudo \
-        tmux \
         unzip \
+        weasyprint \
         zip \
         php5.6 \
         php5.6-bcmath \

.devcontainer/devcontainer.json

@@ -1,15 +1,5 @@
 {
     "dockerComposeFile": "docker-compose.yml",
-    "customizations": {
-        "vscode": {
-            "extensions": [
-                "EditorConfig.EditorConfig",
-                "github.vscode-github-actions",
-                "ms-azuretools.vscode-docker",
-                "timonwong.shellcheck"
-            ]
-        }
-    },
     "features": {
         "ghcr.io/devcontainers/features/sshd:1": {},
         "ghcr.io/devcontainers/features/github-cli:1": {}
@@ -31,5 +21,9 @@
     "service": "app",
     "workspaceFolder": "/workspace",
     "postCreateCommand": ".devcontainer/post-create-command.sh",
-    "postAttachCommand": "start-blis.sh"
+    "postAttachCommand": "start-blis.sh",
+    "containerEnv": {
+        // These environment variables will only be set in development!
+        "BLIS_LAB_BACKUPS_V2_ENABLED": "1"
+    }
 }

.devcontainer/post-create-command.sh

@@ -4,4 +4,7 @@ echo "export PATH=\"$HOME/.local/bin:\$PATH\"" | tee -a "$HOME/.bashrc"
 # shellcheck disable=SC1091
 source "$HOME/.bashrc"
 
+# Set ACL on /workspace so that www-data can do what it wants
+sudo setfacl -R -m u:www-data:rwX /workspace
+
 pip3 install -r requirements.txt

Dockerfile

@@ -4,13 +4,11 @@ FROM ubuntu:focal
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
         apache2 \
         curl \
-        gpg \
-        htop \
         mysql-client \
+        pandoc \
         software-properties-common \
-        certbot \
-        python3-certbot-apache \
         sudo \
+        weasyprint \
         && rm -rf /var/lib/apt/lists/*
 
 # PPAs - additional software from questionable sources go here...
@@ -42,8 +40,6 @@ RUN a2enmod rewrite socache_shmcb ssl && a2dissite 000-default
 COPY docker/config/php.ini /etc/php/5.6/apache2/php.ini
 
 # Copy utility scripts to /usr/bin
-COPY docker/bin/set-apache2-servername.py /usr/bin/
-COPY docker/bin/get-https-cert.sh /usr/bin/
 COPY docker/bin/start-blis.sh /usr/bin/
 
 # Copy all of the BLIS files into the container
@@ -59,8 +55,7 @@ RUN chown -R www-data:www-data /var/www && \
 ARG GIT_COMMIT_SHA=""
 RUN echo "${GIT_COMMIT_SHA}" | tee /etc/blis_git_commit_sha
 
-# Expose port 80 for HTTP, 443 for HTTPS (optionally)
+# Expose port 80 for HTTP
 EXPOSE 80
-EXPOSE 443
 
 CMD start-blis.sh && tail -f /var/log/apache2/error.log

docker/bin/start-blis.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
 echo "Dumping environment variables to environment file..."
-A2ENVVARS="$(env | grep "DB_" | sed -e 's/^/export /')"
-echo "$A2ENVVARS" | sudo tee /etc/apache2/apache2_blis.env
-GIT_COMMIT_SHA="$(cat /etc/blis_git_commit_sha)"
+A2ENVVARS="$(env | grep -E "(^DB_|^BLIS_)" | sed -e 's/^/export /')"
+echo "$A2ENVVARS" | sudo tee /etc/apache2/apache2_blis.env > /dev/null
+GIT_COMMIT_SHA="$(cat /etc/blis_git_commit_sha 2>/dev/null)"
 if [[ -n "$GIT_COMMIT_SHA" ]]; then
     echo "export GIT_COMMIT_SHA=\"$GIT_COMMIT_SHA\"" | sudo tee -a /etc/apache2/apache2_blis.env
 fi