Skip to content

Update Privoxy base image to v4.0.0 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Tardo merged 10 commits into from
Jul 19, 2025
Merged

Update Privoxy base image to v4.0.0 #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
76e0efd
chore(config): update Privoxy main config for version 4.0.0 compatibi…
dosAnjosGustavo Jun 22, 2025
00c41d7
fix(privman): improve certificate generation for Privoxy 4.x
dosAnjosGustavo Jun 22, 2025
1ea766e
fix(entrypoint): ensure default config population and script compatib…
dosAnjosGustavo Jun 22, 2025
09264f2
chore: update Python dependencies and environment files
dosAnjosGustavo Jun 22, 2025
3f1c496
feat: upgrade Privoxy to 4.0.0 and update build/test workflows
dosAnjosGustavo Jun 22, 2025
652e1f3
ci: use Python 3.13 in GitHub Actions to satisfy Poetry requirement
dosAnjosGustavo Jun 22, 2025
bc9fdcf
ci: expand Python matrix from 3.12 to 3.9
dosAnjosGustavo Jun 22, 2025
219fd8b
ci: pin GitHub Actions Python to 3.12
dosAnjosGustavo Jun 22, 2025
2433b2c
chore: add requests dependency for test suite
dosAnjosGustavo Jun 22, 2025
c9f49ba
Merge pull request #2 from dosAnjosGustavo/update-privoxy-4.0.0
dosAnjosGustavo Jun 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/docker_auto.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Automatic build on release and push to Docker Hub
on:
schedule:
- cron: '0 0 * * SUN'
- cron: "0 0 * * SUN"
push:
tags:
- "[0-9]+.[0-9]+.[0-9]+"
Expand All @@ -11,13 +11,13 @@ jobs:
uses: ./.github/workflows/test.yml
main:
runs-on: ubuntu-latest
needs:
needs:
- tests
env:
DOCKER_PLATFORMS: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/386
DOCKER_IMAGE: ghtardo/docker-privoxy-https
LASTEST_VERSION: "3.0.34-2"
PRIVOXY_VERSION: "3.0.34"
LASTEST_VERSION: "4.0.0"
PRIVOXY_VERSION: "4.0.0"
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
Expand Down Expand Up @@ -108,4 +108,4 @@ jobs:
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
7 changes: 4 additions & 3 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ jobs:
privoxy:
strategy:
matrix:
privoxy_version: [3.0.34]
privoxy_version: [4.0.0]
python-version: [3.12]
fail-fast: false
runs-on: ubuntu-latest

Expand All @@ -34,7 +35,7 @@ jobs:
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.11"
python-version: 3.12

- name: Install poetry
uses: abatilo/actions-poetry@v2
Expand All @@ -47,4 +48,4 @@ jobs:
poetry install

- name: Run pytest
run: poetry run pytest --privoxy-version ${{ matrix.privoxy_version }} --no-cache -v
run: poetry run pytest --privoxy-version ${{ matrix.privoxy_version }} --no-cache -v
4 changes: 3 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
__pycache__/
tests/privoxy-ca-bundle.crt
tests/privoxy-ca-bundle.crt
/.pytest_cache
/.venv
50 changes: 35 additions & 15 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ RUN set -ex; \
mkdir /var/lib/privoxy/; \
chown privoxy:privoxy /var/lib/privoxy/;

ARG PRIVOXY_VERSION=3.0.34
ARG PRIVOXY_VERSION=4.0.0

# Build Privoxy
RUN set -eux; \
Expand All @@ -26,7 +26,7 @@ RUN set -eux; \
apk add --no-cache --virtual build-deps \
libc-dev \
zlib-dev \
pcre-dev \
pcre2-dev \
openssl-dev \
brotli-dev; \
mkdir -p /usr/local/src/privoxy-${PRIVOXY_VERSION}-stable; \
Expand All @@ -40,15 +40,19 @@ RUN set -eux; \
make -s install USER=privoxy GROUP=privoxy; \
chown -R privoxy:privoxy /usr/local/etc/privoxy/; \
rm -rf /var/lib/privoxy/privoxy-src.tar.gz /usr/local/src/privoxy-${PRIVOXY_VERSION}-stable; \
apk del build-tools;
apk del build-tools build-deps;

# Add system tools
RUN apk add --no-cache --virtual sys-tools \
openssl \
python3 \
supervisor \
bash \
sed;
RUN set -eux; \
apk add --no-cache --virtual runtime-deps \
openssl \
python3 \
pcre2 \
brotli \
supervisor \
bash \
sed \
net-tools;

# Enable Privoxy HTTPS inspection
RUN set -ex; \
Expand All @@ -60,22 +64,38 @@ COPY data/rules/ /usr/local/etc/privoxy/privman-rules/
COPY data/supervisord.conf /usr/local/etc/privoxy/
COPY data/config /usr/local/etc/privoxy/
COPY data/privoxy-blocklist.conf /var/lib/privoxy/
COPY bin/privman.py /var/lib/privoxy/
COPY bin/privoxy-blocklist.sh /var/lib/privoxy/
RUN set -eux; \
sed -i 's/\r$//' /var/lib/privoxy/privoxy-blocklist.conf
COPY bin/privman.py /var/lib/privoxy/privman.py
COPY bin/privoxy-blocklist.sh /var/lib/privoxy/privoxy-blocklist.sh
RUN set -eux; \
# Remove CRLF (dos2unix) and ensure LF-only
sed -i 's/\r$//' /var/lib/privoxy/privoxy-blocklist.sh; \
# Make executable
chmod +x /var/lib/privoxy/privoxy-blocklist.sh; \
# (Re)create the symlink
ln -sf /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/privoxy-blocklist
COPY docker-entrypoint.sh /usr/local/bin/
RUN sed -i 's/\r$//' /usr/local/bin/docker-entrypoint.sh \
&& chmod +x /usr/local/bin/docker-entrypoint.sh

# Set the correct permissions
RUN set -ex; \
sed -i 's/\r$//' /var/lib/privoxy/privman.py /var/lib/privoxy/privoxy-blocklist.sh; \
head -1 /var/lib/privoxy/privman.py | grep -q '^#!' || \
sed -i '1i #!/usr/bin/env python3' /var/lib/privoxy/privman.py; \
mkdir -p /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules; \
chown -R privoxy:privoxy /usr/local/etc/privoxy/config /usr/local/etc/privoxy/CA /usr/local/etc/privoxy/certs /usr/local/etc/privoxy/privman-rules /var/lib/privoxy/privoxy-blocklist.conf; \
chmod a+x /var/lib/privoxy/privman.py /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/docker-entrypoint.sh; \
ln -s /var/lib/privoxy/privman.py /usr/local/bin/privman; \
ln -s /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/privoxy-blocklist;
chmod +x /var/lib/privoxy/privman.py; \
ln -sf /var/lib/privoxy/privman.py /usr/local/bin/privman; \
ln -sf /var/lib/privoxy/privoxy-blocklist.sh /usr/local/bin/privoxy-blocklist;

ENV ADBLOCK_URLS="" \
ADBLOCK_FILTERS=""

ENTRYPOINT ["docker-entrypoint.sh"]
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]

RUN cp -a /usr/local/etc/privoxy /opt/privoxy-default

VOLUME /usr/local/etc/privoxy
EXPOSE 8118/tcp
Expand Down
9 changes: 8 additions & 1 deletion bin/privman.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,14 @@ def generate_crt_bundle(subj, forced=False):
ca_key_file = os.path.join(BASEDIR_CA, 'cakey.pem')
if not os.path.isfile(ca_bundle_file) or forced:
os.system(f"openssl ecparam -out {ca_key_file} -name secp384r1 -genkey")
os.system(f'openssl req -new -x509 -key {ca_key_file} -sha384 -days 3650 -out {ca_bundle_file} -extensions v3_ca -subj "{subj}"')
os.system(
f'openssl req -new -x509 '
f'-key {ca_key_file} -sha384 -days 3650 '
f'-out {ca_bundle_file} '
f'-subj "{subj}" '
f'-addext "basicConstraints=critical,CA:TRUE" '
f'-addext "keyUsage=critical,keyCertSign,cRLSign"'
Comment on lines +40 to +45
Copy link
Owner

@Tardo Tardo Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ensure good interoperability

Suggested change
f'openssl req -new -x509 '
f'-key {ca_key_file} -sha384 -days 3650 '
f'-out {ca_bundle_file} '
f'-subj "{subj}" '
f'-addext "basicConstraints=critical,CA:TRUE" '
f'-addext "keyUsage=critical,keyCertSign,cRLSign"'
'openssl req -new -x509 '
f'-key {ca_key_file} -sha384 -days 3650 '
f'-out {ca_bundle_file} '
f'-subj "{subj}" '
'-addext "basicConstraints=critical,CA:TRUE" '
'-addext "keyUsage=critical,keyCertSign,cRLSign" '
'-addext "subjectKeyIdentifier=hash"'

)
print_log("CRT Bundle", f"Generated successfully in '{ca_bundle_file}'")
else:
print_log("CRT Bundle", "Nothing to do. The file already exists.")
Expand Down
4 changes: 2 additions & 2 deletions data/config
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Sample Configuration File for Privoxy 3.0.34
# Sample Configuration File for Privoxy 4.0.0
#
# Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
#
Expand Down Expand Up @@ -791,7 +791,7 @@ logfile logfile
#
# listen-address [::1]:8118
#
listen-address :8118
listen-address 0.0.0.0:8118
#
# 4.2. toggle
# ============
Expand Down
7 changes: 7 additions & 0 deletions docker-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,11 @@
#!/bin/sh
set -e
privman --init


if [ ! -e /usr/local/etc/privoxy/config ] || [ -z "$(ls -A /usr/local/etc/privoxy)" ]; then
echo "[entrypoint] void config, populating defaults..."
cp -a /opt/privoxy-default/* /usr/local/etc/privoxy/
fi
Comment on lines +6 to +9
Copy link
Owner

@Tardo Tardo Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be documented in the README and warn that changing the configuration may break compatibility with the “privman” script (if not preserving the filterfile and actionsfile options).


exec "$@"
Loading