From dd48d1698cc868a93e70ac13a0b4feb70a0d6707 Mon Sep 17 00:00:00 2001 From: J0WI Date: Sat, 9 Jun 2018 01:21:13 +0200 Subject: [PATCH 1/5] Adjust gpg code to kill daemons, cutting down on race conditions --- 3.3/Dockerfile | 2 ++ 3.4/Dockerfile | 2 ++ Dockerfile.template | 2 ++ 3 files changed, 6 insertions(+) diff --git a/3.3/Dockerfile b/3.3/Dockerfile index 981122b7..ad61f588 100644 --- a/3.3/Dockerfile +++ b/3.3/Dockerfile @@ -16,6 +16,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true @@ -28,6 +29,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ + && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ && tini -h diff --git a/3.4/Dockerfile b/3.4/Dockerfile index bc8c25c3..208f50bd 100644 --- a/3.4/Dockerfile +++ b/3.4/Dockerfile @@ -16,6 +16,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true @@ -28,6 +29,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ + && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ && tini -h diff --git a/Dockerfile.template b/Dockerfile.template index 741937ea..10531359 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -16,6 +16,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true @@ -28,6 +29,7 @@ RUN set -x \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ + && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ && tini -h From f197708245d805e02d67a22a76431557653682a1 Mon Sep 17 00:00:00 2001 From: J0WI Date: Sat, 9 Jun 2018 16:08:35 +0200 Subject: [PATCH 2/5] Update Debain base to stretch --- 3.3/Dockerfile | 13 +++++++++++-- 3.4/Dockerfile | 13 +++++++++++-- Dockerfile.template | 13 +++++++++++-- 3 files changed, 33 insertions(+), 6 deletions(-) diff --git a/3.3/Dockerfile b/3.3/Dockerfile index ad61f588..a043523e 100644 --- a/3.3/Dockerfile +++ b/3.3/Dockerfile @@ -1,10 +1,12 @@ -FROM ruby:2.3-slim-jessie +FROM ruby:2.3-slim-stretch # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ + dirmngr \ + gnupg \ wget \ && rm -rf /var/lib/apt/lists/* @@ -58,6 +60,11 @@ RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_V RUN set -eux; \ \ + apt-mark auto \ + dirmngr \ + gnupg \ + wget \ + ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -65,9 +72,11 @@ RUN set -eux; \ gcc \ libmagickcore-dev \ libmagickwand-dev \ - libmysqlclient-dev \ + libmariadbclient-dev \ libpq-dev \ libsqlite3-dev \ +# TinyTDS 1.0.x requires openssl 1.0.x + libssl1.0-dev \ make \ patch \ ; \ diff --git a/3.4/Dockerfile b/3.4/Dockerfile index 208f50bd..06f4259d 100644 --- a/3.4/Dockerfile +++ b/3.4/Dockerfile @@ -1,10 +1,12 @@ -FROM ruby:2.4-slim-jessie +FROM ruby:2.4-slim-stretch # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ + dirmngr \ + gnupg \ wget \ && rm -rf /var/lib/apt/lists/* @@ -58,6 +60,11 @@ RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_V RUN set -eux; \ \ + apt-mark auto \ + dirmngr \ + gnupg \ + wget \ + ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -65,9 +72,11 @@ RUN set -eux; \ gcc \ libmagickcore-dev \ libmagickwand-dev \ - libmysqlclient-dev \ + libmariadbclient-dev \ libpq-dev \ libsqlite3-dev \ +# TinyTDS 1.0.x requires openssl 1.0.x + libssl1.0-dev \ make \ patch \ ; \ diff --git a/Dockerfile.template b/Dockerfile.template index 10531359..b00dab91 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -1,10 +1,12 @@ -FROM ruby:%%RUBY_VERSION%%-slim-jessie +FROM ruby:%%RUBY_VERSION%%-slim-stretch # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ + dirmngr \ + gnupg \ wget \ && rm -rf /var/lib/apt/lists/* @@ -58,6 +60,11 @@ RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_V RUN set -eux; \ \ + apt-mark auto \ + dirmngr \ + gnupg \ + wget \ + ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -65,9 +72,11 @@ RUN set -eux; \ gcc \ libmagickcore-dev \ libmagickwand-dev \ - libmysqlclient-dev \ + libmariadbclient-dev \ libpq-dev \ libsqlite3-dev \ +# TinyTDS 1.0.x requires openssl 1.0.x + libssl1.0-dev \ make \ patch \ ; \ From 7720ea928d876c2138cca4b475418a22af63347a Mon Sep 17 00:00:00 2001 From: J0WI Date: Sat, 9 Jun 2018 16:23:13 +0200 Subject: [PATCH 3/5] Keep wget insalled for Passenger --- 3.3/Dockerfile | 1 - 3.4/Dockerfile | 1 - Dockerfile.template | 1 - 3 files changed, 3 deletions(-) diff --git a/3.3/Dockerfile b/3.3/Dockerfile index a043523e..f40578ec 100644 --- a/3.3/Dockerfile +++ b/3.3/Dockerfile @@ -63,7 +63,6 @@ RUN set -eux; \ apt-mark auto \ dirmngr \ gnupg \ - wget \ ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/3.4/Dockerfile b/3.4/Dockerfile index 06f4259d..2241038c 100644 --- a/3.4/Dockerfile +++ b/3.4/Dockerfile @@ -63,7 +63,6 @@ RUN set -eux; \ apt-mark auto \ dirmngr \ gnupg \ - wget \ ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/Dockerfile.template b/Dockerfile.template index b00dab91..4a858879 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -63,7 +63,6 @@ RUN set -eux; \ apt-mark auto \ dirmngr \ gnupg \ - wget \ ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ From 084ed67c2fd1b5ce6c34138f23061914f698dd33 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 12 Jun 2018 02:50:52 +0200 Subject: [PATCH 4/5] Add gnupg dependency to each layer --- 3.3/Dockerfile | 28 ++++++++++++++++++++-------- 3.4/Dockerfile | 28 ++++++++++++++++++++-------- Dockerfile.template | 28 ++++++++++++++++++++-------- 3 files changed, 60 insertions(+), 24 deletions(-) diff --git a/3.3/Dockerfile b/3.3/Dockerfile index f40578ec..f847f847 100644 --- a/3.3/Dockerfile +++ b/3.3/Dockerfile @@ -5,14 +5,19 @@ RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ - dirmngr \ - gnupg \ wget \ && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 RUN set -x \ + && fetchDeps=" \ + dirmngr \ + gnupg \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $fetchDeps \ + \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ @@ -21,11 +26,20 @@ RUN set -x \ && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ - && gosu nobody true + && gosu nobody true \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ + && rm -rf /var/lib/apt/lists/* # grab tini for signal processing and zombie killing ENV TINI_VERSION v0.16.1 RUN set -x \ + && fetchDeps=" \ + dirmngr \ + gnupg \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $fetchDeps \ + \ && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ @@ -34,7 +48,9 @@ RUN set -x \ && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ - && tini -h + && tini -h \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ + && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y --no-install-recommends \ bzr \ @@ -60,10 +76,6 @@ RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_V RUN set -eux; \ \ - apt-mark auto \ - dirmngr \ - gnupg \ - ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ diff --git a/3.4/Dockerfile b/3.4/Dockerfile index 2241038c..256e96b1 100644 --- a/3.4/Dockerfile +++ b/3.4/Dockerfile @@ -5,14 +5,19 @@ RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ - dirmngr \ - gnupg \ wget \ && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 RUN set -x \ + && fetchDeps=" \ + dirmngr \ + gnupg \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $fetchDeps \ + \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ @@ -21,11 +26,20 @@ RUN set -x \ && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ - && gosu nobody true + && gosu nobody true \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ + && rm -rf /var/lib/apt/lists/* # grab tini for signal processing and zombie killing ENV TINI_VERSION v0.16.1 RUN set -x \ + && fetchDeps=" \ + dirmngr \ + gnupg \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $fetchDeps \ + \ && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ @@ -34,7 +48,9 @@ RUN set -x \ && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ - && tini -h + && tini -h \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ + && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y --no-install-recommends \ bzr \ @@ -60,10 +76,6 @@ RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_V RUN set -eux; \ \ - apt-mark auto \ - dirmngr \ - gnupg \ - ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ diff --git a/Dockerfile.template b/Dockerfile.template index 4a858879..ec149e01 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -5,14 +5,19 @@ RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ - dirmngr \ - gnupg \ wget \ && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 RUN set -x \ + && fetchDeps=" \ + dirmngr \ + gnupg \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $fetchDeps \ + \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ @@ -21,11 +26,20 @@ RUN set -x \ && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ - && gosu nobody true + && gosu nobody true \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ + && rm -rf /var/lib/apt/lists/* # grab tini for signal processing and zombie killing ENV TINI_VERSION v0.16.1 RUN set -x \ + && fetchDeps=" \ + dirmngr \ + gnupg \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $fetchDeps \ + \ && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ @@ -34,7 +48,9 @@ RUN set -x \ && gpgconf --kill all \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ - && tini -h + && tini -h \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ + && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y --no-install-recommends \ bzr \ @@ -60,10 +76,6 @@ RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_V RUN set -eux; \ \ - apt-mark auto \ - dirmngr \ - gnupg \ - ; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ From 69082edc899cdbc69a00c4dd30d01f83fb59048f Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 20 Jun 2018 14:22:41 -0700 Subject: [PATCH 5/5] Tweak a few more things --- .travis.yml | 14 ++++-- 3.3/Dockerfile | 112 ++++++++++++++++++++++++-------------------- 3.4/Dockerfile | 112 ++++++++++++++++++++++++-------------------- Dockerfile.template | 112 ++++++++++++++++++++++++-------------------- 4 files changed, 196 insertions(+), 154 deletions(-) diff --git a/.travis.yml b/.travis.yml index c3deb52c..aceb543f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,14 +10,20 @@ install: before_script: - env | sort + - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash - cd "$VERSION" - image="$(awk '$1 == "FROM" { print $2; exit }' passenger/Dockerfile)" script: - - travis_retry docker build -t "$image" . - - ~/official-images/test/run.sh "$image" - - travis_retry docker build -t "$image-passenger" passenger - - ~/official-images/test/run.sh "$image-passenger" + - | + ( + set -Eeuo pipefail + set -x + docker build -t "$image" . + ~/official-images/test/run.sh "$image" + docker build -t "$image-passenger" passenger + ~/official-images/test/run.sh "$image-passenger" + ) after_script: - docker images diff --git a/3.3/Dockerfile b/3.3/Dockerfile index f847f847..b37a6ed9 100644 --- a/3.3/Dockerfile +++ b/3.3/Dockerfile @@ -6,53 +6,7 @@ RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ wget \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -x \ - && fetchDeps=" \ - dirmngr \ - gnupg \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $fetchDeps \ - \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && gpgconf --kill all \ - && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ - && rm -rf /var/lib/apt/lists/* - -# grab tini for signal processing and zombie killing -ENV TINI_VERSION v0.16.1 -RUN set -x \ - && fetchDeps=" \ - dirmngr \ - gnupg \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $fetchDeps \ - \ - && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ - && gpgconf --kill all \ - && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini \ - && tini -h \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ - && rm -rf /var/lib/apt/lists/* - -RUN apt-get update && apt-get install -y --no-install-recommends \ + \ bzr \ git \ imagemagick \ @@ -61,6 +15,48 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ subversion \ && rm -rf /var/lib/apt/lists/* +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases + export GOSU_VERSION='1.10'; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# grab tini for signal processing and zombie killing +# https://github.com/krallin/tini/releases + export TINI_VERSION='0.18.0'; \ + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + gpgconf --kill all; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini -h; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false + ENV RAILS_ENV production WORKDIR /usr/src/redmine @@ -79,20 +75,36 @@ RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ - freetds-dev \ + dpkg-dev \ gcc \ libmagickcore-dev \ libmagickwand-dev \ libmariadbclient-dev \ libpq-dev \ libsqlite3-dev \ -# TinyTDS 1.0.x requires openssl 1.0.x - libssl1.0-dev \ make \ patch \ + \ +# tiny_tds 1.0.x requires OpenSSL 1.0 +# see https://github.com/rails-sqlserver/tiny_tds/commit/3269dd3bcfbe4201ab51aa2870a6aaddfcbdfa5d (tiny_tds 1.2.x+ is required for OpenSSL 1.1 support) + libssl1.0-dev \ ; \ rm -rf /var/lib/apt/lists/*; \ \ +# https://github.com/travis-ci/travis-ci/issues/9391 (can't let "tiny_tds" download FreeTDS for us because FTP) +# https://github.com/rails-sqlserver/tiny_tds/pull/384 (newer version uses HTTP!) +# https://github.com/rails-sqlserver/tiny_tds/pull/345 (... but then can't download it for us) +# http://www.freetds.org/files/stable/?C=M;O=D +# (if/when we update to Debian Buster and thus get FreeTDS newer than 0.95 in the distro, we can switch back to simply installing "freetds-dev" from Debian) + wget -O freetds.tar.bz2 'http://www.freetds.org/files/stable/freetds-1.00.91.tar.bz2'; \ + echo '8d71f9f29be0fe0637e443dd3807b3fd *freetds.tar.bz2' | md5sum -c -; \ + mkdir freetds; \ + tar -xf freetds.tar.bz2 -C freetds --strip-components=1; \ + rm freetds.tar.bz2; \ + ( cd freetds && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && ./configure --build="$gnuArch" --enable-silent-rules && make -j "$(nproc)" && make -C src install && make -C include install ); \ + rm -rf freetds; \ + bundle config build.tiny_tds --enable-system-freetds; \ + \ bundle install --without development test; \ for adapter in mysql2 postgresql sqlserver sqlite3; do \ echo "$RAILS_ENV:" > ./config/database.yml; \ diff --git a/3.4/Dockerfile b/3.4/Dockerfile index 256e96b1..270921be 100644 --- a/3.4/Dockerfile +++ b/3.4/Dockerfile @@ -6,53 +6,7 @@ RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ wget \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -x \ - && fetchDeps=" \ - dirmngr \ - gnupg \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $fetchDeps \ - \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && gpgconf --kill all \ - && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ - && rm -rf /var/lib/apt/lists/* - -# grab tini for signal processing and zombie killing -ENV TINI_VERSION v0.16.1 -RUN set -x \ - && fetchDeps=" \ - dirmngr \ - gnupg \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $fetchDeps \ - \ - && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ - && gpgconf --kill all \ - && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini \ - && tini -h \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ - && rm -rf /var/lib/apt/lists/* - -RUN apt-get update && apt-get install -y --no-install-recommends \ + \ bzr \ git \ imagemagick \ @@ -61,6 +15,48 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ subversion \ && rm -rf /var/lib/apt/lists/* +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases + export GOSU_VERSION='1.10'; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# grab tini for signal processing and zombie killing +# https://github.com/krallin/tini/releases + export TINI_VERSION='0.18.0'; \ + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + gpgconf --kill all; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini -h; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false + ENV RAILS_ENV production WORKDIR /usr/src/redmine @@ -79,20 +75,36 @@ RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ - freetds-dev \ + dpkg-dev \ gcc \ libmagickcore-dev \ libmagickwand-dev \ libmariadbclient-dev \ libpq-dev \ libsqlite3-dev \ -# TinyTDS 1.0.x requires openssl 1.0.x - libssl1.0-dev \ make \ patch \ + \ +# tiny_tds 1.0.x requires OpenSSL 1.0 +# see https://github.com/rails-sqlserver/tiny_tds/commit/3269dd3bcfbe4201ab51aa2870a6aaddfcbdfa5d (tiny_tds 1.2.x+ is required for OpenSSL 1.1 support) + libssl1.0-dev \ ; \ rm -rf /var/lib/apt/lists/*; \ \ +# https://github.com/travis-ci/travis-ci/issues/9391 (can't let "tiny_tds" download FreeTDS for us because FTP) +# https://github.com/rails-sqlserver/tiny_tds/pull/384 (newer version uses HTTP!) +# https://github.com/rails-sqlserver/tiny_tds/pull/345 (... but then can't download it for us) +# http://www.freetds.org/files/stable/?C=M;O=D +# (if/when we update to Debian Buster and thus get FreeTDS newer than 0.95 in the distro, we can switch back to simply installing "freetds-dev" from Debian) + wget -O freetds.tar.bz2 'http://www.freetds.org/files/stable/freetds-1.00.91.tar.bz2'; \ + echo '8d71f9f29be0fe0637e443dd3807b3fd *freetds.tar.bz2' | md5sum -c -; \ + mkdir freetds; \ + tar -xf freetds.tar.bz2 -C freetds --strip-components=1; \ + rm freetds.tar.bz2; \ + ( cd freetds && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && ./configure --build="$gnuArch" --enable-silent-rules && make -j "$(nproc)" && make -C src install && make -C include install ); \ + rm -rf freetds; \ + bundle config build.tiny_tds --enable-system-freetds; \ + \ bundle install --without development test; \ for adapter in mysql2 postgresql sqlserver sqlite3; do \ echo "$RAILS_ENV:" > ./config/database.yml; \ diff --git a/Dockerfile.template b/Dockerfile.template index ec149e01..45c29e95 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -6,53 +6,7 @@ RUN groupadd -r redmine && useradd -r -g redmine redmine RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ wget \ - && rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -x \ - && fetchDeps=" \ - dirmngr \ - gnupg \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $fetchDeps \ - \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && gpgconf --kill all \ - && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ - && rm -rf /var/lib/apt/lists/* - -# grab tini for signal processing and zombie killing -ENV TINI_VERSION v0.16.1 -RUN set -x \ - && fetchDeps=" \ - dirmngr \ - gnupg \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $fetchDeps \ - \ - && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture)" \ - && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini-$(dpkg --print-architecture).asc" \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ - && gpgconf --kill all \ - && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini \ - && tini -h \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \ - && rm -rf /var/lib/apt/lists/* - -RUN apt-get update && apt-get install -y --no-install-recommends \ + \ bzr \ git \ imagemagick \ @@ -61,6 +15,48 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ subversion \ && rm -rf /var/lib/apt/lists/* +RUN set -eux; \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + \ +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases + export GOSU_VERSION='1.10'; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ + \ +# grab tini for signal processing and zombie killing +# https://github.com/krallin/tini/releases + export TINI_VERSION='0.18.0'; \ + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$dpkgArch"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$dpkgArch.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + gpgconf --kill all; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini -h; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false + ENV RAILS_ENV production WORKDIR /usr/src/redmine @@ -79,20 +75,36 @@ RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ - freetds-dev \ + dpkg-dev \ gcc \ libmagickcore-dev \ libmagickwand-dev \ libmariadbclient-dev \ libpq-dev \ libsqlite3-dev \ -# TinyTDS 1.0.x requires openssl 1.0.x - libssl1.0-dev \ make \ patch \ + \ +# tiny_tds 1.0.x requires OpenSSL 1.0 +# see https://github.com/rails-sqlserver/tiny_tds/commit/3269dd3bcfbe4201ab51aa2870a6aaddfcbdfa5d (tiny_tds 1.2.x+ is required for OpenSSL 1.1 support) + libssl1.0-dev \ ; \ rm -rf /var/lib/apt/lists/*; \ \ +# https://github.com/travis-ci/travis-ci/issues/9391 (can't let "tiny_tds" download FreeTDS for us because FTP) +# https://github.com/rails-sqlserver/tiny_tds/pull/384 (newer version uses HTTP!) +# https://github.com/rails-sqlserver/tiny_tds/pull/345 (... but then can't download it for us) +# http://www.freetds.org/files/stable/?C=M;O=D +# (if/when we update to Debian Buster and thus get FreeTDS newer than 0.95 in the distro, we can switch back to simply installing "freetds-dev" from Debian) + wget -O freetds.tar.bz2 'http://www.freetds.org/files/stable/freetds-1.00.91.tar.bz2'; \ + echo '8d71f9f29be0fe0637e443dd3807b3fd *freetds.tar.bz2' | md5sum -c -; \ + mkdir freetds; \ + tar -xf freetds.tar.bz2 -C freetds --strip-components=1; \ + rm freetds.tar.bz2; \ + ( cd freetds && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && ./configure --build="$gnuArch" --enable-silent-rules && make -j "$(nproc)" && make -C src install && make -C include install ); \ + rm -rf freetds; \ + bundle config build.tiny_tds --enable-system-freetds; \ + \ bundle install --without development test; \ for adapter in mysql2 postgresql sqlserver sqlite3; do \ echo "$RAILS_ENV:" > ./config/database.yml; \