Merge #2525 #2534

2525: Switch to GrapheneOS's hardened_malloc r=mergify[bot] a=nextgens ## What type of PR? Feature ## What does this PR do? Switch to GrapheneOS's hardened_malloc This was suggested during the dev meeting of the 18/09/22. It may break things and it may make things unbearably slow... but it should also make the exploitation of memory corruption bugs a lot harder. ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. 2534: Close #2533: document SQLALCHEMY_DATABASE_URI r=mergify[bot] a=nextgens ## What type of PR? documentation ## What does this PR do? document SQLALCHEMY_DATABASE_URI ### Related issue(s) - closes #2533 ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] In case of feature or enhancement: documentation updated accordingly - [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago · 04a196c417
parent 40bdf7a6d9 81628149a2 63513608b9
commit 04a196c417
3 changed files with 14 additions and 1 deletions
--- a/core/base/Dockerfile
+++ b/core/base/Dockerfile
@ -12,7 +12,15 @@ ARG MAILU_GID=1000
 RUN set -euxo pipefail \
  ; addgroup -Sg ${MAILU_GID} mailu \
  ; adduser -Sg ${MAILU_UID} -G mailu -h /app -g "mailu app" -s /bin/bash mailu \
-  ; apk add --no-cache bash ca-certificates curl python3 tzdata
+  ; apk add --no-cache bash ca-certificates curl python3 tzdata \
  ; machine="$(uname -m)" \
  ; if [[ "${machine}" == x86_64 || "${machine}" == armv8* || "${machine}" == aarch64 ]] \
  ; then \
      echo "Installing hardened-malloc" \
  ;   apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing hardened-malloc \
  ; fi
 ENV LD_PRELOAD=/usr/lib/libhardened_malloc.so
 WORKDIR /app
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -287,6 +287,10 @@ The admin service stores configurations in a database.
 - ``DB_USER``: the database user for mailu admin service. (when not ``sqlite``)
 - ``DB_NAME``: the database name for mailu admin service. (when not ``sqlite``)
 Alternatively, if you need more control, you can use a `DB URL`_ : do not set any of the ``DB_`` settings and set ``SQLALCHEMY_DATABASE_URI`` instead.
 .. _`DB URL`: https://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls
 The roundcube service stores configurations in a database.
 - ``ROUNDCUBE_DB_FLAVOR``: the database type for roundcube service. (``sqlite``, ``postgresql``, ``mysql``)
--- a/towncrier/newsfragments/2525.feature
+++ b/towncrier/newsfragments/2525.feature
@ -0,0 +1 @@
 Switch to GrapheneOS's hardened_malloc