From 86a0e103745b00448278adace7d53d472b68a72c Mon Sep 17 00:00:00 2001
From: Samuel Clay <samuel@ofbrooklyn.com>
Date: Tue, 25 Feb 2025 17:31:37 -0800
Subject: [PATCH] Handling ubuntu + darwin

---
 Makefile                              | 17 ++++++++++++++---
 ansible/inventories/hetzner.yml       |  4 ++--
 docker-compose.yml                    |  4 ++--
 docker/newsblur_base_image.Dockerfile | 24 +++++++++++++++---------
 4 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/Makefile b/Makefile
index d57586094..f6324ccc5 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,9 @@
 SHELL := /bin/bash
 CURRENT_UID := $(shell id -u)
 CURRENT_GID := $(shell id -g)
-newsblur := $(shell gtimeout 2s docker ps -qf "name=newsblur_web")
+# Use timeout on Linux and gtimeout on macOS
+TIMEOUT_CMD := $(shell command -v gtimeout || command -v timeout)
+newsblur := $(shell $(TIMEOUT_CMD) 2s docker ps -qf "name=newsblur_web")
 
 .PHONY: node
 
@@ -85,14 +87,23 @@ test:
 	RUNWITHMAKEBUILD=True CURRENT_UID=${CURRENT_UID} CURRENT_GID=${CURRENT_GID} docker compose exec newsblur_web bash -c "NOSE_EXCLUDE_DIRS=./vendor DJANGO_SETTINGS_MODULE=newsblur_web.test_settings python3 manage.py test -v 3 --failfast"
 
 keys:
-	mkdir config/certificates
+	mkdir -p config/certificates
 	openssl dhparam -out config/certificates/dhparam-2048.pem 2048
 	openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout config/certificates/RootCA.key -out config/certificates/RootCA.pem -subj "/C=US/CN=Example-Root-CA"
 	openssl x509 -outform pem -in config/certificates/RootCA.pem -out config/certificates/RootCA.crt
 	openssl req -new -nodes -newkey rsa:2048 -keyout config/certificates/localhost.key -out config/certificates/localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost"
 	openssl x509 -req -sha256 -days 1024 -in config/certificates/localhost.csr -CA config/certificates/RootCA.pem -CAkey config/certificates/RootCA.key -CAcreateserial -out config/certificates/localhost.crt
 	cat config/certificates/localhost.crt config/certificates/localhost.key > config/certificates/localhost.pem
-	sudo /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./config/certificates/RootCA.crt
+	@if [ "$$(uname)" = "Darwin" ]; then \
+		sudo /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./config/certificates/RootCA.crt; \
+	elif [ "$$(uname)" = "Linux" ]; then \
+		echo "Installing certificate for Linux..."; \
+		sudo cp ./config/certificates/RootCA.crt /usr/local/share/ca-certificates/newsblur-rootca.crt || true; \
+		sudo update-ca-certificates || true; \
+		echo "Certificate installation attempted. If this fails, you may need to manually trust the certificate."; \
+	else \
+		echo "Unknown OS. Please manually trust the certificate at ./config/certificates/RootCA.crt"; \
+	fi
 
 # Doesn't work yet
 mkcert:
diff --git a/ansible/inventories/hetzner.yml b/ansible/inventories/hetzner.yml
index fc088b80f..823faa530 100644
--- a/ansible/inventories/hetzner.yml
+++ b/ansible/inventories/hetzner.yml
@@ -6,9 +6,9 @@ groups:
 
   haproxy: inventory_hostname.startswith('hwww')
 
-  app: inventory_hostname.startswith('happ')
+  app: inventory_hostname.startswith('happ') or inventory_hostname.startswith('repo-test')
   happ: inventory_hostname.startswith('happ')
-  web: inventory_hostname.startswith('happ')
+  web: inventory_hostname.startswith('happ') or inventory_hostname.startswith('repo-test')
   hweb: inventory_hostname.startswith('happ')
   django: inventory_hostname.startswith('happ-web')
   hdjango: inventory_hostname.startswith('happ-web')
diff --git a/docker-compose.yml b/docker-compose.yml
index fbd9d9130..0de095181 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,7 +4,7 @@ services:
     container_name: newsblur_web
     image: newsblur/newsblur_${NEWSBLUR_BASE:-python3}:latest
     build:
-      context: /srv/newsblur
+      context: .
       dockerfile: docker/newsblur_base_image.Dockerfile
     # user: "${CURRENT_UID}:${CURRENT_GID}"
     environment:
@@ -125,7 +125,7 @@ services:
 
   db_elasticsearch:
     container_name: db_elasticsearch
-    image: docker.elastic.co/elasticsearch/elasticsearch:8.17.0-arm64
+    image: docker.elastic.co/elasticsearch/elasticsearch:8.17.0
     mem_limit: 4g
     restart: unless-stopped
     environment:
diff --git a/docker/newsblur_base_image.Dockerfile b/docker/newsblur_base_image.Dockerfile
index b37206adc..9675173e9 100644
--- a/docker/newsblur_base_image.Dockerfile
+++ b/docker/newsblur_base_image.Dockerfile
@@ -4,7 +4,7 @@ ENV       PYTHONPATH=/srv/newsblur
 RUN       set -ex \
           && rundDeps=' \
                   libpq5 \
-                  libjpeg62 \
+                  libjpeg62-turbo \
                   libxslt1.1 \
                             ' \
           && buildDeps=' \
@@ -15,19 +15,25 @@ RUN       set -ex \
                     libjpeg-dev \
                     libpq-dev \
                     libev-dev \
-                    libreadline6-dev \
+                    libreadline-dev \
                     liblapack-dev \
                     libxml2-dev \
                     libxslt1-dev \
-                    ncurses-dev \
+                    libncurses-dev \
                     zlib1g-dev \
                     ' \
-            && apt-get update \
-            && apt-get install -y $rundDeps $buildDeps --no-install-recommends \
-            && apt-get install -y wget \
-            && wget https://github.com/lexiforest/curl-impersonate/releases/download/v0.9.3/curl-impersonate-v0.9.3.aarch64-linux-gnu.tar.gz \
-            && tar -xzf curl-impersonate-v0.9.3.aarch64-linux-gnu.tar.gz -C /usr/local/bin/ \
-            && rm curl-impersonate-v0.9.3.aarch64-linux-gnu.tar.gz \
+            && apt-get update || (echo "Retrying apt-get update with different DNS" && echo "nameserver 8.8.8.8" > /etc/resolv.conf && apt-get update) \
+            && apt-get install -y $rundDeps $buildDeps --no-install-recommends || (echo "Retrying apt-get install with different package names" && apt-get install -y libpq5 libjpeg62-turbo libxslt1.1 patch gfortran libblas-dev libffi-dev libjpeg-dev libpq-dev libev-dev libreadline-dev liblapack-dev libxml2-dev libxslt1-dev libncurses-dev zlib1g-dev --no-install-recommends) \
+            && apt-get install -y wget curl ca-certificates \
+            && ARCH=$(uname -m) \
+            && if [ "$ARCH" = "aarch64" ] || [ "$ARCH" = "arm64" ]; then \
+                  CURL_IMPERSONATE_URL="https://github.com/lexiforest/curl-impersonate/releases/download/v0.9.3/curl-impersonate-v0.9.3.aarch64-linux-gnu.tar.gz"; \
+               else \
+                  CURL_IMPERSONATE_URL="https://github.com/lexiforest/curl-impersonate/releases/download/v0.9.3/curl-impersonate-v0.9.3.x86_64-linux-gnu.tar.gz"; \
+               fi \
+            && wget $CURL_IMPERSONATE_URL \
+            && tar -xzf curl-impersonate-*.tar.gz -C /usr/local/bin/ \
+            && rm curl-impersonate-*.tar.gz \
             && chmod +x /usr/local/bin/curl-impersonate-chrome
 COPY      config/requirements.txt /srv/newsblur/