25 Commits

Author SHA1 Message Date
jcabillot d860bbcc0c Merge pull request 'fix: bump alpine 3.24, dynamic python paths, tini via apk' (#21) from fix/alpine-3.24-and-patch-cleanup into master
Main Release / hadolint (push) Successful in 8s
Main Release / test (push) Successful in 19s
Main Release / build (push) Successful in 14s
Main Release / tag (push) Successful in 8s
Tag Release / hadolint (push) Successful in 6s
Tag Release / test (push) Successful in 11s
Tag Release / build-push (push) Successful in 43s
Reviewed-on: #21
2026-07-16 12:58:55 -04:00
Sagent cd51949b47 fix: bump alpine 3.24, dynamic python paths in patch.py, tini via apk
PR Checks / hadolint (pull_request) Successful in 19s
PR Checks / build-test (pull_request) Successful in 28s
- Alpine 3.23 → 3.24 (ships Python 3.14, not 3.12)
- patch.py: use glob + sys.version_info instead of hardcoded python3.12 paths
- Move SSL SECLEVEL=1 sed from Dockerfile into patch.py
- Tini: replace commented-out manual binary download with apk add tini
  (ENTRYPOINT ["/sbin/tini", "--"] as PID 1 for proper signal handling)
- Remove dead TINI_VERSION env and commented-out lines
2026-07-16 16:27:13 +00:00
jcabillot bbdfda3fa1 Merge pull request 'chore(deps): update docker/login-action digest to af1e73f' (#20) from renovate/docker-login-action-digest into master
Main Release / hadolint (push) Successful in 6s
Main Release / test (push) Successful in 14s
Main Release / build (push) Successful in 24s
Main Release / tag (push) Successful in 58s
Tag Release / hadolint (push) Successful in 16s
Tag Release / test (push) Successful in 20s
Tag Release / build-push (push) Successful in 49s
Reviewed-on: #20
2026-07-03 16:20:13 -04:00
renovate 5bb9bf665a chore(deps): update docker/login-action digest to af1e73f
renovate/stability-days Updates have met minimum release age requirement
PR Checks / hadolint (pull_request) Successful in 9s
PR Checks / build-test (pull_request) Successful in 27s
2026-07-03 14:19:47 +00:00
jcabillot a27f44b4ac Merge pull request 'chore(deps): update docker/metadata-action digest to dc80280' (#18) from renovate/docker-metadata-action-digest into master
Main Release / hadolint (push) Successful in 7s
Main Release / test (push) Successful in 30s
Main Release / build (push) Successful in 22s
Main Release / tag (push) Successful in 13s
Tag Release / hadolint (push) Successful in 49s
Tag Release / test (push) Successful in 33s
Tag Release / build-push (push) Successful in 1m51s
Reviewed-on: #18
2026-07-02 09:37:29 -04:00
renovate 72c2c371c0 chore(deps): update docker/metadata-action digest to dc80280
renovate/stability-days Updates have met minimum release age requirement
PR Checks / hadolint (pull_request) Successful in 29s
PR Checks / build-test (pull_request) Successful in 26s
2026-07-02 13:36:35 +00:00
jcabillot e28d0fbe60 Merge pull request 'chore(deps): update docker/login-action digest to c99871d' (#17) from renovate/docker-login-action-digest into master
Main Release / hadolint (push) Successful in 8s
Main Release / test (push) Successful in 20s
Main Release / build (push) Successful in 30s
Main Release / tag (push) Successful in 13s
Tag Release / hadolint (push) Successful in 13s
Tag Release / test (push) Successful in 19s
Tag Release / build-push (push) Successful in 1m8s
Reviewed-on: #17
2026-07-02 09:28:25 -04:00
renovate c4f1c07f22 chore(deps): update docker/login-action digest to c99871d
renovate/stability-days Updates have met minimum release age requirement
PR Checks / hadolint (pull_request) Successful in 12s
PR Checks / build-test (pull_request) Successful in 35s
2026-07-02 12:46:25 +00:00
opencodecabilloteu bbac379d79 chore(deps): update docker/setup-buildx-action digest to bb05f3f
Main Release / test (push) Successful in 45s
Main Release / hadolint (push) Failing after 11m37s
Main Release / build (push) Successful in 25s
Main Release / tag (push) Successful in 19s
Tag Release / hadolint (push) Successful in 7s
Tag Release / test (push) Successful in 17s
Tag Release / build-push (push) Successful in 1m0s
chore(deps): update docker/setup-buildx-action digest to bb05f3f
2026-07-02 08:36:59 -04:00
renovate d226243440 chore(deps): update docker/setup-buildx-action digest to bb05f3f
PR Checks / hadolint (pull_request) Successful in 6s
PR Checks / build-test (pull_request) Successful in 11s
2026-07-02 09:57:30 +00:00
jcabillot 6bf03ec83f Merge pull request 'chore(deps): update docker/build-push-action action to v7.3.0' (#16) from renovate/docker-build-push-action-7.x into master
Main Release / hadolint (push) Successful in 11s
Main Release / test (push) Successful in 33s
Main Release / build (push) Successful in 27s
Main Release / tag (push) Successful in 13s
Tag Release / hadolint (push) Successful in 7s
Tag Release / test (push) Successful in 19s
Tag Release / build-push (push) Successful in 56s
Reviewed-on: #16
2026-07-01 16:23:16 -04:00
renovate 8dc41997b7 chore(deps): update docker/build-push-action action to v7.3.0
PR Checks / hadolint (pull_request) Successful in 8s
PR Checks / build-test (pull_request) Successful in 22s
2026-07-01 14:54:07 +00:00
jcabillot 7e2d57d7a0 Merge pull request 'chore(deps): update actions/checkout action to v7' (#15) from renovate/actions-checkout-7.x into master
Main Release / test (push) Successful in 18s
Main Release / build (push) Successful in 13s
Main Release / tag (push) Successful in 19s
Tag Release / hadolint (push) Successful in 11s
Tag Release / test (push) Successful in 24s
Tag Release / build-push (push) Successful in 48s
Main Release / hadolint (push) Has been cancelled
Reviewed-on: #15
2026-06-22 11:45:06 -04:00
renovate 5e631d80a7 chore(deps): update actions/checkout action to v7
PR Checks / build-test (pull_request) Successful in 21s
PR Checks / hadolint (pull_request) Successful in 6s
2026-06-18 15:29:32 +00:00
cloudix_mcp_server fff3c9f6e2 fix: restore tag.yaml from base64 corruption to proper YAML
Main Release / hadolint (push) Successful in 7s
Main Release / test (push) Successful in 12s
Main Release / build (push) Successful in 12s
Main Release / tag (push) Successful in 13s
Tag Release / test (push) Failing after 13m46s
Tag Release / hadolint (push) Failing after 13m47s
Tag Release / build-push (push) Has been skipped
tag: test before build-push, keeps vX.Y.Z and vX.Y.Z-latest tags
2026-06-13 14:55:00 -04:00
cloudix_mcp_server bbb6e677de fix: restore cron.yaml from base64 corruption to proper YAML
Main Release / hadolint (push) Successful in 9s
Main Release / test (push) Successful in 15s
Main Release / build (push) Successful in 14s
Main Release / tag (push) Successful in 14s
cron: test before build-push, removed :latest, keeps $TAG-latest
2026-06-13 14:54:57 -04:00
cloudix_mcp_server d260b56c5b fix: restore main.yaml from base64 corruption to proper YAML
Main Release / hadolint (push) Successful in 6s
Main Release / test (push) Successful in 13s
Main Release / build (push) Successful in 12s
Main Release / tag (push) Successful in 12s
main: no Docker push, build only, test mandatory before build, tag follows
2026-06-13 14:54:55 -04:00
jcabillot 7d37ef7bcb Merge pull request 'CI: tests obligatoires avant push, abandon du tag :latest sur master' (#14) from fix/workflow-test-before-push into master
Reviewed-on: #14
2026-06-13 14:28:56 -04:00
cloudix_mcp_server 88cac8d90c tag: add test job before build-push
PR Checks / hadolint (pull_request) Successful in 7s
PR Checks / build-test (pull_request) Successful in 13s
- Add test job (build + run tests)
- build-push now needs: [test]
- Tests must pass before pushing tagged release to DockerHub
2026-06-13 14:25:55 -04:00
cloudix_mcp_server ae49ab2f80 cron: add test job before build-push, remove :latest tag
- Add test job (build + run tests)
- build-push now needs: [test]
- Remove type=raw,value=latest tag
- Keep type=raw,value=$TAG-latest for the latest versioned tag
2026-06-13 14:25:53 -04:00
cloudix_mcp_server ceb840bfe5 main: remove Docker push, keep only build+test+tag
- Remove docker/login-action, docker/metadata-action, docker/build-push-action
- Rename build-push to build (just docker build, no push)
- Tag job now depends on build
- Push to DockerHub is handled solely by tag.yaml now
2026-06-13 14:25:50 -04:00
jcabillot 2e9cb26503 Merge pull request 'tweak: tag strategy (stable + -latest) and sequential job deps on main' (#13) from tweak/tag-strategy-and-job-deps into master
Main Release / hadolint (push) Successful in 6s
Main Release / test (push) Successful in 12s
Main Release / build-push (push) Successful in 36s
Main Release / tag (push) Successful in 10s
Tag Release / hadolint (push) Successful in 6s
Tag Release / build-push (push) Successful in 36s
Reviewed-on: #13
2026-06-13 14:13:57 -04:00
cloudix_mcp_server 0cf0060855 feat(main): sequential job deps — test → build-push → tag (mandatory)
PR Checks / hadolint (pull_request) Successful in 6s
PR Checks / build-test (pull_request) Successful in 12s
2026-06-13 14:12:37 -04:00
cloudix_mcp_server 58db03ad49 feat(cron): rebuild :vx.y.z-latest instead of :vx.y.z (stable stays at tag time) 2026-06-13 14:12:34 -04:00
cloudix_mcp_server 6acb8f0302 feat(tag): push both :vx.y.z and :vx.y.z-latest on tag event 2026-06-13 14:12:31 -04:00
6 changed files with 132 additions and 66 deletions
+16 -9
View File
@@ -6,19 +6,27 @@ jobs:
hadolint: hadolint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
continue-on-error: true continue-on-error: true
with: with:
dockerfile: Dockerfile dockerfile: Dockerfile
build-push: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
build-push:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 - uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -27,13 +35,12 @@ jobs:
TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "") TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
echo "tag=$TAG" >> $GITHUB_OUTPUT echo "tag=$TAG" >> $GITHUB_OUTPUT
- id: meta - id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6 uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with: with:
images: jcabillot/offlineimap images: jcabillot/offlineimap
tags: | tags: |
type=raw,value=latest type=raw,value=${{ steps.get-latest-tag.outputs.tag }}-latest,enable=${{ steps.get-latest-tag.outputs.tag != '' }}
type=raw,value=${{ steps.get-latest-tag.outputs.tag }},enable=${{ steps.get-latest-tag.outputs.tag != '' }} - uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with: with:
context: . context: .
push: true push: true
+13 -27
View File
@@ -6,44 +6,30 @@ jobs:
hadolint: hadolint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
continue-on-error: true continue-on-error: true
with: with:
dockerfile: Dockerfile dockerfile: Dockerfile
build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
with:
images: jcabillot/offlineimap
tags: |
type=raw,value=latest
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
pull: true
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- run: docker build -t ci-image:${{ github.sha }} . - run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }} - run: bash tests/test.sh ci-image:${{ github.sha }}
tag: build:
needs: [test]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- run: docker build -t jcabillot/offlineimap:${{ github.sha }} .
tag:
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Configure git auth - name: Configure git auth
+3 -3
View File
@@ -6,7 +6,7 @@ jobs:
hadolint: hadolint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
continue-on-error: true continue-on-error: true
with: with:
@@ -14,7 +14,7 @@ jobs:
build-test: build-test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- run: docker build -t ci-image:${{ github.sha }} . - run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }} - run: bash tests/test.sh ci-image:${{ github.sha }}
+16 -7
View File
@@ -6,27 +6,36 @@ jobs:
hadolint: hadolint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
continue-on-error: true continue-on-error: true
with: with:
dockerfile: Dockerfile dockerfile: Dockerfile
build-push: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 - run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
build-push:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
- uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- id: meta - id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6 uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with: with:
images: jcabillot/offlineimap images: jcabillot/offlineimap
tags: | tags: |
type=ref,event=tag type=ref,event=tag
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 type=ref,event=tag,suffix=-latest
- uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
with: with:
context: . context: .
push: true push: true
+7 -13
View File
@@ -1,27 +1,21 @@
FROM alpine:3.23 FROM alpine:3.24
LABEL maintainer="Cabillot Julien <dockerimages@cabillot.eu>" LABEL maintainer="Cabillot Julien <dockerimages@cabillot.eu>"
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
COPY patch.py /tmp/patch.py COPY patch.py /tmp/patch.py
# hadolint ignore=DL3018 # hadolint ignore=DL3018
RUN apk add --no-cache offlineimap openssl && \ RUN apk add --no-cache offlineimap openssl tini && \
adduser -D offlineimap && \ adduser -D offlineimap && \
# Force SECLEVEL=1 in imaplib2 to allow connecting to servers with weak DH keys (DH_KEY_TOO_SMALL) # Apply post-install patches:
# This is required because OpenSSL 3.x in Alpine 3.23 defaults to SECLEVEL=2 # - UnicodeEncodeError fallback for defective messages (Maildir + IMAP)
sed -i 's/ctx = ssl.SSLContext(ssl_version)/ctx = ssl.SSLContext(ssl_version)\n ctx.set_ciphers("DEFAULT:@SECLEVEL=1")/' /usr/lib/python3.*/site-packages/imaplib2/imaplib2.py && \ # - SSL SECLEVEL=1 in imaplib2 to allow connecting to servers with weak DH keys
# Patch offlineimap email generator bug for defective messages # (OpenSSL 3.x defaults to SECLEVEL=2)
python3 /tmp/patch.py && rm /tmp/patch.py python3 /tmp/patch.py && rm /tmp/patch.py
COPY --chown=offlineimap offlineimaprc.*.tmpl /home/offlineimap/ COPY --chown=offlineimap offlineimaprc.*.tmpl /home/offlineimap/
# Add Tini
ENV "TINI_VERSION" "v0.16.1"
#ADD "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" "/tini"
#RUN chmod +x "/tini"
#ENTRYPOINT ["/tini", "--"]
USER "offlineimap" USER "offlineimap"
#ENTRYPOINT [ "/entrypoint.sh" ] ENTRYPOINT ["/sbin/tini", "--"]
CMD [ "/entrypoint.sh" ] CMD [ "/entrypoint.sh" ]
+75 -5
View File
@@ -1,16 +1,52 @@
import sys, os #!/usr/bin/env python3
"""Post-install patches for offlineimap on Alpine.
Run as root in the Docker build (RUN python3 /tmp/patch.py).
Fixes two upstream issues that persist in offlineimap 8.0.0:
1. UnicodeEncodeError when writing messages with non-ASCII bytes
(Maildir.save thread + IMAP header generation).
2. SSL SECLEVEL=2 in OpenSSL 3.x prevents connecting to servers with
weak DH keys (DH_KEY_TOO_SMALL). Force SECLEVEL=1 in imaplib2.
Paths are resolved dynamically so the patch survives Python version
bumps across Alpine releases (was hardcoded to python3.12).
"""
import glob
import sys
# ---------------------------------------------------------------
# 1. Maildir.py — wrap fd.write(msg.as_bytes(...)) in a try/except
# that falls back to UTF-8 encoded as_string on UnicodeEncodeError
# ---------------------------------------------------------------
maildir_path = glob.glob(
"/usr/lib/python%d.%d/site-packages/offlineimap/folder/Maildir.py"
% (sys.version_info.major, sys.version_info.minor)
)[0]
maildir_path = "/usr/lib/python3.12/site-packages/offlineimap/folder/Maildir.py"
with open(maildir_path, "r") as f: with open(maildir_path, "r") as f:
maildir = f.read() maildir = f.read()
maildir = maildir.replace( maildir = maildir.replace(
"fd.write(msg.as_bytes(policy=output_policy))", "fd.write(msg.as_bytes(policy=output_policy))",
"try:\n fd.write(msg.as_bytes(policy=output_policy))\n except UnicodeEncodeError:\n fd.write(msg.as_string(policy=output_policy).encode('utf-8'))" "try:\n fd.write(msg.as_bytes(policy=output_policy))\n except UnicodeEncodeError:\n fd.write(msg.as_string(policy=output_policy).encode('utf-8'))",
) )
with open(maildir_path, "w") as f: with open(maildir_path, "w") as f:
f.write(maildir) f.write(maildir)
imap_path = "/usr/lib/python3.12/site-packages/offlineimap/folder/IMAP.py" # ---------------------------------------------------------------
# 2. IMAP.py — add a helper and replace msg.as_bytes(policy=...) calls
# with the helper that falls back on UnicodeEncodeError
# ---------------------------------------------------------------
imap_path = glob.glob(
"/usr/lib/python%d.%d/site-packages/offlineimap/folder/IMAP.py"
% (sys.version_info.major, sys.version_info.minor)
)[0]
with open(imap_path, "r") as f: with open(imap_path, "r") as f:
imap_py = f.read() imap_py = f.read()
@@ -21,6 +57,40 @@ def get_msg_bytes(msg, policy):
except UnicodeEncodeError: except UnicodeEncodeError:
return msg.as_string(policy=policy).encode('utf-8') return msg.as_string(policy=policy).encode('utf-8')
""" """
imap_py = imap_patch + imap_py.replace("msg.as_bytes(policy=output_policy)", "get_msg_bytes(msg, output_policy)") imap_py = imap_patch + imap_py.replace(
"msg.as_bytes(policy=output_policy)", "get_msg_bytes(msg, output_policy)"
)
with open(imap_path, "w") as f: with open(imap_path, "w") as f:
f.write(imap_py) f.write(imap_py)
# ---------------------------------------------------------------
# 3. imaplib2.py — force SECLEVEL=1 to allow weak DH keys
# (moved here from a sed one-liner in the Dockerfile)
# ---------------------------------------------------------------
imaplib2_paths = glob.glob(
"/usr/lib/python%d.%d/site-packages/imaplib2/imaplib2.py"
% (sys.version_info.major, sys.version_info.minor)
)
if imaplib2_paths:
imaplib2_path = imaplib2_paths[0]
with open(imaplib2_path, "r") as f:
imaplib2_py = f.read()
old = "ctx = ssl.SSLContext(ssl_version)"
new = (
'ctx = ssl.SSLContext(ssl_version)\n'
' ctx.set_ciphers("DEFAULT:@SECLEVEL=1")'
)
if old in imaplib2_py:
imaplib2_py = imaplib2_py.replace(old, new)
with open(imaplib2_path, "w") as f:
f.write(imaplib2_py)
print("Patched imaplib2 SECLEVEL=1")
else:
print("imaplib2 already patched or pattern not found — skipping")
else:
print("imaplib2 not found — skipping SECLEVEL patch")