Update mosquitto to 2.0.11 (#2453)

* Update mosquitto base image to alpine 3.14

* Replace mosquitto-auth-plug with mosquitto-go-auth

* Add flags for linker before make

https://github.com/iegomez/mosquitto-go-auth/issues/91#issuecomment-826943411

* In-place sed

* Debian base, new packages, set hasher

* Fix DL3009

* Update changelog

* Clean go cache and link to mosquitto changelog

* Update config.yaml

Co-authored-by: Pascal Vizeli <pvizeli@syshack.ch>

mosquitto/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## 6.1.0
+
+- Update mosquitto to 2.0.11
+- Remove `mosquitto-auth-plug` and replace with `mosquitto-go-auth` 1.8.2
+- Change base image from Alpine to Debian (required for `mosquitto-go-auth`)
+
+Note: Mosquitto 2.0.0 did contain some breaking changes. We don't anticipate
+most users to be affected by them but if you have a heavily customized mosquitto
+config we would advise reviewing [their changelog](https://mosquitto.org/ChangeLog.txt). 
+
 ## 6.0.2
 
 - Mention homeassistant and addon users in ACL doc

mosquitto/Dockerfile

@@ -4,36 +4,50 @@ FROM $BUILD_FROM
 # Install mosquitto + auth plugin
 WORKDIR /usr/src
 ARG MOSQUITTO_AUTH_VERSION
-RUN apk add --no-cache \
+RUN apt-get update \
+    && apt-get install -qy --no-install-recommends \
         mosquitto \
         nginx \
         pwgen \
-    && apk add --no-cache --virtual .build-dependencies \
+        build-essential \
-        build-base \
-        curl-dev \
         git \
         mosquitto-dev \
-        openssl-dev \
+        libmosquitto-dev \
+        openssl \
+        libssl-dev \
+        golang-go \
     \
     && git clone --depth 1 -b "${MOSQUITTO_AUTH_VERSION}" \
-        https://github.com/pvizeli/mosquitto-auth-plug \
+       https://github.com/iegomez/mosquitto-go-auth \
     \
-    && cd mosquitto-auth-plug \
+    && cd mosquitto-go-auth \
-    && cp config.mk.in config.mk \
+    && sed -i 's/-I\/usr\/local\/include/-I\/usr\/include/' Makefile \
+    && sed -i 's/LDFLAGS := .*$/& -Wl,-unresolved-symbols=ignore-all/' Makefile \
     && make \
     && mkdir -p /usr/share/mosquitto \
-    && cp -f auth-plug.so /usr/share/mosquitto \
+    && cp -f go-auth.so /usr/share/mosquitto \
-    && cp -f np /usr/local/bin \
+    && cp -f pw /usr/local/bin \
     \
-    && apk del --no-cache .build-dependencies \
+    && apt-get purge -y --auto-remove \
+        build-essential \
+        git \
+        mosquitto-dev \
+        libmosquitto-dev \
+        openssl \
+        libssl-dev \
+        golang-go \
+    && apt-get clean \
     && rm -fr \
         /etc/logrotate.d \
         /etc/mosquitto/* \
         /etc/nginx/* \
         /usr/share/nginx \
-        /usr/src/mosquitto-auth-plug \
+        /usr/src/mosquitto-go-auth \
         /var/lib/nginx/html \
-        /var/www
+        /var/www \
+        /var/lib/apt/lists/* \
+	/root/.cache \
+	/root/go
 
 # Copy rootfs
 COPY rootfs /

mosquitto/build.yaml

@@ -1,12 +1,12 @@
 ---
 build_from:
-  aarch64: ghcr.io/home-assistant/aarch64-base:3.13
+  aarch64: ghcr.io/home-assistant/aarch64-base-debian:bullseye
-  amd64: ghcr.io/home-assistant/amd64-base:3.13
+  amd64: ghcr.io/home-assistant/amd64-base-debian:bullseye
-  armhf: ghcr.io/home-assistant/armhf-base:3.13
+  armhf: ghcr.io/home-assistant/armhf-base-debian:bullseye
-  armv7: ghcr.io/home-assistant/armv7-base:3.13
+  armv7: ghcr.io/home-assistant/armv7-base-debian:bullseye
-  i386: ghcr.io/home-assistant/i386-base:3.13
+  i386: ghcr.io/home-assistant/i386-base-debian:bullseye
 codenotary:
   signer: notary@home-assistant.io
   base_image: notary@home-assistant.io
 args:
-  MOSQUITTO_AUTH_VERSION: 0.1.5
+  MOSQUITTO_AUTH_VERSION: 1.8.2

mosquitto/config.yaml

@@ -1,9 +1,10 @@
 ---
-version: 6.0.2
+version: 6.1.0
 slug: mosquitto
 name: Mosquitto broker
 description: An Open Source MQTT broker
 url: https://github.com/home-assistant/hassio-addons/tree/master/mosquitto
+codenotary: notary@home-assistant.io
 arch:
   - armhf
   - armv7

mosquitto/rootfs/etc/cont-init.d/mosquitto.sh

@@ -31,12 +31,12 @@ else
 fi
 
 # Set up discovery user
-password=$(np -p "${discovery_password}")
+password=$(pw -p "${discovery_password}")
 echo "homeassistant:${password}" >> "${PW}"
 echo "user homeassistant" >> "${ACL}"
 
 # Set up service user
-password=$(np -p "${service_password}")
+password=$(pw -p "${service_password}")
 echo "addons:${password}" >> "${PW}"
 echo "user addons" >> "${ACL}"
 
@@ -49,7 +49,7 @@ for login in $(bashio::config 'logins|keys'); do
   password=$(bashio::config "logins[${login}].password")
 
   bashio::log.info "Setting up user ${username}"
-  password=$(np -p "${password}")
+  password=$(pw -p "${password}")
   echo "${username}:${password}" >> "${PW}"
   echo "user ${username}" >> "${ACL}"
 done

mosquitto/rootfs/usr/share/tempio/mosquitto.gtpl

@@ -9,21 +9,22 @@ persistence true
 persistence_location /data/
 
 # Authentication plugin
-auth_plugin /usr/share/mosquitto/auth-plug.so
+auth_plugin /usr/share/mosquitto/go-auth.so
 auth_opt_backends files,http
+auth_opt_hasher pbkdf2
 auth_opt_cache true
-auth_opt_auth_cacheseconds 300
+auth_opt_auth_cache_seconds 300
-auth_opt_auth_cachejitter 30
+auth_opt_auth_jitter_seconds 30
-auth_opt_acl_cacheseconds 300
+auth_opt_acl_cache_seconds 300
-auth_opt_acl_cachejitter 30
+auth_opt_acl_jitter_seconds 30
-auth_opt_log_quiet true
+auth_opt_log_level error
 
 # HTTP backend for the authentication plugin
-auth_opt_password_file /etc/mosquitto/pw
+auth_opt_files_password_path /etc/mosquitto/pw
-auth_opt_acl_file /etc/mosquitto/acl
+auth_opt_files_acl_path /etc/mosquitto/acl
 
 # HTTP backend for the authentication plugin
-auth_opt_http_ip 127.0.0.1
+auth_opt_http_host 127.0.0.1
 auth_opt_http_port 80
 auth_opt_http_getuser_uri /authentication
 auth_opt_http_superuser_uri /superuser