Update stable to 10.19.2p (#169)

Co-authored-by: github-actions <[email protected]>
gnzsnz · Sep 18, 2024 · df7dc62 · df7dc62
1 parent 390ccd9
commit df7dc62
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -17,11 +17,11 @@ It includes:
 - [x11vnc](https://wiki.archlinux.org/title/x11vnc) - a VNC server to interact
   with the IB Gateway user interface (optional, for development / maintenance purpose).
 - xrdp/xfce enviroment for TWS. Build on top of [linuxserver/rdesktop](https://github.com/linuxserver/docker-rdesktop/).
-- [socat](https://manpages.ubuntu.com/manpages/jammy/en/man1/socat.1.html) a
+- [socat](https://manpages.ubuntu.com/manpages/noble/en/man1/socat.1.html) a
   tool to accept TCP connection from non-localhost and relay it to IB Gateway
   from localhost (IB Gateway restricts connections to container's 127.0.0.1 by
   default).
-- Optional remote [SSH tunnel](https://manpages.ubuntu.com/manpages/jammy/en/man1/ssh.1.html)
+- Optional remote [SSH tunnel](https://manpages.ubuntu.com/manpages/noble/en/man1/ssh.1.html)
   to provide secure connections for both IB Gateway and VNC. Only available for
   `10.19.2g-stable` and `10.25.1o-latest` or greater.
 - Support parallel execution of `live` and `paper` trading mode.
@@ -36,9 +36,9 @@ Images are provided for [IB gateway][1] and [TWS][2]. With the following tags:
 | Image| Channel  | IB Gateway Version  | IBC Version      | Docker Tags                                    |
 | --- | -------- | ------------------- | ---------------- | ---------------------------------------------- |
 | [ib-gateway][1] | `latest` | `10.31.1i` | `3.20.0` | `latest` `10.31` `10.31.1i` |
-| [ib-gateway][1] |`stable` | `10.19.2o` | `3.20.0` | `stable` `10.19` `10.19.2o` |
+| [ib-gateway][1] |`stable` | `10.19.2p` | `3.20.0` | `stable` `10.19` `10.19.2p` |
 | [tws-rdesktop][2] | `latest` | `10.31.1i` | `3.20.0` | `latest` `10.31` `10.31.1i` |
-| [tws-rdesktop][2] |`stable` | `10.19.2o` | `3.20.0` | `stable` `10.19` `10.19.2o` |
+| [tws-rdesktop][2] |`stable` | `10.19.2p` | `3.20.0` | `stable` `10.19` `10.19.2p` |
 
 All tags are available in the container repository for [ib-gateway][1] and [tws-rdesktop][2]. IB Gateway and TWS share the same version numbers and tags.
 
@@ -76,6 +76,7 @@ services:
       SAVE_TWS_SETTINGS: ${SAVE_TWS_SETTINGS:-}
       RELOGIN_AFTER_TWOFA_TIMEOUT: ${RELOGIN_AFTER_TWOFA_TIMEOUT:-no}
       TWOFA_EXIT_INTERVAL: ${TWOFA_EXIT_INTERVAL:-60}
+      TWOFA_DEVICE: ${TWOFA_DEVICE:-}
       EXISTING_SESSION_DETECTED_ACTION: ${EXISTING_SESSION_DETECTED_ACTION:-primary}
       ALLOW_BLIND_TRADING: ${ALLOW_BLIND_TRADING:-no}
       TIME_ZONE: ${TIME_ZONE:-Etc/UTC}
@@ -118,6 +119,7 @@ All environment variables are common between ibgateway and TWS image, unless spe
 | `VNC_SERVER_PASSWORD`  | VNC server password. If not defined, then VNC server will NOT start. Specific to ibgateway, ignored by TWS. | **not defined** (VNC disabled) |
 | `VNC_SERVER_PASSWORD_FILE`  | VNC server password. If not defined, then VNC server will NOT start. Specific to ibgateway, ignored by TWS. | **not defined** (VNC disabled) |
 | `TWOFA_TIMEOUT_ACTION`      | 'exit' or 'restart', set to 'restart if you set `AUTO_RESTART_TIME`. See IBC [documentation](https://github.com/IbcAlpha/IBC/blob/master/userguide.md#second-factor-authentication)  | exit  |
+| `TWOFA_DEVICE` | second factor authentication device. See IBC [documentation](https://github.com/IbcAlpha/IBC/blob/c98d0bcc2ead9b8ab3900a23a707f01f8fd7dfbc/resources/config.ini#L104) | **not defined** |
 | `BYPASS_WARNING` | Settings relate to the corresponding 'Precautions' checkboxes in the API section of the Global Configuration dialog. Accepted values `yes`, `no` if not set, the existing TWS/Gateway configuration is unchanged  | **not defined**                                      |
 | `AUTO_RESTART_TIME`  | time to restart IB Gateway, does not require daily 2FA validation. format hh:mm AM/PM. See IBC [documentation](https://github.com/IbcAlpha/IBC/blob/master/userguide.md#ibc-user-guide) | **not defined**  |
 | `AUTO_LOGOFF_TIME` | Auto-Logoff: at a specified time, TWS shuts down tidily, without restarting   | **not defined**   |
@@ -132,9 +134,9 @@ All environment variables are common between ibgateway and TWS image, unless spe
 | `CUSTOM_CONFIG` | If set to `yes`, then `run.sh` will not generate config files using env variables. You should mount config files. Use with care and only if you know what you are doing. | NO |
 | `JAVA_HEAP_SIZE` | Set Java heap, default 768MB, TWS might need more. Proposed value 1024. Enter just the number, don't enter units, ex mb. See [Increase Memory Size for TWS](https://ibkrguides.com/tws/usersguidebook/priceriskanalytics/custommemory.htm) | **not defined**  |
 | `SSH_TUNNEL` | If set to `yes` then `socat` won't start, instead a remote ssh tunnel is started. if set to `both` then `socat` AND remote ssh tunnel are started. SSH keys should be provided to container through ~/.ssh volume.  | **not defined**                                      |
-| `SSH_OPTIONS` | additional options for [ssh](https://manpages.ubuntu.com/manpages/jammy/en/man1/ssh.1.html) client | **not defined** |
-| `SSH_ALIVE_INTERVAL`   | [ssh](https://manpages.ubuntu.com/manpages/jammy/en/man1/ssh.1.html) `ServerAliveInterval` setting. Don't set it in `SSH_OPTIONS` as this behavior is undefined. | 20   |
-| `SSH_ALIVE_COUNT`  | [ssh](https://manpages.ubuntu.com/manpages/jammy/en/man1/ssh.1.html) `ServerAliveCountMax` setting. Don't set it in `SSH_OPTIONS` as this behavior is undefined. | **not defined** |
+| `SSH_OPTIONS` | additional options for [ssh](https://manpages.ubuntu.com/manpages/noble/en/man1/ssh.1.html) client | **not defined** |
+| `SSH_ALIVE_INTERVAL`   | [ssh](https://manpages.ubuntu.com/manpages/noble/en/man1/ssh.1.html) `ServerAliveInterval` setting. Don't set it in `SSH_OPTIONS` as this behavior is undefined. | 20   |
+| `SSH_ALIVE_COUNT`  | [ssh](https://manpages.ubuntu.com/manpages/noble/en/man1/ssh.1.html) `ServerAliveCountMax` setting. Don't set it in `SSH_OPTIONS` as this behavior is undefined. | **not defined** |
 | `SSH_PASSPHRASE`   | passphrase for ssh keys. If set the container will start ssh-agent and add ssh keys   | **not defined**   |
 | `SSH_PASSPHRASE_FILE`   | file containing passphrase for ssh keys. If set the container will start ssh-agent and add ssh keys   | **not defined**   |
 | `SSH_REMOTE_PORT`   | Remote port for ssh tunnel. If `TRADING_MODE=both` then `SSH_REMOTE_PORT` is set to paper port `4002/7498`  | Same port than IB gateway `4001/4002` or `7497/7498` |
@@ -162,6 +164,7 @@ TRADING_MODE=paper
 READ_ONLY_API=no
 VNC_SERVER_PASSWORD=myVncPassword
 TWOFA_TIMEOUT_ACTION=restart
+TWOFA_DEVICE=
 BYPASS_WARNING=
 AUTO_RESTART_TIME=11:59 PM
 AUTO_LOGOFF_TIME=
@@ -209,7 +212,7 @@ TWS image uses the following ports
 | 7499 | TWS API port for paper accounts. Through socat, internal TWS API port 7497. Mapped **externally** to 7497 in sample `tws-docker-compose.yml`. |
 | 3389 | Port for RDP server. Mapped **externally** to 3370 in sample `tws-docker-compose.yml`.  |
 
-Utility [socat](https://manpages.ubuntu.com/manpages/jammy/en/man1/socat.1.html) is used to publish TWS API port from container's `127.0.0.1:4001/4002` to container's `0.0.0.0:4003/4004`, the sample `docker-file.yml` maps ports to the host back to `4001/4002`. This way any application can use the "standard" IB Gateway ports. For TWS `127.0.0.1:7496/7497` to container's `0.0.0.0:7498/7499`, and `tws-docker-file.yml` will map ports to host back to `7496/7497`.
+Utility [socat](https://manpages.ubuntu.com/manpages/noble/en/man1/socat.1.html) is used to publish TWS API port from container's `127.0.0.1:4001/4002` to container's `0.0.0.0:4003/4004`, the sample `docker-file.yml` maps ports to the host back to `4001/4002`. This way any application can use the "standard" IB Gateway ports. For TWS `127.0.0.1:7496/7497` to container's `0.0.0.0:7498/7499`, and `tws-docker-file.yml` will map ports to host back to `7496/7497`.
 
 Note that with the above `docker-compose.yml`, ports are only exposed to the docker host (127.0.0.1), but not to the host network. To expose it to the host network change the port mappings on accordingly (remove the '127.0.0.1:'). **Attention**: See [Leaving localhost](#leaving-localhost)
 
@@ -350,7 +353,7 @@ Suitable for testing. It does not expose API port to host network, host must be
 
 You can optionally setup an SSH tunnel to avoid exposing IB Gateway port. The
 container DOES NOT run an SSH server (sshd), what it does is to create a
-[remote tunnel](https://manpages.ubuntu.com/manpages/jammy/en/man1/ssh.1.html)
+[remote tunnel](https://manpages.ubuntu.com/manpages/noble/en/man1/ssh.1.html)
 using ssh client. So basically it will connect to an ssh server and expose IB
 Gateway port there.
 
@@ -435,7 +438,7 @@ Make sure that:
   StrictHostKeyChecking=no`, although this last option is **NOT recommended**
   for a production environment.
 - and please make sure that you are familiar with
-  [ssh tunnels](https://manpages.ubuntu.com/manpages/jammy/en/man1/ssh.1.html)
+  [ssh tunnels](https://manpages.ubuntu.com/manpages/noble/en/man1/ssh.1.html)
 
 ### Credentials
 

diff --git a/stable/Dockerfile b/stable/Dockerfile
@@ -6,11 +6,11 @@
 ##############################################################################
 
 # hadolint global ignore=DL3008
-FROM ubuntu:22.04 as setup
+FROM ubuntu:24.04 AS setup
 
-ENV IB_GATEWAY_VERSION=10.19.2o
+ENV IB_GATEWAY_VERSION=10.19.2p
 ENV IB_GATEWAY_RELEASE_CHANNEL=stable
-ENV IBC_VERSION=3.19.0
+ENV IBC_VERSION=3.20.0
 
 WORKDIR /tmp/setup
 
@@ -47,9 +47,9 @@ COPY ./scripts /root/scripts
 # Build Stage: build production image
 ##############################################################################
 
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 
-ENV IB_GATEWAY_VERSION=10.19.2o
+ENV IB_GATEWAY_VERSION=10.19.2p
 # IB Gateway user constants
 ARG USER_ID="${USER_ID:-1000}"
 ARG USER_GID="${USER_GID:-1000}"
@@ -75,6 +75,9 @@ RUN apt-get update -y && \
   gettext-base socat xvfb x11vnc sshpass openssh-client && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists/* && \
+  if id ubuntu; then \
+    userdel -rf ubuntu \
+  ;fi && \
   groupadd --gid ${USER_GID} ibgateway && \
   useradd -ms /bin/bash --uid ${USER_ID} --gid ${USER_GID} ibgateway && \
   chmod a+x ${SCRIPT_PATH}/*.sh

diff --git a/stable/Dockerfile.tws b/stable/Dockerfile.tws
@@ -7,8 +7,8 @@
 
 # hadolint global ignore=DL3008
 
-ARG IB_VERSION=10.19.2o
-FROM ghcr.io/gnzsnz/ib-gateway:${IB_VERSION} as setup
+ARG IB_VERSION=10.19.2p
+FROM ghcr.io/gnzsnz/ib-gateway:${IB_VERSION} AS setup
 
 WORKDIR /
 
@@ -18,9 +18,9 @@ WORKDIR /
 
 FROM lscr.io/linuxserver/rdesktop:ubuntu-xfce
 
-ENV IB_GATEWAY_VERSION=10.19.2o
+ENV IB_GATEWAY_VERSION=10.19.2p
 ENV IB_GATEWAY_RELEASE_CHANNEL=stable
-ENV IBC_VERSION=3.19.0
+ENV IBC_VERSION=3.20.0
 
 # IB Gateway user constants
 # IBC env vars

diff --git a/stable/config/ibc/config.ini.tmpl b/stable/config/ibc/config.ini.tmpl
@@ -112,7 +112,7 @@ FIXPassword=
 # in the list. If no value is set, you must manually select the
 # relevant list entry.
 
-SecondFactorDevice=
+SecondFactorDevice=${TWOFA_DEVICE}
 
 
 # If you use the IBKR Mobile app for second factor authentication,
@@ -326,7 +326,7 @@ MinimizeMainWindow=no
 #
 # The default is 'manual'.
 
-ExistingSessionDetectedAction=primary
+ExistingSessionDetectedAction=${EXISTING_SESSION_DETECTED_ACTION}
 
 
 # Override TWS API Port Number
@@ -714,7 +714,7 @@ AcceptIncomingConnectionAction=${TWS_ACCEPT_INCOMING}
 #   no    means the dialog remains on display and must be
 #         handled by the user.
 
-AllowBlindTrading=no
+AllowBlindTrading=${ALLOW_BLIND_TRADING}
 
 
 # Save Settings on a Schedule

diff --git a/stable/scripts/common.sh b/stable/scripts/common.sh
@@ -180,7 +180,7 @@ setup_ssh() {
 				echo ".> ssh-agent sock: ${SSH_AUTH_SOCK}"
 			fi
 
-			if ls /config/.ssh/id_* >/dev/null; then
+			if ls "${HOME}"/.ssh/id_* >/dev/null; then
 				echo ".> Adding keys to ssh-agent."
 				export SSH_ASKPASS_REQUIRE=never
 				SSHPASS="${SSH_PASSPHRASE}" sshpass -e -P "passphrase" ssh-add
@@ -213,7 +213,7 @@ start_ssh() {
 	echo ".> SSH_REMOTE_PORT set to :${SSH_REMOTE_PORT}"
 
 	# set vnc ssh tunnel
-	if [ "$GATEWAY_OR_TWS" = "gateway" ] && [ -n "$SSH_VNC_PORT" ] && [ -n "$VNC_SERVER_PASSWORD" ]; then
+	if [ "$GATEWAY_OR_TWS" = "gateway" ] && [ -n "$SSH_VNC_PORT" ] && pgrep x11vnc >/dev/null; then
 		# set ssh tunnel for vnc
 		SSH_SCREEN="-R 127.0.0.1:5900:localhost:$SSH_VNC_PORT"
 		echo ".> SSH_VNC_TUNNEL set to :${SSH_SCREEN}"

diff --git a/stable/scripts/run.sh b/stable/scripts/run.sh
@@ -15,7 +15,7 @@ stop_ibc() {
 	echo ".> 😘 Received SIGINT or SIGTERM. Shutting down IB Gateway."
 
 	#
-	if [ -n "$VNC_SERVER_PASSWORD" ]; then
+	if pgrep x11vnc >/dev/null; then
 		echo ".> Stopping x11vnc."
 		pkill x11vnc
 	fi

diff --git a/stable/scripts/run_socat.sh b/stable/scripts/run_socat.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -Eeo pipefail
+set -Eo pipefail
 
 LOCAL_PORT="$API_PORT"
 # shellcheck disable=SC2153

diff --git a/stable/scripts/run_ssh.sh b/stable/scripts/run_ssh.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -Eeo pipefail
+set -Eo pipefail
 
 _OPTIONS="$SSH_ALL_OPTIONS"
 _LOCAL_PORT="$API_PORT"