amorfo77/docker-minecraft-server
1
0
Fork 0
mirror of https://github.com/itzg/docker-minecraft-server.git synced 2026-04-14 17:48:54 +00:00
Code Issues Projects Releases Wiki Activity

fix(purpur): apply log4j mitigations specific to Purpur (#1280)

Browse Source
This commit is contained in:
Geoff Bourne
2022-01-16 20:49:15 -06:00
committed by GitHub
parent f29f098b26
commit e4c575c130
13 changed files with 43 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/build-multiarch.yml vendored
View File

@@ -8,6 +8,7 @@ on:
- java11* - java11*
- java16* - java16*
- java17* - java17*
- test/**
tags: tags:
- "[0-9]+.[0-9]+.[0-9]+" - "[0-9]+.[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-java8-multiarch" - "[0-9]+.[0-9]+.[0-9]+-java8-multiarch"
@@ -56,7 +57,7 @@ jobs:
- name: Build for test - name: Build for test
uses: docker/build-push-action@v2.7.0 uses: docker/build-push-action@v2.7.0
if: github.ref_name == 'master' if: github.ref_name == 'master' || startsWith(github.ref_name, 'test/')
with: with:
context: . context: .
platforms: linux/amd64 platforms: linux/amd64
@@ -70,7 +71,7 @@ jobs:
- name: Run tests - name: Run tests
# It is assumed that image variants are merged from master and tested there # It is assumed that image variants are merged from master and tested there
if: github.ref_name == 'master' if: github.ref_name == 'master' || startsWith(github.ref_name, 'test/')
run: | run: |
tests/test.sh tests/test.sh
@@ -80,7 +81,7 @@ jobs:
with: with:
context: . context: .
platforms: linux/amd64,linux/arm/v7,linux/arm64 platforms: linux/amd64,linux/arm/v7,linux/arm64
push: ${{ github.event_name != 'pull_request' }} push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
# ensure latest base image is used # ensure latest base image is used
pull: true pull: true

3
scripts/start-deployAirplane
View File

@@ -43,8 +43,7 @@ if [ ! -f "$SERVER" ] || isTrue "${FORCE_REDOWNLOAD:-false}"; then
fi fi
# Normalize on Spigot for later operations # Normalize on Spigot for later operations
export TYPE=SPIGOT
export FAMILY=SPIGOT export FAMILY=SPIGOT
export SKIP_LOG4J_CONFIG=true export SKIP_LOG4J_CONFIG=true
exec ${SCRIPTS:-/}start-spiget "$@" exec "${SCRIPTS:-/}start-spiget" "$@"

1
scripts/start-deployBukkitSpigot
View File

@@ -126,7 +126,6 @@ else
fi fi
# Normalize on Spigot for operations below # Normalize on Spigot for operations below
export TYPE=SPIGOT
export FAMILY=SPIGOT export FAMILY=SPIGOT
export SKIP_LOG4J_CONFIG=true export SKIP_LOG4J_CONFIG=true

1
scripts/start-deployCanyon
View File

@@ -43,7 +43,6 @@ if [ ! -f "$SERVER" ]; then
fi fi
# Normalize on Spigot for later operations # Normalize on Spigot for later operations
export TYPE=SPIGOT
export FAMILY=SPIGOT export FAMILY=SPIGOT
export SKIP_LOG4J_CONFIG=true export SKIP_LOG4J_CONFIG=true

1
scripts/start-deployPaper
View File

@@ -73,7 +73,6 @@ else
fi fi
# Normalize on Spigot for downstream operations # Normalize on Spigot for downstream operations
export TYPE=SPIGOT
export FAMILY=SPIGOT export FAMILY=SPIGOT
export SKIP_LOG4J_CONFIG=true export SKIP_LOG4J_CONFIG=true

1
scripts/start-deployPufferfish
View File

@@ -39,7 +39,6 @@ if [ ! -f "$SERVER" ] || isTrue "${FORCE_REDOWNLOAD:-false}"; then
fi fi
# Normalize on Spigot for later operations # Normalize on Spigot for later operations
export TYPE=SPIGOT
export FAMILY=SPIGOT export FAMILY=SPIGOT
export SKIP_LOG4J_CONFIG=true export SKIP_LOG4J_CONFIG=true

1
scripts/start-deployPurpur
View File

@@ -30,7 +30,6 @@ if [ ! -f "$SERVER" ] || isTrue "$FORCE_REDOWNLOAD"; then
fi fi
# Normalize on Spigot for later operations # Normalize on Spigot for later operations
export TYPE=SPIGOT
export FAMILY=SPIGOT export FAMILY=SPIGOT
export SKIP_LOG4J_CONFIG=true export SKIP_LOG4J_CONFIG=true

5
scripts/start-finalExec
View File

@@ -128,6 +128,11 @@ elif isFamily VANILLA && versionLessThan 1.12; then
patchLog4jConfig log4j2_17-111.xml https://launcher.mojang.com/v1/objects/dd2b723346a8dcd48e7f4d245f6bf09e98db9696/log4j2_17-111.xml patchLog4jConfig log4j2_17-111.xml https://launcher.mojang.com/v1/objects/dd2b723346a8dcd48e7f4d245f6bf09e98db9696/log4j2_17-111.xml
elif isFamily VANILLA && versionLessThan 1.17; then elif isFamily VANILLA && versionLessThan 1.17; then
patchLog4jConfig log4j2_112-116.xml https://launcher.mojang.com/v1/objects/02937d122c86ce73319ef9975b58896fc1b491d1/log4j2_112-116.xml patchLog4jConfig log4j2_112-116.xml https://launcher.mojang.com/v1/objects/02937d122c86ce73319ef9975b58896fc1b491d1/log4j2_112-116.xml
# See https://purpurmc.org/docs/Log4j/
elif isType PURPUR && versionLessThan 1.17; then
patchLog4jConfig purpur_log4j2_1141-1165.xml https://purpurmc.org/docs/xml/purpur_log4j2_1141-1165.xml
elif isType PURPUR && versionLessThan 1.18.1; then
patchLog4jConfig purpur_log4j2_117.xml https://purpurmc.org/docs/xml/purpur_log4j2_117.xml
elif versionLessThan 1.18.1; then elif versionLessThan 1.18.1; then
JVM_OPTS="-Dlog4j2.formatMsgNoLookups=true ${JVM_OPTS}" JVM_OPTS="-Dlog4j2.formatMsgNoLookups=true ${JVM_OPTS}"
fi fi

7
scripts/start-setupModconfig
View File

@@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
. ${SCRIPTS:-/}start-utils # shellcheck source=start-utils
. "${SCRIPTS:-/}start-utils"
# If supplied with a URL for a config (simple zip of configurations), download it and unpack # If supplied with a URL for a config (simple zip of configurations), download it and unpack
if [[ "$MODCONFIG" ]]; then if [[ "$MODCONFIG" ]]; then
@@ -9,7 +10,7 @@ case "X$MODCONFIG" in
log "Downloading mod/plugin configs via HTTP" log "Downloading mod/plugin configs via HTTP"
log " from $MODCONFIG ..." log " from $MODCONFIG ..."
curl -sSL -o /tmp/modconfig.zip "$MODCONFIG" curl -sSL -o /tmp/modconfig.zip "$MODCONFIG"
if [ "$TYPE" = "SPIGOT" ]; then if [ "$FAMILY" = "SPIGOT" ]; then
mkdir -p /data/plugins mkdir -p /data/plugins
unzip -o -d /data/plugins /tmp/modconfig.zip unzip -o -d /data/plugins /tmp/modconfig.zip
else else
@@ -24,4 +25,4 @@ case "X$MODCONFIG" in
esac esac
fi fi
exec ${SCRIPTS:-/}start-setupMounts $@ exec "${SCRIPTS:-/}start-setupMounts" "$@"

6
scripts/start-setupModpack
View File

@@ -67,7 +67,7 @@ if [[ "$MODPACK" ]]; then
exit 1 exit 1
fi fi
if [ "$TYPE" = "SPIGOT" ]; then if [ "$FAMILY" = "SPIGOT" ]; then
mkdir -p /data/plugins mkdir -p /data/plugins
if ! unzip -o -d /data/plugins /tmp/modpack.zip; then if ! unzip -o -d /data/plugins /tmp/modpack.zip; then
log "ERROR: failed to unzip the modpack from ${MODPACK}" log "ERROR: failed to unzip the modpack from ${MODPACK}"
@@ -81,7 +81,7 @@ if [[ "$MODPACK" ]]; then
rm -f /tmp/modpack.zip rm -f /tmp/modpack.zip
elif [[ "$MODS" ]]; then elif [[ "$MODS" ]]; then
if [ "$TYPE" = "SPIGOT" ]; then if [ "$FAMILY" = "SPIGOT" ]; then
out_dir=/data/plugins out_dir=/data/plugins
else else
out_dir=/data/mods out_dir=/data/mods
@@ -118,7 +118,7 @@ elif [[ "$MODS_FILE" ]]; then
exit 2 exit 2
fi fi
if [ "$TYPE" = "SPIGOT" ]; then if [ "$FAMILY" = "SPIGOT" ]; then
out_dir=/data/plugins out_dir=/data/plugins
else else
out_dir=/data/mods out_dir=/data/mods

27
scripts/start-setupMounts
View File

@@ -1,14 +1,15 @@
#!/bin/bash #!/bin/bash
. ${SCRIPTS:-/}start-utils # shellcheck source=start-utils
. "${SCRIPTS:-/}start-utils"
: ${SYNC_SKIP_NEWER_IN_DESTINATION:=${PLUGINS_SYNC_UPDATE:-true}} : "${SYNC_SKIP_NEWER_IN_DESTINATION:=${PLUGINS_SYNC_UPDATE:-true}}"
: ${REPLACE_ENV_DURING_SYNC:=true} : "${REPLACE_ENV_DURING_SYNC:=true}"
: ${REPLACE_ENV_SUFFIXES:=yml,yaml,txt,cfg,conf,properties,hjson,json,tml,toml} : "${REPLACE_ENV_SUFFIXES:=yml,yaml,txt,cfg,conf,properties,hjson,json,tml,toml}"
: ${REPLACE_ENV_VARIABLE_PREFIX:=${ENV_VARIABLE_PREFIX:-CFG_}} : "${REPLACE_ENV_VARIABLE_PREFIX:=${ENV_VARIABLE_PREFIX:-CFG_}}"
: ${REPLACE_ENV_VARIABLES_EXCLUDES:=} : "${REPLACE_ENV_VARIABLES_EXCLUDES:=}"
: ${REPLACE_ENV_VARIABLES_EXCLUDE_PATHS:=} : "${REPLACE_ENV_VARIABLES_EXCLUDE_PATHS:=}"
: ${DEBUG:=false} : "${DEBUG:=false}"
set -e set -e
isDebugging && set -x isDebugging && set -x
@@ -24,8 +25,8 @@ else
fi fi
if [ -d /plugins ]; then if [ -d /plugins ]; then
case ${TYPE} in case ${FAMILY} in
SPIGOT|BUKKIT|PAPER|MAGMA) SPIGOT|HYBRID)
mkdir -p /data/plugins mkdir -p /data/plugins
log "Copying plugins over..." log "Copying plugins over..."
mc-image-helper \ mc-image-helper \
@@ -40,7 +41,7 @@ if [ -d /plugins ]; then
fi fi
# If any modules have been provided, copy them over # If any modules have been provided, copy them over
: ${COPY_MODS_DEST:="/data/mods"} : "${COPY_MODS_DEST:="/data/mods"}"
if [ -d /mods ]; then if [ -d /mods ]; then
log "Copying any mods over..." log "Copying any mods over..."
@@ -53,7 +54,7 @@ if [ -d /mods ]; then
/mods "${COPY_MODS_DEST}" /mods "${COPY_MODS_DEST}"
fi fi
: ${COPY_CONFIG_DEST:="/data/config"} : "${COPY_CONFIG_DEST:="/data/config"}"
if [ -d /config ]; then if [ -d /config ]; then
log "Copying any configs from /config to ${COPY_CONFIG_DEST}" log "Copying any configs from /config to ${COPY_CONFIG_DEST}"
@@ -66,4 +67,4 @@ if [ -d /config ]; then
/config "${COPY_CONFIG_DEST}" /config "${COPY_CONFIG_DEST}"
fi fi
exec ${SCRIPTS:-/}start-setupServerProperties $@ exec "${SCRIPTS:-/}start-setupServerProperties" "$@"

6
scripts/start-setupWorld
View File

@@ -33,7 +33,7 @@ if [[ "$WORLD" ]] && ( isTrue "${FORCE_WORLD_COPY}" || [ ! -d "$worldDest" ] );
mkdir -p /tmp/world-data mkdir -p /tmp/world-data
(cd /tmp/world-data && unzip -o -q "$zipSrc") (cd /tmp/world-data && unzip -o -q "$zipSrc")
if [ "$TYPE" = "SPIGOT" ]; then if [ "$FAMILY" = "SPIGOT" ]; then
baseDirs=$(find /tmp/world-data -name "level.dat" -not -path "*_nether*" -not -path "*_the_end*" -exec dirname "{}" \;) baseDirs=$(find /tmp/world-data -name "level.dat" -not -path "*_nether*" -not -path "*_the_end*" -exec dirname "{}" \;)
else else
baseDirs=$(find /tmp/world-data -name "level.dat" -exec dirname "{}" \;) baseDirs=$(find /tmp/world-data -name "level.dat" -exec dirname "{}" \;)
@@ -51,7 +51,7 @@ if [[ "$WORLD" ]] && ( isTrue "${FORCE_WORLD_COPY}" || [ ! -d "$worldDest" ] );
exit 1 exit 1
fi fi
rsync --remove-source-files --recursive --delete "$baseDir/" "$worldDest" rsync --remove-source-files --recursive --delete "$baseDir/" "$worldDest"
if [ "$TYPE" = "SPIGOT" ]; then if [ "$FAMILY" = "SPIGOT" ]; then
log "Copying end and nether ..." log "Copying end and nether ..."
[ -d "${baseDir}_nether" ] && rsync --remove-source-files --recursive --delete "${baseDir}_nether/" "${worldDest}_nether" [ -d "${baseDir}_nether" ] && rsync --remove-source-files --recursive --delete "${baseDir}_nether/" "${worldDest}_nether"
[ -d "${baseDir}_the_end" ] && rsync --remove-source-files --recursive --delete "${baseDir}_the_end/" "${worldDest}_the_end" [ -d "${baseDir}_the_end" ] && rsync --remove-source-files --recursive --delete "${baseDir}_the_end/" "${worldDest}_the_end"
@@ -61,7 +61,7 @@ if [[ "$WORLD" ]] && ( isTrue "${FORCE_WORLD_COPY}" || [ ! -d "$worldDest" ] );
rsync --recursive --delete "${WORLD%/}"/ "$worldDest" rsync --recursive --delete "${WORLD%/}"/ "$worldDest"
fi fi
if [ "$TYPE" = "SPIGOT" ]; then if [ "$FAMILY" = "SPIGOT" ]; then
# Reorganise if a Spigot server # Reorganise if a Spigot server
log "Moving End and Nether maps to Spigot location" log "Moving End and Nether maps to Spigot location"
[ -d "$worldDest/DIM1" ] && mv -f "$worldDest/DIM1" "${worldDest}_the_end" [ -d "$worldDest/DIM1" ] && mv -f "$worldDest/DIM1" "${worldDest}_the_end"

9
scripts/start-utils
View File

@@ -178,5 +178,14 @@ function isFamily() {
return 0 return 0
fi fi
done done
return 1
}
function isType() {
for t in "${@}"; do
if [[ $TYPE == "$t" ]]; then
return 0
fi
done
return 1 return 1
} }