Mqtt update (#620)

* Update Mosquitto / Auth plugin * file * extract auth plugin builder * fix arm * fix build * Fix multiarch build * cleanup * test * Use own plugin * cleanup config handling * Fix startup * revert bashio config * fix error * Update CHANGELOG.md * cleanup
2025-12-17 05:04:21 +01:00 · 2019-07-01 15:37:53 +02:00
parent 5bda2fa271
commit 6af0f83c55
7 changed files with 43 additions and 30 deletions
--- a/mosquitto/CHANGELOG.md
+++ b/mosquitto/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog

+## 5.0
+
+- Update mosquitto 1.6.3 / Alpine 3.10
+- Migrate to `mosquitto-auth-plug` from pvizeli
+- Use auth cache for faster reauthentication
+
 ## 4.3

 - Fix password generator with new images
--- a/mosquitto/Dockerfile
+++ b/mosquitto/Dockerfile
@@ -1,9 +1,6 @@
 ARG BUILD_FROM
 FROM $BUILD_FROM

-# Add env
-ENV LANG C.UTF-8
-
 # Install mosquitto + auth plugin
 WORKDIR /usr/src
 ARG MOSQUITTO_AUTH_VERSION
@@ -11,11 +8,9 @@ RUN apk add --no-cache \
        mosquitto curl openssl musl socat pwgen \
    && apk add --no-cache --virtual .build-dependencies \
        build-base git mosquitto-dev curl-dev openssl-dev \
-    && git clone --depth 1 https://github.com/jpmens/mosquitto-auth-plug \
+    && git clone --depth 1 -b ${MOSQUITTO_AUTH_VERSION} https://github.com/pvizeli/mosquitto-auth-plug \
    && cd mosquitto-auth-plug \
    && cp config.mk.in config.mk \
-    && sed -i "s/?= yes/?= no/g" config.mk \
-    && sed -i "s/HTTP ?= no/HTTP ?= yes/g" config.mk \
    && make \
    && mkdir -p /usr/share/mosquitto \
    && cp -f auth-plug.so /usr/share/mosquitto \
@@ -23,9 +18,9 @@ RUN apk add --no-cache \
    && rm -fr /usr/src/mosquitto-auth-plug

 # Copy data
-COPY run.sh /
-COPY auth_srv.sh /bin/
-COPY mosquitto.conf /etc/
+COPY data/run.sh /
+COPY data/auth_srv.sh /bin/
+COPY data/mosquitto.conf /etc/

 WORKDIR /
 CMD [ "/run.sh" ]
--- a/mosquitto/build.json
+++ b/mosquitto/build.json
@@ -1,5 +1,12 @@
 {
+  "build_from": {
+    "amd64": "homeassistant/amd64-base:3.10",
+    "i386": "homeassistant/i386-base:3.10",
+    "armhf": "homeassistant/armhf-base:3.10",
+    "armv7": "homeassistant/armv7-base:3.10",
+    "aarch64": "homeassistant/aarch64-base:3.10"
+  },
  "args": {
-    "MOSQUITTO_AUTH_VERSION": "0.1.3"
+    "MOSQUITTO_AUTH_VERSION": "0.1.4"
  }
 }
--- a/mosquitto/config.json
+++ b/mosquitto/config.json
@@ -1,6 +1,6 @@
 {
  "name": "Mosquitto broker",
-  "version": "4.3",
+  "version": "5.0",
  "slug": "mosquitto",
  "description": "An Open Source MQTT broker",
  "url": "https://home-assistant.io/addons/mosquitto/",
@@ -20,7 +20,6 @@
  "options": {
    "logins": [],
    "anonymous": false,
-    "quiet_logs": true,
    "customize": {
      "active": false,
      "folder": "mosquitto"
@@ -33,7 +32,6 @@
        {"username": "str", "password": "str"}
    ],
    "anonymous": "bool",
-    "quiet_logs": "bool",
    "customize": {
      "active": "bool",
      "folder": "str"
--- a/mosquitto/data/auth_srv.sh
+++ b/mosquitto/data/auth_srv.sh
--- a/mosquitto/data/mosquitto.conf
+++ b/mosquitto/data/mosquitto.conf
@@ -22,6 +22,8 @@ auth_opt_http_getuser_uri /login
 auth_opt_http_superuser_uri /superuser
 auth_opt_http_aclcheck_uri /acl
 auth_opt_log_quiet %%AUTH_QUIET_LOGS%%
+auth_opt_auth_cacheseconds 300
+
 allow_anonymous %%ANONYMOUS%%

 #include_dir /share/mosquitto
--- a/mosquitto/data/run.sh
+++ b/mosquitto/data/run.sh
@@ -1,5 +1,5 @@
-#!/bin/bash
-set -e
+#!/usr/bin/env bashio
+set +u

 CONFIG_PATH=/data/options.json
 SYSTEM_USER=/data/system_user.json
@@ -9,7 +9,7 @@ ANONYMOUS=$(jq --raw-output ".anonymous" $CONFIG_PATH)
 KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH)
 CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH)
 CUSTOMIZE_ACTIVE=$(jq --raw-output ".customize.active" $CONFIG_PATH)
-AUTH_QUIET_LOGS=$(jq --raw-output ".quiet_logs" $CONFIG_PATH)
+LOGGING=$(bashio::info 'hassio.info.logging' '.logging')
 HOMEASSISTANT_PW=
 ADDONS_PW=
 WAIT_PIDS=()
@@ -81,15 +81,20 @@ function constrain_discovery() {

 ## Main ##

-echo "[INFO] Setup mosquitto configuration"
+bashio::log.info "Setup mosquitto configuration"
 sed -i "s/%%ANONYMOUS%%/$ANONYMOUS/g" /etc/mosquitto.conf
-sed -i "s/%%AUTH_QUIET_LOGS%%/$AUTH_QUIET_LOGS/g" /etc/mosquitto.conf
+
+if [ "${LOGGING}" == "debug" ]; then
+    sed -i "s/%%AUTH_QUIET_LOGS%%/false/g" /etc/mosquitto.conf
+else
+    sed -i "s/%%AUTH_QUIET_LOGS%%/true/g" /etc/mosquitto.conf
+fi

 # Enable SSL if exists configs
 if [ -e "/ssl/$CERTFILE" ] && [ -e "/ssl/$KEYFILE" ]; then
    echo "$SSL_CONFIG" >> /etc/mosquitto.conf
 else
-    echo "[WARN] SSL not enabled - No valid certs found!"
+    bashio::log.warning "SSL not enabled - No valid certs found!"
 fi

 # Allow customize configs from share
@@ -100,9 +105,9 @@ fi

 # Handle local users
 if [ "$LOGINS" -gt "0" ]; then
-    echo "[INFO] Found local users inside config"
+    bashio::log.info "Found local users inside config"
 else
-    echo "[INFO] No local user available"
+    bashio::log.info "No local user available"
 fi

 # Prepare System Accounts
@@ -110,7 +115,7 @@ if [ ! -e "${SYSTEM_USER}" ]; then
    HOMEASSISTANT_PW="$(pwgen 64 1)"
    ADDONS_PW="$(pwgen 64 1)"

-    echo "[INFO] Initialize system configuration."
+    bashio::log.info "Initialize system configuration."
    write_system_users
 else
    HOMEASSISTANT_PW=$(jq --raw-output '.homeassistant.password' $SYSTEM_USER)
@@ -119,20 +124,20 @@ fi

 # Initial Service
 if call_hassio GET "services/mqtt" | jq --raw-output ".data.host" | grep -v "$(hostname)" > /dev/null; then
-    echo "[WARN] There is allready a MQTT services running!"
+    bashio::log.warning "There is allready a MQTT services running!"
 else
-    echo "[INFO] Initialize Hass.io Add-on services"
+    bashio::log.info "Initialize Hass.io Add-on services"
    if ! call_hassio POST "services/mqtt" "$(constrain_host_config addons "${ADDONS_PW}")" > /dev/null; then
-        echo "[ERROR] Can't setup Hass.io service mqtt"
+        bashio::log.error "Can't setup Hass.io service mqtt"
    fi

-    echo "[INFO] Initialize Home Assistant discovery"
+    bashio::log.info "Initialize Home Assistant discovery"
    if ! call_hassio POST "discovery" "$(constrain_discovery homeassistant "${HOMEASSISTANT_PW}")" > /dev/null; then
-        echo "[ERROR] Can't setup Home Assistant discovery mqtt"
+        bashio::log.error "Can't setup Home Assistant discovery mqtt"
    fi
 fi

-echo "[INFO] Start Mosquitto daemon"
+bashio::log.info "Start Mosquitto daemon"

 # Start Auth Server
 socat TCP-LISTEN:8080,fork,reuseaddr SYSTEM:/bin/auth_srv.sh &
@@ -144,13 +149,13 @@ WAIT_PIDS+=($!)

 # Handling Closing
 function stop_mqtt() {
-    echo "[INFO] Shutdown mqtt system"
+    bashio::log.info "Shutdown mqtt system"
    kill -15 "${WAIT_PIDS[@]}"

    # Remove service
    if call_hassio GET "services/mqtt" | jq --raw-output ".data.host" | grep "$(hostname)" > /dev/null; then
        if ! call_hassio DELETE "services/mqtt"; then
-            echo "[Warn] Service unregister fails!"
+            bashio::log.warning "Service unregister fails!"
        fi
    fi