return proper home dir from userdb

.gitea/workflows/container.yaml

@@ -0,0 +1,12 @@
+name: Build Multiarch Container Image
+on: [push]
+jobs:
+  call-reusable-workflow:
+    uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main
+    with:
+      repository: ${{ gitea.repository }}
+      ref_name: ${{ gitea.ref_name }}
+      sha: ${{ gitea.sha }}
+      registry_url: ${{ secrets.REGISTRY_URL }}
+      registry_user: ${{ secrets.REGISTRY_USER }}
+      registry_pw: ${{ secrets.REGISTRY_PW }}

.woodpecker.yml

@@ -1,11 +0,0 @@
-pipeline:
-  publish-docker-image:
-    image: plugins/kaniko
-    settings:
-      repo: docker.io/thallian/dovecot
-      tags: latest,${CI_COMMIT_SHA:0:8},${CI_COMMIT_TAG=pre}
-      dockerfile: Dockerfile
-      username:
-        from_secret: DOCKER_USER
-      password:
-        from_secret: DOCKER_PW

Containerfile

@@ -1,62 +1,62 @@
-FROM docker.io/alpine:3.16 as builder
+FROM docker.io/alpine:3.19 as builder
 
 RUN apk --no-cache add \
-    rpcgen \
+  rpcgen \
-    g++ \
+  g++ \
-    make \
+  make \
-    openssl \
+  openssl \
-    openssl-dev \
+  openssl-dev \
-    lua-dev \
+  lua5.1-dev \
-    libsodium-dev \
+  libsodium-dev \
-    linux-pam-dev \
+  linux-pam-dev \
-    zlib-dev \
+  zlib-dev \
-    bzip2-dev \
+  bzip2-dev \
-    xz-dev \
+  xz-dev \
-    lz4-dev \
+  lz4-dev \
-    icu-dev \
+  icu-dev \
-    inotify-tools-dev
+  inotify-tools-dev
 
-ENV SHA256_SUM_DOVECOT=db5abcd87d7309659ea6b45b2cb6ee9c5f97486b2b719a5dd05a759e1f6a5c51
+ENV SHA256_SUM_DOVECOT=05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d
-ENV DOVECOT_FILENAME=dovecot-2.3.19.1.tar.gz
+ENV DOVECOT_FILENAME=dovecot-2.3.21.tar.gz
 RUN wget https://www.dovecot.org/releases/2.3/$DOVECOT_FILENAME
 RUN echo "$SHA256_SUM_DOVECOT  $DOVECOT_FILENAME" | sha256sum -c - || exit 1
 RUN mkdir /tmp/dovecot
 RUN tar xzf $DOVECOT_FILENAME -C /tmp/dovecot --strip 1
 
-ENV SHA256_SUM_PIGEONHOLE=637709a83fb1338c918e5398049f96b7aeb5ae00696794ed1e5a4d4c0ca3f688
+ENV SHA256_SUM_PIGEONHOLE=1ca71d2659076712058a72030288f150b2b076b0306453471c5261498d3ded27
-ENV PIGEONHOLE_FILENAME=dovecot-2.3-pigeonhole-0.5.19.tar.gz
+ENV PIGEONHOLE_FILENAME=dovecot-2.3-pigeonhole-0.5.21.tar.gz
 RUN wget https://pigeonhole.dovecot.org/releases/2.3/$PIGEONHOLE_FILENAME
 RUN echo "$SHA256_SUM_PIGEONHOLE  $PIGEONHOLE_FILENAME" | sha256sum -c - || exit 1
 RUN mkdir /tmp/pigeonhole
 RUN tar xzf $PIGEONHOLE_FILENAME -C /tmp/pigeonhole --strip 1
 
 RUN cd /tmp/dovecot && \
-    ./configure --prefix '' \
+  ./configure --prefix '' \
-    --with-notify=inotify \
+  --with-notify=inotify \
-    --with-lua \
+  --with-lua \
-    --with-zlib \
+  --with-zlib \
-    --with-bzlib \
+  --with-bzlib \
-    --with-pam \
+  --with-pam \
-    --with-ssl=openssl \
+  --with-ssl=openssl \
-    --with-sodium \
+  --with-sodium \
-    --without-sql \
+  --without-sql \
-    --with-lzma \
+  --with-lzma \
-    --with-lz4 \
+  --with-lz4 \
-    --with-icu \
+  --with-icu \
-    --without-shadow \
+  --without-shadow \
-    --with-ssldir=/etc/ssl/mail \
+  --with-ssldir=/etc/ssl/mail \
-    --with-rundir=/run/dovecot \
+  --with-rundir=/run/dovecot \
-    --disable-static && \
+  --disable-static && \
-    make && \
+  make && \
-    make install
+  make install
 
 RUN cd /tmp/pigeonhole && \
-    ./configure --prefix '' \
+  ./configure --prefix '' \
-    --with-dovecot=/lib/dovecot \
+  --with-dovecot=/lib/dovecot \
-    --disable-static && \
+  --disable-static && \
-    make && make install
+  make && make install
 
-FROM docker.io/thallian/confd-env:3.16
+FROM docker.io/thallian/confd-env:3.19-3.1.6.2
 
 COPY --from=builder /lib/dovecot/ /lib/dovecot/
 COPY --from=builder /libexec/dovecot/ /libexec/dovecot/
@@ -67,20 +67,21 @@ COPY --from=builder /sbin/dovecot /sbin/dovecot
 COPY --from=builder /bin/sieve* /bin/
 
 RUN apk --no-cache add \
-    libsodium \
+  libsodium \
-    libbz2 \
+  libbz2 \
-    zlib \
+  zlib \
-    xz-libs \
+  xz-libs \
-    lz4-libs \
+  lz4-libs \
-    lz4 \
+  lz4 \
-    linux-pam \
+  linux-pam \
-    openssl \
+  openssl \
-    ssmtp \
+  ssmtp \
-    ca-certificates \
+  ca-certificates \
-    lua \
+  lua5.1-libs \
-    lua-rapidjson \
+  lua5.1-rapidjson \
-    curl \
+  curl \
-    inotify-tools
+  inotify-tools \
+  libssl3
 
 RUN addgroup -g 150 dovecot
 RUN adduser -u 140 -h /dev/null -H -s /sbin/nologin -D -G dovecot dovecot

rootfs/etc/confd/templates/10-master.conf.tmpl

@@ -21,3 +21,16 @@ service auth {
 
 service auth-worker {
 }
+
+service anvil {
+  chroot = 
+}
+service imap-login {
+  chroot = 
+}
+service pop3-login {
+  chroot = 
+}
+service ipc {
+  chroot =
+}

rootfs/etc/confd/templates/dovecot.conf.tmpl

@@ -1,4 +1,4 @@
 protocols = imap lmtp sieve
-listen = *
+listen = *, ::
 !include conf.d/*.conf
 !include_try local.conf

rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl

@@ -36,7 +36,7 @@ function auth_userdb_lookup(req)
 	end
 
 	if userJson[1].username == req.username then
-		return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/%n"
+		return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/" .. req.username
 	end
 
 	return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"